An Ontology-Based Security Risk Management Model for Information Systems
| dc.contributor.author | Arogundade, Oluwasefunmi T. | |
| dc.contributor.author | Abayomi-Alli, Adebayo | |
| dc.contributor.author | Misra, Sanjay | |
| dc.date.accessioned | 2024-07-05T15:38:42Z | |
| dc.date.available | 2024-07-05T15:38:42Z | |
| dc.date.issued | 2020 | |
| dc.description | Misra, Sanjay/0000-0002-3556-9331; Abayomi-Alli, Adebayo/0000-0002-3875-1606; Arogundade, Oluwasefunmi/0000-0001-9338-491X | en_US |
| dc.description.abstract | Security risk management is a knowledge-intensive procedure that requires monitoring and capturing relevant information that can assist in making the right decision by managers. In this paper, a semantically enhanced model for security management during the information system lifetime is proposed. The model supports the continuous collection of identified threat behaviours from the intrusion detection system, filtering and analysis of the threats within a time snapshot and re-appraiser of IS security countermeasures which involves the security administrator (S-Admin), managers, IS and security management system as stakeholders. The probe agent categorizes the security threats identified by the IDS using the developed ontology-driven knowledge base, while the likelihood of threats occurring in real time was obtained using long-term frequency probability. The case-based reasoning paradigm is employed for the security solution reasoning of identified threat risk. The suggested security solutions are based on CASE base built on existing threat ontology. The re-appraiser is based on the success likelihood of potential ongoing threats. The system facilitates management decision with regard to security control selection so that they can have a maximum Return on Security Investment. The proposed Collect-Probe-Analyse-Reason-Reappraise model is illustrated using an e-banking system. | en_US |
| dc.identifier.doi | 10.1007/s13369-020-04524-4 | |
| dc.identifier.issn | 2193-567X | |
| dc.identifier.issn | 2191-4281 | |
| dc.identifier.scopus | 2-s2.0-85084131553 | |
| dc.identifier.uri | https://doi.org/10.1007/s13369-020-04524-4 | |
| dc.identifier.uri | https://hdl.handle.net/20.500.14411/3140 | |
| dc.language.iso | en | en_US |
| dc.publisher | Springer Heidelberg | en_US |
| dc.relation.ispartof | Arabian Journal for Science and Engineering | |
| dc.rights | info:eu-repo/semantics/closedAccess | en_US |
| dc.subject | Security management | en_US |
| dc.subject | Threats | en_US |
| dc.subject | Risk analysis | en_US |
| dc.subject | Information system | en_US |
| dc.subject | Case-based reasoning | en_US |
| dc.title | An Ontology-Based Security Risk Management Model for Information Systems | en_US |
| dc.type | Article | en_US |
| dspace.entity.type | Publication | |
| gdc.author.id | Misra, Sanjay/0000-0002-3556-9331 | |
| gdc.author.id | Abayomi-Alli, Adebayo/0000-0002-3875-1606 | |
| gdc.author.id | Arogundade, Oluwasefunmi/0000-0001-9338-491X | |
| gdc.author.scopusid | 36805695100 | |
| gdc.author.scopusid | 57218001210 | |
| gdc.author.scopusid | 56962766700 | |
| gdc.author.wosid | Misra, Sanjay/K-2203-2014 | |
| gdc.author.wosid | Arogundade, Oluwasefunmi/H-7048-2015 | |
| gdc.author.wosid | Abayomi-Alli, Adebayo/KVY-4568-2024 | |
| gdc.bip.impulseclass | C4 | |
| gdc.bip.influenceclass | C4 | |
| gdc.bip.popularityclass | C4 | |
| gdc.coar.access | metadata only access | |
| gdc.coar.type | text::journal::journal article | |
| gdc.collaboration.industrial | false | |
| gdc.description.department | Atılım University | en_US |
| gdc.description.departmenttemp | [Arogundade, Oluwasefunmi T.; Abayomi-Alli, Adebayo] Fed Univ Agr, Dept Comp Sci, Abeokuta, Nigeria; [Misra, Sanjay] Covenant Univ, Dept Elect & Informat Engn, Ota, Nigeria; [Misra, Sanjay] Atilim Univ, Dept Comp Engn, Ankara, Turkey | en_US |
| gdc.description.endpage | 6198 | en_US |
| gdc.description.issue | 8 | en_US |
| gdc.description.publicationcategory | Makale - Uluslararası Hakemli Dergi - Kurum Öğretim Elemanı | en_US |
| gdc.description.scopusquality | Q1 | |
| gdc.description.startpage | 6183 | en_US |
| gdc.description.volume | 45 | en_US |
| gdc.description.woscitationindex | Science Citation Index Expanded | |
| gdc.description.wosquality | Q2 | |
| gdc.identifier.openalex | W3018229887 | |
| gdc.identifier.wos | WOS:000528315400003 | |
| gdc.index.type | WoS | |
| gdc.index.type | Scopus | |
| gdc.oaire.diamondjournal | false | |
| gdc.oaire.impulse | 23.0 | |
| gdc.oaire.influence | 4.489689E-9 | |
| gdc.oaire.isgreen | false | |
| gdc.oaire.popularity | 2.5773511E-8 | |
| gdc.oaire.publicfunded | false | |
| gdc.oaire.sciencefields | 0202 electrical engineering, electronic engineering, information engineering | |
| gdc.oaire.sciencefields | 02 engineering and technology | |
| gdc.openalex.collaboration | International | |
| gdc.openalex.fwci | 8.0554 | |
| gdc.openalex.normalizedpercentile | 0.98 | |
| gdc.openalex.toppercent | TOP 10% | |
| gdc.opencitations.count | 30 | |
| gdc.plumx.crossrefcites | 20 | |
| gdc.plumx.mendeley | 69 | |
| gdc.plumx.scopuscites | 33 | |
| gdc.scopus.citedcount | 33 | |
| gdc.virtual.author | Mısra, Sanjay | |
| gdc.wos.citedcount | 22 | |
| relation.isAuthorOfPublication | 53e88841-fdb7-484f-9e08-efa4e6d1a090 | |
| relation.isAuthorOfPublication.latestForDiscovery | 53e88841-fdb7-484f-9e08-efa4e6d1a090 | |
| relation.isOrgUnitOfPublication | e0809e2c-77a7-4f04-9cb0-4bccec9395fa | |
| relation.isOrgUnitOfPublication | 4abda634-67fd-417f-bee6-59c29fc99997 | |
| relation.isOrgUnitOfPublication | 50be38c5-40c4-4d5f-b8e6-463e9514c6dd | |
| relation.isOrgUnitOfPublication.latestForDiscovery | e0809e2c-77a7-4f04-9cb0-4bccec9395fa |