@inproceedings{e41f867a9da24251a0b6a1c4e6b4fc83,
title = "OnToRisk - a formal ontology approach to automate cyber security risk identification",
abstract = "The everchanging cyber risks landscape poses a significant threat to organisations and requires them to continuously manage their risks. Risk identification is the driving force of risk management, and it is typically performed manually, integrating expert knowledge and information from various systems. This hinders the ability to systematically identify new risks as they emerge. This paper introduces a new approach - OnToRisk - to automate aspects of the cyber security risk identification. The approach uses a formal ontology to integrate information from multiple constituent systems and organisational definitions, and then reason about the current organisational situation with respect to formally defined cyber risks. We describe an implementation of the approach to identify cyber vulnerability induced risks, as they become an emergent property of the organisation.",
keywords = "cyber security, formal ontology, risk identification",
author = "Avi Shaked and Oded Margalit",
note = "Publisher Copyright: {\textcopyright} 2022 IEEE.; 17th Annual System of Systems Engineering Conference, SOSE 2022 ; Conference date: 07-06-2022 Through 11-06-2022",
year = "2022",
month = jan,
day = "1",
doi = "10.1109/SOSE55472.2022.9812653",
language = "English",
series = "2022 17th Annual System of Systems Engineering Conference, SOSE 2022",
publisher = "Institute of Electrical and Electronics Engineers",
pages = "74--79",
booktitle = "2022 17th Annual System of Systems Engineering Conference, SOSE 2022",
address = "United States",
}