Building of fuzzy ontology for analysis of the information security system in ITS
DOI:
https://doi.org/10.18372/2225-5036.24.12973Keywords:
ontology, fuzzy ontology, information leakage scenarios, information security culture, information threats, level of information security cultureAbstract
The article proposes a variant of the fuzzy ontology for the analysis of information security systems, which is based on the most common variants of information leaks scenarios and on the peculiarities of information security culture. Results of the implementation of the threat can affect the information both directly and indirectly. The analysis of information security systems is based on many factors (attack scenarios, etc.), which may include not only technical ways. Typically, threat information in the information system depends on the characteristics of the internal system, physical environment, personnel and information processed. Threats can have an objective component (changes in the physical environment, failure of elements of the interaction) and subjective - "human factor", which is not always associated with a deficiency or imperfection of security measures, but always associated with noncompliance with security policy requirements. Common mistakes and misunderstandings in identifying security incidents and how to respond to them is also important. Therefore, for the basic protection of the system, it is necessary to identify many factors and the structure, which will identify factors, scenarios and the relationship between the security elements for future use, will greatly simplify the understanding and construction of the information security system. It is these features that are inherent in ontological analysis, which is based on the concept of "ontology". But classical definition ontologies can not be used in areas where there is fuzzy information. One solution to this problem is to use a fuzzy ontology that contains elements of fuzzy logic in sets of concepts and relationships. This ontology can be used for information leaks scenarios, taking into account the culture of information security, and to further determine the overall formal assessment of the organization's security.References
О. Архипов, "Щодо методики iдентифiкацiї та оцінювання активiв системи iнформацiйних технологiй", Захист iнформацiї, № 1 (50), С. 42-47, 2011.
G. Dhillon, Managing information system security, London: Macmillan, 1997.
T. Gruber, "Toward principles for the design of ontologies used for knowledge sharing", Int. J. Hum.Comput. Stud., no. 43(5-6), pp. 907-928, 1995.
T. Helokunnas, R. Kuusisto, "Information security culture in a value net. In: Engineering Management Conference, IEMC‘03 on Managing Technologically Driven Organizations: The Human Side of Innovation and Change", New York: IEEE Press, pp. 190-194, 2003.
C.S. Lee, Z.W. Jian, L.K. Huang, "A fuzzy ontology and its application to news summarization", IEEE Transactions on Systems, Man and Cybernetics (Part B), vol. 35(5), pp. 859-880, 2005.
K.D. Mitnick, W.L. Simon, "The art of deception: controlling the human element of security", Wiley Publishing, pp. 3-4, 2002.
A. Potiy, D. Pilipenko, I. Rebriy, "The prerequisites of information security culture development and an approach to complex evaluation of its level", Радіоелектронні і комп’ютерні системи, vol. 5, pp. 72-77.
M. Siponen, "Five dimensions of information security awareness", Computers and Society, pp. 24-29, 2001.
T. Tafazzoli, S. Sadjadi, "Malware fuzzy ontology for semantic web", International Journal of Computer Science and Network Security, vol. 8, pp. 157-159, 2008.
Q. Tho, S. Hui, A. Fong, T. Cao, "Automatic fuzzy ontology generation for semantic web", IEEE
Transactions on Knowledge and Data Engineering, vol. 18(6), pp. 842-856, 2006.
J.F. Van Niekerk, R. Von Solms, "Information security culture: A management perspective", Computers & Security, pp.478-479, 2010.
J. Zhou, Y. Liang, "Fuzzy Ontology Model for Knowledge Management", pp. 2-3, 2006.
Data Breach Investigation Report, Verizon Enterprise Solutions, 2013.
Data Breach Investigation Report, Verizon Enterprise Solutions, 2014.
Data Breach Investigation Report, Verizon Enterprise Solutions, 2015.
Data Breach Investigation Report, Verizon Enterprise Solutions, 2016.
