Towards an Ontology for Enterprise Level Information Security Policy Analysis

Debashis Mandal, Chandan Mazumdar

Abstract

Securing the information and ICT assets in an enterprise is a vital as well as a challenging task because of the increase in cyber-attacks. Information Security policies are designed for an enterprise to prevent security breaches. An enterprise needs to adhere to and abide by the policies for its disciplined functioning. Analysis of the policies is necessary to find their applicability, conflict detection, revision and compliance checking for the enterprise. To analyze the policies, it is necessary to decompose them into its constituent parts. This decomposition is facilitated by ontologies. An in-depth analysis of the policy decomposition show that the published information security ontologies are grossly inadequate for any policy analysis application. In this paper we present an approach for development of an ontology specifically for information security policy analysis. The structure of the ontology and its implementation are presented and the importance of this ontology in information security policy analysis is established.

Download


Paper Citation


in Harvard Style

Mandal D. and Mazumdar C. (2021). Towards an Ontology for Enterprise Level Information Security Policy Analysis.In Proceedings of the 7th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-491-6, pages 492-499. DOI: 10.5220/0010248004920499


in Bibtex Style

@conference{icissp21,
author={Debashis Mandal and Chandan Mazumdar},
title={Towards an Ontology for Enterprise Level Information Security Policy Analysis},
booktitle={Proceedings of the 7th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2021},
pages={492-499},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010248004920499},
isbn={978-989-758-491-6},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 7th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Towards an Ontology for Enterprise Level Information Security Policy Analysis
SN - 978-989-758-491-6
AU - Mandal D.
AU - Mazumdar C.
PY - 2021
SP - 492
EP - 499
DO - 10.5220/0010248004920499