An Ontology-Based Security Risk Management Model for Information Systems

Abstract

Security risk management is a knowledge-intensive procedure that requires monitoring and capturing relevant information that can assist in making the right decision by managers. In this paper, a semantically enhanced model for security management during the information system lifetime is proposed. The model supports the continuous collection of identified threat behaviours from the intrusion detection system, filtering and analysis of the threats within a time snapshot and re-appraiser of IS security countermeasures which involves the security administrator (S-Admin), managers, IS and security management system as stakeholders. The probe agent categorizes the security threats identified by the IDS using the developed ontology-driven knowledge base, while the likelihood of threats occurring in real time was obtained using long-term frequency probability. The case-based reasoning paradigm is employed for the security solution reasoning of identified threat risk. The suggested security solutions are based on CASE base built on existing threat ontology. The re-appraiser is based on the success likelihood of potential ongoing threats. The system facilitates management decision with regard to security control selection so that they can have a maximum Return on Security Investment. The proposed Collect-Probe-Analyse-Reason-Reappraise model is illustrated using an e-banking system.