Gianpietro Castiglione, Giampaolo Bella, Daniele Francesco Santamaria
{"title":"SecOnto:安全指令的本体表示法","authors":"Gianpietro Castiglione, Giampaolo Bella, Daniele Francesco Santamaria","doi":"10.1016/j.cose.2024.104150","DOIUrl":null,"url":null,"abstract":"<div><div>The current digital landscape demands robust security requirements and, for doing so, the institutions enact complex security directives to protect the citizens and the infrastructures, particularly in the European Union. These directives aim to safeguard data and harmonise security across the European region, and institutions must navigate this evolving legal landscape in order to implement and keep up-to-date the prescribed security measures.</div><div>However, understanding and implementing these directives towards full compliance can be difficult and expensive. Ontological representation can be employed to represent and operationalise such security directives, ultimately contributing to the effectiveness and efficiency of the compliance process. Ontologies in fact promote a structured approach to represent knowledge, making the applicable directives more simply understandable by humans and more readily processable by machines.</div><div>This article introduces SecOnto, a novel methodology for representing security directives as ontologies. SecOnto breaks down the process of transforming the juridical language of modern security directives into full-fledged ontologies by means of five semi-automated steps: Preprocessing, Interpretation, Structuring, Representation and Verification. Each step is described and validated by means of operational examples based upon Directive 2022/2555 of the European Parliament and of the Council of the European Union on security of network and information systems, better known as NIS 2.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8000,"publicationDate":"2024-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"SecOnto: Ontological Representation of Security Directives\",\"authors\":\"Gianpietro Castiglione, Giampaolo Bella, Daniele Francesco Santamaria\",\"doi\":\"10.1016/j.cose.2024.104150\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>The current digital landscape demands robust security requirements and, for doing so, the institutions enact complex security directives to protect the citizens and the infrastructures, particularly in the European Union. These directives aim to safeguard data and harmonise security across the European region, and institutions must navigate this evolving legal landscape in order to implement and keep up-to-date the prescribed security measures.</div><div>However, understanding and implementing these directives towards full compliance can be difficult and expensive. Ontological representation can be employed to represent and operationalise such security directives, ultimately contributing to the effectiveness and efficiency of the compliance process. Ontologies in fact promote a structured approach to represent knowledge, making the applicable directives more simply understandable by humans and more readily processable by machines.</div><div>This article introduces SecOnto, a novel methodology for representing security directives as ontologies. SecOnto breaks down the process of transforming the juridical language of modern security directives into full-fledged ontologies by means of five semi-automated steps: Preprocessing, Interpretation, Structuring, Representation and Verification. Each step is described and validated by means of operational examples based upon Directive 2022/2555 of the European Parliament and of the Council of the European Union on security of network and information systems, better known as NIS 2.</div></div>\",\"PeriodicalId\":51004,\"journal\":{\"name\":\"Computers & Security\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":4.8000,\"publicationDate\":\"2024-10-17\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computers & Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0167404824004553\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404824004553","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
SecOnto: Ontological Representation of Security Directives
The current digital landscape demands robust security requirements and, for doing so, the institutions enact complex security directives to protect the citizens and the infrastructures, particularly in the European Union. These directives aim to safeguard data and harmonise security across the European region, and institutions must navigate this evolving legal landscape in order to implement and keep up-to-date the prescribed security measures.
However, understanding and implementing these directives towards full compliance can be difficult and expensive. Ontological representation can be employed to represent and operationalise such security directives, ultimately contributing to the effectiveness and efficiency of the compliance process. Ontologies in fact promote a structured approach to represent knowledge, making the applicable directives more simply understandable by humans and more readily processable by machines.
This article introduces SecOnto, a novel methodology for representing security directives as ontologies. SecOnto breaks down the process of transforming the juridical language of modern security directives into full-fledged ontologies by means of five semi-automated steps: Preprocessing, Interpretation, Structuring, Representation and Verification. Each step is described and validated by means of operational examples based upon Directive 2022/2555 of the European Parliament and of the Council of the European Union on security of network and information systems, better known as NIS 2.
期刊介绍:
Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world.
Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.