指导网络安全遵从性：NIS 2指令的本体

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2025-08-08 DOI:10.1016/j.cose.2025.104617

Gianpietro Castiglione , Daniele Francesco Santamaria , Giampaolo Bella , Laura Brisindi , Gaetano Puccia

{"title":"指导网络安全遵从性：NIS 2指令的本体","authors":"Gianpietro Castiglione , Daniele Francesco Santamaria , Giampaolo Bella , Laura Brisindi , Gaetano Puccia","doi":"10.1016/j.cose.2025.104617","DOIUrl":null,"url":null,"abstract":"<div><div>Security compliance constitutes a significant source of concern for many corporate decision-makers due to its complexity and cost. These may be due, first and foremost, to the style of juridical language, which is often challenging to translate into concrete operational procedures. To facilitate such a translation and ultimately optimise the compliance effort, this article presents “NIS2Onto”, an <em>Web Ontology Language</em> (OWL) ontology designed to translate the <em>Network and Information Security Directive</em> version 2 (NIS 2) into an ontological format aimed to favour unambiguous understanding and security operations of cybersecurity professionals, legal experts, and all organisational stakeholders. Through the semantic representation of the NIS 2 entities, relationships, and security measures, NIS2Onto enables automated compliance verification, streamlined risk assessments, and effective policy implementation. Our evaluation employs both metrical and qualitative analysis through a real case study to witness the robustness and practical applicability of NIS2Onto. The ontology not only supports the accurate interpretation of complex legal texts but also aids in systematically enforcing cybersecurity measures. Furthermore, the extensibility of NIS2Onto allows for integration with other regulatory frameworks, thereby fostering a comprehensive and unified approach to cybersecurity governance.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104617"},"PeriodicalIF":5.4000,"publicationDate":"2025-08-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Guiding cybersecurity compliance: An ontology for the NIS 2 directive\",\"authors\":\"Gianpietro Castiglione , Daniele Francesco Santamaria , Giampaolo Bella , Laura Brisindi , Gaetano Puccia\",\"doi\":\"10.1016/j.cose.2025.104617\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Security compliance constitutes a significant source of concern for many corporate decision-makers due to its complexity and cost. These may be due, first and foremost, to the style of juridical language, which is often challenging to translate into concrete operational procedures. To facilitate such a translation and ultimately optimise the compliance effort, this article presents “NIS2Onto”, an <em>Web Ontology Language</em> (OWL) ontology designed to translate the <em>Network and Information Security Directive</em> version 2 (NIS 2) into an ontological format aimed to favour unambiguous understanding and security operations of cybersecurity professionals, legal experts, and all organisational stakeholders. Through the semantic representation of the NIS 2 entities, relationships, and security measures, NIS2Onto enables automated compliance verification, streamlined risk assessments, and effective policy implementation. Our evaluation employs both metrical and qualitative analysis through a real case study to witness the robustness and practical applicability of NIS2Onto. The ontology not only supports the accurate interpretation of complex legal texts but also aids in systematically enforcing cybersecurity measures. Furthermore, the extensibility of NIS2Onto allows for integration with other regulatory frameworks, thereby fostering a comprehensive and unified approach to cybersecurity governance.</div></div>\",\"PeriodicalId\":51004,\"journal\":{\"name\":\"Computers & Security\",\"volume\":\"157 \",\"pages\":\"Article 104617\"},\"PeriodicalIF\":5.4000,\"publicationDate\":\"2025-08-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computers & Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0167404825003062\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404825003062","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

由于安全性遵从性的复杂性和成本，它构成了许多企业决策者关注的一个重要来源。这首先可能是由于法律语言的风格，将其转化为具体的业务程序往往具有挑战性。为了促进这种翻译并最终优化合规性工作，本文提出了“NIS2Onto”，这是一种Web本体语言（OWL）本体，旨在将网络和信息安全指令版本2 （NIS 2）翻译成本体格式，旨在促进网络安全专业人员、法律专家和所有组织利益相关者的明确理解和安全操作。通过对NIS2实体、关系和安全措施的语义表示，NIS2Onto支持自动遵从性验证、简化的风险评估和有效的策略实现。我们的评估采用了测量和定性分析，通过一个真实的案例研究来见证NIS2Onto的稳健性和实用性。本体论不仅支持对复杂法律文本的准确解释，而且有助于系统地执行网络安全措施。此外，NIS2Onto的可扩展性允许与其他监管框架集成，从而促进网络安全治理的全面和统一方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Guiding cybersecurity compliance: An ontology for the NIS 2 directive

Security compliance constitutes a significant source of concern for many corporate decision-makers due to its complexity and cost. These may be due, first and foremost, to the style of juridical language, which is often challenging to translate into concrete operational procedures. To facilitate such a translation and ultimately optimise the compliance effort, this article presents “NIS2Onto”, an Web Ontology Language (OWL) ontology designed to translate the Network and Information Security Directive version 2 (NIS 2) into an ontological format aimed to favour unambiguous understanding and security operations of cybersecurity professionals, legal experts, and all organisational stakeholders. Through the semantic representation of the NIS 2 entities, relationships, and security measures, NIS2Onto enables automated compliance verification, streamlined risk assessments, and effective policy implementation. Our evaluation employs both metrical and qualitative analysis through a real case study to witness the robustness and practical applicability of NIS2Onto. The ontology not only supports the accurate interpretation of complex legal texts but also aids in systematically enforcing cybersecurity measures. Furthermore, the extensibility of NIS2Onto allows for integration with other regulatory frameworks, thereby fostering a comprehensive and unified approach to cybersecurity governance.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.