Stefan Fenz, G. Goluch, Andreas Ekelhart, Bernhard Riedl, E. Weippl
{"title":"ISO/IEC 27001标准的本体映射信息安全防御","authors":"Stefan Fenz, G. Goluch, Andreas Ekelhart, Bernhard Riedl, E. Weippl","doi":"10.1109/PRDC.2007.29","DOIUrl":null,"url":null,"abstract":"This paper introduces an ontology-based framework to improve the preparation of ISO/IEC 27001 audits, and to strengthen the security state of the company respectively. Building on extensive previous work on security ontologies, we elaborate on how ISO/IEC 27001 artifacts can be integrated into this ontology. A basic introduction to security ontologies is given first. Specific examples show how certain ISO/IEC 27001 requirements are to be integrated into the ontology; moreover, our rule-based engine is used to query the knowledge base to check whether specific security requirements are fulfilled. The aim of this paper is to explain how security ontologies can be used for a tool to support the ISO/IEC 27001 certification, providing pivotal information for the preparation of audits and the creation and maintenance of security guidelines and policies.","PeriodicalId":183540,"journal":{"name":"13th Pacific Rim International Symposium on Dependable Computing (PRDC 2007)","volume":"33 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-12-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"73","resultStr":"{\"title\":\"Information Security Fortification by Ontological Mapping of the ISO/IEC 27001 Standard\",\"authors\":\"Stefan Fenz, G. Goluch, Andreas Ekelhart, Bernhard Riedl, E. Weippl\",\"doi\":\"10.1109/PRDC.2007.29\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This paper introduces an ontology-based framework to improve the preparation of ISO/IEC 27001 audits, and to strengthen the security state of the company respectively. Building on extensive previous work on security ontologies, we elaborate on how ISO/IEC 27001 artifacts can be integrated into this ontology. A basic introduction to security ontologies is given first. Specific examples show how certain ISO/IEC 27001 requirements are to be integrated into the ontology; moreover, our rule-based engine is used to query the knowledge base to check whether specific security requirements are fulfilled. The aim of this paper is to explain how security ontologies can be used for a tool to support the ISO/IEC 27001 certification, providing pivotal information for the preparation of audits and the creation and maintenance of security guidelines and policies.\",\"PeriodicalId\":183540,\"journal\":{\"name\":\"13th Pacific Rim International Symposium on Dependable Computing (PRDC 2007)\",\"volume\":\"33 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2007-12-17\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"73\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"13th Pacific Rim International Symposium on Dependable Computing (PRDC 2007)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/PRDC.2007.29\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"13th Pacific Rim International Symposium on Dependable Computing (PRDC 2007)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PRDC.2007.29","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Information Security Fortification by Ontological Mapping of the ISO/IEC 27001 Standard
This paper introduces an ontology-based framework to improve the preparation of ISO/IEC 27001 audits, and to strengthen the security state of the company respectively. Building on extensive previous work on security ontologies, we elaborate on how ISO/IEC 27001 artifacts can be integrated into this ontology. A basic introduction to security ontologies is given first. Specific examples show how certain ISO/IEC 27001 requirements are to be integrated into the ontology; moreover, our rule-based engine is used to query the knowledge base to check whether specific security requirements are fulfilled. The aim of this paper is to explain how security ontologies can be used for a tool to support the ISO/IEC 27001 certification, providing pivotal information for the preparation of audits and the creation and maintenance of security guidelines and policies.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
