Assurance is a de-facto requirement in modern information systems (IS). The diversity and complexity of emerging IS underlines the lack of a common way of security knowledge representation. In the paper we set the foundations for establishing a knowledge-based, ontology-centric framework with respect to the security management of an IS; we present a knowledge-rich structure, which can model the security requirements of an enterprise IT environment from a variety of information sources, exploiting process-based risk management frameworks which are applied in modern organizations. We define our overall security management framework and implement critical components such as countermeasure refinement. Our approach is represented in a neutral manner and can be used for security knowledge reusability and exchange.
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
Tel.: +1 703 830 6300
Fax: +1 703 830 2300 email@example.com
(Corporate matters and books only) IOS Press c/o Accucoms US, Inc.
For North America Sales and Customer Service
West Point Commons
Lansdale PA 19446
Tel.: +1 866 855 8967
Fax: +1 215 660 5042 firstname.lastname@example.org