عنوان مقاله
دانش پایه برای تصمیم گیری قاطع در زمینه امنیت اطلاعات
فهرست مطالب
مقدمه
طراحی پایگاه دانش
پایگاه دانش رابط برنامه
کار وابسته
نتیجه گیری
بخشی از مقاله
رویکرد به توسعه هستی شناسی
هستی شناسی با استفاده از هستی شناسی وب سایت زبان (OWL) توسعه داده شده است. ماOWL را به عنوان پشتیبان و توسعه دهنده انتخاب کردیم. با ادامه هستی شناسی توصیه های طراحی و برنامه نویسی هستی شناسی و محتوای دانش در یک زبان هستی شناسی به خوبی سازمان یافته و دانش اطلاعات امنیت را رائه می دهد.
کلمات کلیدی:
COMPUTING SCIENCE A Knowledge Base for Justified Information Security Decision-Making D. Stepanova, S. E. Parkin, A. van Moorsel. TECHNICAL REPORT SERIES No. CS-TR-1137 February, 2009 TECHNICAL REPORT SERIES No. CS-TR-1137 February, 2009 A Knowledge Base for Justified Information Security Decision-Making D. Stepanova, S. E. Parkin, A. van Moorsel Abstract The majority of modern-day companies store commercially sensitive and valuable information assets in digital form. It is essential for the Chief Information Security Officer (CISO) within an organisation to ensure that such information is adequately protected. External standards exist to advise CISOs on how to secure information, but these are essentially “one-size-fits-all”. Furthermore they do not consider the humanbehavioural aspects that determine the impact of security controls upon employees, or how security controls can be best deployed to manage insecure employee behaviour. CISOs require more information than they are currently provided with to justify their information security management decisions. Here we present a knowledge base and accompanying user interface. The knowledge base represents key structural components of the ISO27002 security standard, formally relating them to one another. This empowers CISOs to understand how different security measures impact upon each other. It also considers how human-behavioural factors can be associated with these concepts. The accompanying user interface provides a means to present formalised information security concepts to CISOs. This paper describes the development of the knowledge base and user interface, highlighting and discussing key challenges and how they were resolved.
