By tjoa - Posted on May 9th, 2008
IT-Security has become a much diversified field and it is time-consuming, complex and expensive for a company to establish all-enclosing and effective safeguards. First of all it is important to understand the actual threat situation to be able to create a threat classification as a basis for safeguard decision support. Based on the taxonomy of computer security and dependability by Landwehr and the threat classification according to Peltier, a heavy-weight ontology can be used to organize and systematically structure knowledge on threats, safeguards, and assets. Furthermore one of our scientific aims is to model the interactions between threats, safeguards and assets on a detailed and realistic level. The SecOnt project will lead to a better understanding pertaining to threat analysis and mitigation, and further offer a machine readable knowledge base which can be utilized in novel threat simulation and risk-analysis systems.We propose a technology which is capable of constantly monitoring the corporate infrastructure and based on threat-information and up-to-date safeguards, simulations are carried out. Automatic analysis of the simulation results brings up the most effective safeguards, concerning the current corporation. The security ontology provides a solid base for an applicable and holistic IT-Security approach, enabling low-cost risk management and threat analysis. The first abstract definition of classes is created independently of specific requirements or a concrete company. The ontology is then used in an organization to capture knowledge required for and created during a security risk analysis where instances of concepts are added to the ontology to allow the simulation of different attack and disaster scenarios. With the SecOnt prototype, each scenario can be replayed with a different protection profile as to evaluate the effectiveness and the cost/benefit ratio of individual safeguards. Based on the simulation results the prototype offers optimized state-of-the-art protection profiles (administrative and technical), which are calculated through developed heuristics.