Sustainable Risk Identification Using Formal Ontologies †

Avi Shaked, Oded Margalit

Research output: Contribution to journalArticlepeer-review

3 Scopus citations


The cyber threat landscape is highly dynamic, posing a significant risk to the operations of systems and organisations. An organisation should, therefore, continuously monitor for new threats and properly contextualise them to identify and manage the resulting risks. Risk identification is typically performed manually, relying on the integration of information from various systems as well as subject matter expert knowledge. This manual risk identification hinders the systematic consideration of new, emerging threats. This paper describes a novel method to promote automated cyber risk identification: OnToRisk. This artificial intelligence method integrates information from various sources using formal ontology definitions, and then relies on these definitions to robustly frame cybersecurity threats and provide risk-related insights. We describe a successful case study implementation of the method to frame the threat from a newly disclosed vulnerability and identify its induced organisational risk. The case study is representative of common and widespread real-life challenges, and, therefore, showcases the feasibility of using OnToRisk to sustainably identify new risks. Further applications may contribute to establishing OnToRisk as a comprehensive, disciplined mechanism for risk identification.

Original languageEnglish
Article number316
Issue number9
StatePublished - 1 Sep 2022


  • cybersecurity
  • formal ontology
  • risk identification
  • vulnerability

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Numerical Analysis
  • Computational Theory and Mathematics
  • Computational Mathematics


Dive into the research topics of 'Sustainable Risk Identification Using Formal Ontologies †'. Together they form a unique fingerprint.

Cite this