First I am going to reference some work i found on the internet which offers some interesting insights into the various different views and approaches to developing ontologies for security and cyber security.
The first is a project form 2007 which provides a Cyber Security Ontology developed in OWL – Reference: A. Herzog, N. Shahmehri, C. Duma, ‘An Ontology of Information Security’, International Journal of Information Security and Privacy, 1(4):1-23, 2007. The paper is available here.
The second is a Seventh Framework research programme called PoSecCo – Policy and Security Configuration Management – and is contributing in some part to the Digital Agenda for Europe. One thing in particular which caught my attention is the paper called Security Ontology Definition, which describes in detail the ontologies consider within the project. There are also some interesting videos of the project.
It is interesting reading through the material produced by these projects as it shows the variety of different approaches taken to define and apply the domain of cyber security. It also highlights just how varied this domain is and how much needs to be formalised. The PoSecCo projects also describes a Security Decision Support System (SDSS) which would suggest that the models and data are being used to infer some outcome to support a decision criteria.
Whilst each of the projects above have covered different areas of security it may well be that from an ontological perspective that some consolidation of ideas and classifications are required to standardise the domain. So, and it is just my opinion, there may be two or three key ontology models required – two if cyber defence is considered a subset of cyber security. The first being the enterprise architecture ontology to provide the context for all the entities that comprise the enterprise. The second is the security ontology covering what constitutes security through policy, compliance, threat, risk and vulnerability. The third is the defence ontology which covers the technologies, methods and capabilities to protect the enterprise. Each works in conjunction to provide a range of views to understand the challenges and also to provide sufficient situational awareness to combat the increasing threat. For more information on Situational Awareness there is an excellent website called Military Ontology which whilst specific to military defence has some very thought provoking material and resources. Finally there is a paper on the subject of Situational Awareness Ontology which is well worth reading and i hope to come back to this topic in the future.