OnToRisk - a formal ontology approach to automate cyber security risk identification

Avi Shaked, Oded Margalit

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

3 Scopus citations

Abstract

The everchanging cyber risks landscape poses a significant threat to organisations and requires them to continuously manage their risks. Risk identification is the driving force of risk management, and it is typically performed manually, integrating expert knowledge and information from various systems. This hinders the ability to systematically identify new risks as they emerge. This paper introduces a new approach - OnToRisk - to automate aspects of the cyber security risk identification. The approach uses a formal ontology to integrate information from multiple constituent systems and organisational definitions, and then reason about the current organisational situation with respect to formally defined cyber risks. We describe an implementation of the approach to identify cyber vulnerability induced risks, as they become an emergent property of the organisation.

Original languageEnglish
Title of host publication2022 17th Annual System of Systems Engineering Conference, SOSE 2022
PublisherInstitute of Electrical and Electronics Engineers
Pages74-79
Number of pages6
ISBN (Electronic)9781665496230
DOIs
StatePublished - 1 Jan 2022
Event17th Annual System of Systems Engineering Conference, SOSE 2022 - Rochester, United States
Duration: 7 Jun 202211 Jun 2022

Publication series

Name2022 17th Annual System of Systems Engineering Conference, SOSE 2022

Conference

Conference17th Annual System of Systems Engineering Conference, SOSE 2022
Country/TerritoryUnited States
CityRochester
Period7/06/2211/06/22

Keywords

  • cyber security
  • formal ontology
  • risk identification

ASJC Scopus subject areas

  • Artificial Intelligence
  • Computer Networks and Communications
  • Computer Science Applications
  • Hardware and Architecture
  • Control and Systems Engineering
  • Modeling and Simulation

Fingerprint

Dive into the research topics of 'OnToRisk - a formal ontology approach to automate cyber security risk identification'. Together they form a unique fingerprint.

Cite this