Reference Ontology for Cybersecurity Operational Information

October 2015
Computer Journal;Oct2015, Vol. 58 Issue 10, p2297
Academic Journal
As our cyber society develops and expands, the importance of cybersecurity operations is growing in response to cybersecurity threats coming from beyond national borders. Efficient cybersecurity operations require information exchanges that go beyond organizational borders. Various industry specifications defining information schemata for such exchanges are thus emerging. These specifications, however, define their own schemata since their objectives and the types of information they deal with differ, and desirable schemata differ depending on the purposes. They need to be organized and orchestrated so that individual organizations can fully exchange information and collaborate with one another. To establish the foundations of such orchestration and facilitate information exchanges, this paper proposes a reference ontology for cybersecurity operational information. The ontology structures cybersecurity information and orchestrates industry specifications. We built it from the standpoint of cybersecurity operations in close collaboration with cybersecurity organizations including security operation centers handling actual cybersecurity operations in the USA, Japan and South Korea. This paper demonstrates its usability by discussing the coverage of industry specifications. It then defines an extensible information structure that collaborates with such specifications by using the ontology and describes a prototype cybersecurity knowledge base we constructed that facilitates cybersecurity information exchanges among various parties. Finally, it discusses the usage scenarios of the ontology and knowledge base in cybersecurity operations. Through this work, we wish to contribute to the advancement of cybersecurity information exchanges.


Related Articles

  • Data Mining Techniques for Predicting the Cyber Security Threats. SAID, HANAA. M.; HAMDY, MOHAMED; El GOHARY, RANIA; SALEM, ABDEL-BADEEH M. // International Conference on Intelligent Computing & Information ;2013, p245 

    Data Mining is the process of automatically searching large volumes of data for patterns using association rules, for evaluating security threats related to the detection of cyberattacks, moreover cybercrime, and information security. In this paper, we have focused a variety of techniques,...

  • Analysis and Estimation of Expected Cyber-Attack Scenarios and Consequences. Mugavero, Roberto; Sabato, Valentina // Journal of Information Privacy & Security;2014, Vol. 10 Issue 3, p138 

    The cyberspace is becoming one of the main elements of vulnerability in national security and has led to a critical situation because the system is always more focused on information sharing and on quick communication all over the world than security. The cyberspace is, in fact, the "easier...

  • Epidemic of Healthcare Cyberattacks Requires Action, Says WEDI. Slabodkin, Greg // Healthdatamanagement.com;6/25/2015, p1 

    The Workgroup for Electronic Data Interchange has released a "primer" addressing some of the challenges that healthcare organizations face in defending themselves against the epidemic of cyberattacks and how to counter them.


    The article reports that Ernst & Young (EY) opened its Managed Security Operations Center (SOC) to offer cybersecurity services to clients through advanced analytics. Topics cited include the aim of the company to spend over 20 million dollars to maintain the center and boost the income of its...

  • Outlook Optimistic Despite Tough Year In Cybersecurity. Knapp, Eric D. // Pipeline & Gas Journal;Aug2015, Vol. 242 Issue 8, p64 

    The article reports on advancements in awareness related to cybersecurity and optimism for countering the industrial cyberattacks by cybersecurity professionals. Topics discussed include development of industrial cybersecurity products by security firms such as Cisco Systems and Intel Security,...

  • Information Security Law and Strategy in Hungary. Tánias, SZÁDECZKY // AARMS: Academic & Applied Research in Military & Public Manageme;2015, Vol. 14 Issue 4, p281 

    Information security has an emerging importance, even in people's daily life, even in country-level policymaking, but these two are inseparable. National information security strategy, applied legal regulation and the actual awareness of citizens are interconnected. The article shows the legal...

  • Predicting the behavior of attackers and the consequences of attacks against cyber-physical systems. Orojloo, Hamed; Abdollahi Azgomi, Mohammad // Security & Communication Networks;Dec2016, Vol. 9 Issue 18, p6111 

    One of the main challenges of the security of cyber-physical systems (CPSs) is the lack of an efficient approach to evaluate the impacts of attacks on physical processes and their probabilities of occurrence. This paper proposes a method for evaluating the security of CPSs. By using the proposed...

  • Hierarchical attribute-based encryption with continuous auxiliary inputs leakage. Guo, Yuyan; Li, Jiguo; Zhang, Yichen; Shen, Jian // Security & Communication Networks;Dec2016, Vol. 9 Issue 18, p4852 

    The continuous auxiliary inputs leakage is more strong side-channel attacks. In this article, we first propose a continuous auxiliary inputs leakage model for the hierarchical attribute-based encryption scheme. Under the security model, an adversary has ability to gain partial updated master...

  • A Study of Cyber Security Awareness in Educational Environment in the Middle East. Al-Janabi, Samaher; Al-Shourbaji, Ibrahim // Journal of Information & Knowledge Management;Mar2016, Vol. 15 Issue 1, p-1 

    Information security awareness can play an important role in facing cyber-attacks by intruders. The main goal of this paper is to analyse the information security awareness among academic staff, researchers, undergraduate students and employee within educational environments in the Middle East...


Read the Article


Sorry, but this item is not currently available from your library.

Try another library?
Sign out of this library

Other Topics