An Ontology-Based Security Risk Management Model for Information Systems

Simple item page
dc.authoridMisra, Sanjay/0000-0002-3556-9331
dc.authoridAbayomi-Alli, Adebayo/0000-0002-3875-1606
dc.authoridArogundade, Oluwasefunmi/0000-0001-9338-491X
dc.authorscopusid36805695100
dc.authorscopusid57218001210
dc.authorscopusid56962766700
dc.authorwosidMisra, Sanjay/K-2203-2014
dc.contributor.authorMısra, Sanjay
dc.contributor.authorAbayomi-Alli, Adebayo
dc.contributor.authorMisra, Sanjay
dc.contributor.otherComputer Engineering
dc.date.accessioned2024-07-05T15:38:42Z
dc.date.available2024-07-05T15:38:42Z
dc.date.issued2020
dc.departmentAtılım Universityen_US
dc.department-temp[Arogundade, Oluwasefunmi T.; Abayomi-Alli, Adebayo] Fed Univ Agr, Dept Comp Sci, Abeokuta, Nigeria; [Misra, Sanjay] Covenant Univ, Dept Elect & Informat Engn, Ota, Nigeria; [Misra, Sanjay] Atilim Univ, Dept Comp Engn, Ankara, Turkeyen_US
dc.descriptionMisra, Sanjay/0000-0002-3556-9331; Abayomi-Alli, Adebayo/0000-0002-3875-1606; Arogundade, Oluwasefunmi/0000-0001-9338-491Xen_US
dc.description.abstractSecurity risk management is a knowledge-intensive procedure that requires monitoring and capturing relevant information that can assist in making the right decision by managers. In this paper, a semantically enhanced model for security management during the information system lifetime is proposed. The model supports the continuous collection of identified threat behaviours from the intrusion detection system, filtering and analysis of the threats within a time snapshot and re-appraiser of IS security countermeasures which involves the security administrator (S-Admin), managers, IS and security management system as stakeholders. The probe agent categorizes the security threats identified by the IDS using the developed ontology-driven knowledge base, while the likelihood of threats occurring in real time was obtained using long-term frequency probability. The case-based reasoning paradigm is employed for the security solution reasoning of identified threat risk. The suggested security solutions are based on CASE base built on existing threat ontology. The re-appraiser is based on the success likelihood of potential ongoing threats. The system facilitates management decision with regard to security control selection so that they can have a maximum Return on Security Investment. The proposed Collect-Probe-Analyse-Reason-Reappraise model is illustrated using an e-banking system.en_US
dc.identifier.citation14
dc.identifier.doi10.1007/s13369-020-04524-4
dc.identifier.endpage6198en_US
dc.identifier.issn2193-567X
dc.identifier.issn2191-4281
dc.identifier.issue8en_US
dc.identifier.scopus2-s2.0-85084131553
dc.identifier.scopusqualityQ1
dc.identifier.startpage6183en_US
dc.identifier.urihttps://doi.org/10.1007/s13369-020-04524-4
dc.identifier.urihttps://hdl.handle.net/20.500.14411/3140
dc.identifier.volume45en_US
dc.identifier.wosWOS:000528315400003
dc.identifier.wosqualityQ2
dc.language.isoenen_US
dc.publisherSpringer Heidelbergen_US
dc.relation.publicationcategoryMakale - Uluslararası Hakemli Dergi - Kurum Öğretim Elemanıen_US
dc.rightsinfo:eu-repo/semantics/closedAccessen_US
dc.subjectSecurity managementen_US
dc.subjectThreatsen_US
dc.subjectRisk analysisen_US
dc.subjectInformation systemen_US
dc.subjectCase-based reasoningen_US
dc.titleAn Ontology-Based Security Risk Management Model for Information Systemsen_US
dc.typeArticleen_US
dspace.entity.typePublication
relation.isAuthorOfPublication53e88841-fdb7-484f-9e08-efa4e6d1a090
relation.isAuthorOfPublication.latestForDiscovery53e88841-fdb7-484f-9e08-efa4e6d1a090
relation.isOrgUnitOfPublicatione0809e2c-77a7-4f04-9cb0-4bccec9395fa
relation.isOrgUnitOfPublication.latestForDiscoverye0809e2c-77a7-4f04-9cb0-4bccec9395fa

Files

Collections

WOS
Scopus