First I am going to reference some work i found on the internet which offers some interesting insights into the various different views and approaches to developing ontologies for security and cyber security.
The first is a project form 2007 which provides a Cyber Security Ontology developed in OWL – Reference: A. Herzog, N. Shahmehri, C. Duma, ‘An Ontology of Information Security’, International Journal of Information Security and Privacy, 1(4):1-23, 2007. The paper is available here.
It is interesting reading through the material produced by these projects as it shows the variety of different approaches taken to define and apply the domain of cyber security. It also highlights just how varied this domain is and how much needs to be formalised. The PoSecCo projects also describes a Security Decision Support System (SDSS) which would suggest that the models and data are being used to infer some outcome to support a decision criteria.
Whilst each of the projects above have covered different areas of security it may well be that from an ontological perspective that some consolidation of ideas and classifications are required to standardise the domain. So, and it is just my opinion, there may be two or three key ontology models required – two if cyber defence is considered a subset of cyber security. The first being the enterprise architecture ontology to provide the context for all the entities that comprise the enterprise. The second is the security ontology covering what constitutes security through policy, compliance, threat, risk and vulnerability. The third is the defence ontology which covers the technologies, methods and capabilities to protect the enterprise. Each works in conjunction to provide a range of views to understand the challenges and also to provide sufficient situational awareness to combat the increasing threat. For more information on Situational Awareness there is an excellent website called Military Ontology which whilst specific to military defence has some very thought provoking material and resources. Finally there is a paper on the subject of Situational Awareness Ontology which is well worth reading and i hope to come back to this topic in the future.
The Enterprise Architecture Repository is both a means to store all of the artefacts concerning the enterprise architecture and a federated information system linking with other sources of data and c0ntent. This federated environment produces a enterprise architecture management system to support architectural development. There is quite an interesting overview of this on the Aris Community blog.
Along side the standard features of the repository, to hold the information pertaining to the AsIs and ToBe models, is the need for the system to support research development and evidence management. The enterprise architecture is represented by a collection of facts and statements about the enterprise. They are collected in a set of artefacts and are used through the architecture development methodology to build future versions of the enterprise. It is the change from the current state of the enterprise to a new state that evidence is required and applied to support change decisions. The evidence that is used and cited within artefacts it should be stored within the architecture repository. This enables the evidence to analysed and tracked through the lifetime of the decision.
The evidence repository is a subset of the EA repository or federated knowledge base that has defined relationships that link the evidence to the artefact. This can be achieved through simple hyperlinks but a defined approach with specific artefact metadata and unique identifiers would offer a structured relationship. This should also encompass the evidence metadata to provide the attributes to support tracking such as the value, confidence and temporal attributes.
Whilst it is important to store evidence cited within artefacts within the EA repository it is also important to store research and information to act as future evidence. This form of evidence should be built with a formal process and should be collected in line with future views of the organisation. This type of evidence can include horizon scanning of new technologies, customer or user opinions and surveys, planned legislative changes or innovations.
I have made this principle 1 because i consider an enterprise architecture repository a fundamental part of enterprise architecture and building up and storing evidence is a vital part of evidence based enterprise architecture.
For an overview of this concept i am going to reference an article written by Dave McComb called The Enterprise Ontology. It offers a good description of an ontology, an Enterprise Ontology as well as some very good reasons as to why an organisation should build one. The article was written in 2006 and i will quote the first paragraph: At the time of this writing almost no enterprises in North America have a formal enterprise ontology.
Yet we believe that within a few years this will become one of the foundational pieces to most information system work within major enterprises.
We are now in 2011 and i am not aware of any publicised stories of any companies in the USA or Europe or the rest of the world for that matter that are able to say they have an enterprise ontology and that it is underpinning the information systems that exist within organisation.
Whilst it is expected that it will take an organisation some time to design, model and build an enterprise ontology the benefits will, if it is managed effectively, bring considerable change to people and value to the information created.
An enterprise ontology provides the enterprise indexing system to define meaning, classification and categorisation for past, current and future information. By providing this it aids evidence and evidence based enterprise architecture by creating a means to “frame” information by specific terms and definitions and thus aid like to like relationships.
If we consider evidence as either proofs or observations derived from a formal or scientific approach as well as opinions and expert statements created from renowned experience and capability; thus that evidence has to be