An Ontology-Based Security Risk Management Model for Information Systems

Simple item page
dc.authorid Misra, Sanjay/0000-0002-3556-9331
dc.authorid Abayomi-Alli, Adebayo/0000-0002-3875-1606
dc.authorid Arogundade, Oluwasefunmi/0000-0001-9338-491X
dc.authorscopusid 36805695100
dc.authorscopusid 57218001210
dc.authorscopusid 56962766700
dc.authorwosid Misra, Sanjay/K-2203-2014
dc.contributor.author Arogundade, Oluwasefunmi T.
dc.contributor.author Abayomi-Alli, Adebayo
dc.contributor.author Misra, Sanjay
dc.contributor.other Computer Engineering
dc.date.accessioned 2024-07-05T15:38:42Z
dc.date.available 2024-07-05T15:38:42Z
dc.date.issued 2020
dc.department Atılım University en_US
dc.department-temp [Arogundade, Oluwasefunmi T.; Abayomi-Alli, Adebayo] Fed Univ Agr, Dept Comp Sci, Abeokuta, Nigeria; [Misra, Sanjay] Covenant Univ, Dept Elect & Informat Engn, Ota, Nigeria; [Misra, Sanjay] Atilim Univ, Dept Comp Engn, Ankara, Turkey en_US
dc.description Misra, Sanjay/0000-0002-3556-9331; Abayomi-Alli, Adebayo/0000-0002-3875-1606; Arogundade, Oluwasefunmi/0000-0001-9338-491X en_US
dc.description.abstract Security risk management is a knowledge-intensive procedure that requires monitoring and capturing relevant information that can assist in making the right decision by managers. In this paper, a semantically enhanced model for security management during the information system lifetime is proposed. The model supports the continuous collection of identified threat behaviours from the intrusion detection system, filtering and analysis of the threats within a time snapshot and re-appraiser of IS security countermeasures which involves the security administrator (S-Admin), managers, IS and security management system as stakeholders. The probe agent categorizes the security threats identified by the IDS using the developed ontology-driven knowledge base, while the likelihood of threats occurring in real time was obtained using long-term frequency probability. The case-based reasoning paradigm is employed for the security solution reasoning of identified threat risk. The suggested security solutions are based on CASE base built on existing threat ontology. The re-appraiser is based on the success likelihood of potential ongoing threats. The system facilitates management decision with regard to security control selection so that they can have a maximum Return on Security Investment. The proposed Collect-Probe-Analyse-Reason-Reappraise model is illustrated using an e-banking system. en_US
dc.identifier.citationcount 14
dc.identifier.doi 10.1007/s13369-020-04524-4
dc.identifier.endpage 6198 en_US
dc.identifier.issn 2193-567X
dc.identifier.issn 2191-4281
dc.identifier.issue 8 en_US
dc.identifier.scopus 2-s2.0-85084131553
dc.identifier.scopusquality Q1
dc.identifier.startpage 6183 en_US
dc.identifier.uri https://doi.org/10.1007/s13369-020-04524-4
dc.identifier.uri https://hdl.handle.net/20.500.14411/3140
dc.identifier.volume 45 en_US
dc.identifier.wos WOS:000528315400003
dc.identifier.wosquality Q2
dc.institutionauthor Mısra, Sanjay
dc.language.iso en en_US
dc.publisher Springer Heidelberg en_US
dc.relation.publicationcategory Makale - Uluslararası Hakemli Dergi - Kurum Öğretim Elemanı en_US
dc.rights info:eu-repo/semantics/closedAccess en_US
dc.scopus.citedbyCount 32
dc.subject Security management en_US
dc.subject Threats en_US
dc.subject Risk analysis en_US
dc.subject Information system en_US
dc.subject Case-based reasoning en_US
dc.title An Ontology-Based Security Risk Management Model for Information Systems en_US
dc.type Article en_US
dc.wos.citedbyCount 20
dspace.entity.type Publication
relation.isAuthorOfPublication 53e88841-fdb7-484f-9e08-efa4e6d1a090
relation.isAuthorOfPublication.latestForDiscovery 53e88841-fdb7-484f-9e08-efa4e6d1a090
relation.isOrgUnitOfPublication e0809e2c-77a7-4f04-9cb0-4bccec9395fa
relation.isOrgUnitOfPublication.latestForDiscovery e0809e2c-77a7-4f04-9cb0-4bccec9395fa

Files

Collections

WoS
Scopus