InfoSecSoS - Ontology for Information Security Management in Systems-of-Systems
收藏Zenodo2023-02-23 更新2026-05-25 收录
下载链接:
https://zenodo.org/record/6621881
下载链接
链接失效反馈官方服务:
资源简介:
The intense transformations that have taken place in society in this decade have made information systems (IS) more complex. Such complexity relates to a category of systems defined as systems-of-systems (SoS). Although SoS offers benefits to organizations, the difficulty of Information Technology (IT) managers in dealing with information security in these systems can leave them vulnerable to threats and impacts caused by cyber attacks. Researchers consider that ontologies can be used as a solution to this problem because they define knowledge structures and promote a shared understanding of a domain, task or application. The objective of this research is to develop a domain ontology to support IT managers in decision making on information security issues in the context of SoS. For this, a systematic mapping study (SMS) was conducted to identify which information security technologies have been applied in the context of SoS. A survey research was carried out to analyze how these aspects have been perceived by specialists who work professionally in the industry or have research projects applied in real scenarios within the scope of these systems. Methodology 101 was also applied for the development of an information security domain ontology in SoS. Finally, the ontology evaluation was performed through a focus group with specialists, the ontology refinement and the feasibility study. The ontology aims to ensure the management of security knowledge in SoS and its shared understanding so that stakeholders, IT managers and their teams can avoid risks, vulnerabilities and threats in SoS. Its contribution is the standardization of concepts, terms and definitions, as well as the ease of sharing information to make more explicit assumptions and assist in the analysis of knowledge and domain relationships.
近十年来社会发生的深刻变革,使得信息系统(Information Systems, IS)愈发复杂。此类复杂性关联到一类被定义为系统之系统(systems-of-systems, SoS)的系统范畴。尽管系统之系统可为组织带来诸多益处,但信息技术(Information Technology, IT)管理者在应对这类系统中的信息安全问题时所面临的困境,可能会令其易遭受网络攻击(cyber attacks)带来的威胁与冲击。研究者认为,本体论(ontologies)可作为解决该问题的方案,因其能够定义知识结构并推动对某一领域、任务或应用的共识性理解。本研究的目标是开发一款领域本体,以辅助IT管理者在系统之系统场景下针对信息安全问题开展决策制定。为此,本研究开展了系统映射研究(systematic mapping study, SMS),以识别当前在系统之系统场景中已得到应用的信息安全技术;同时通过调研分析了两类专家对上述方面的认知情况:一类是在行业内全职从业的专家,另一类是在这类系统范围内开展过实际场景应用研究项目的专家。此外,本研究还应用了Methodology 101方法,用于开发系统之系统场景下的信息安全领域本体。最终,本研究通过专家焦点小组(focus group)访谈、本体优化与可行性研究完成了本体评估工作。该本体旨在实现系统之系统场景下安全知识的管理与共识性理解,助力相关利益方、IT管理者及其团队规避系统之系统中的风险、脆弱性与威胁。其价值在于实现了概念、术语与定义的标准化,同时简化了信息共享流程,以便更清晰地明确假设前提,并辅助开展知识与领域关联关系的分析工作。
提供机构:
Zenodo创建时间:
2022-06-07



