CSIHO: An Ontology for Computer Security Incident Handling
ResumoThe information technology advancements in the last decades led the society to a growing process of dependency on computer systems and Internetbased services. This complex and dynamic scenario implies more challenging cyberdefense initiatives, but, although the industry is applying countless efforts to ensure the Information Security, considerable growth in frequency and severity of incidents is still observed. The primary objective of this work is to present a new model for incident handling, described as an ontology, which is easily extensible and integrable with other models, besides allowing logical inferences and simplifying the knowledge transfer within a collaborative cyberdefense context. Among its contributions, the creation of the Computer Security Incident Handling Ontology (CSIHO), in OWL format, can be highlighted. In order to demonstrate the applicability of the ontology, SPARQL queries were created based on competency questions derived from CSIHO, which, as far as we know, is the first cyber security ontology that focuses on incident handling and defines and implements the fundamental concepts of security events while also supporting the recording of temporal aspects of an incident.
MOREIRA, Guilherme Baesso; CALEGARIO, Vanusa Menditi; DUARTE, Julio Cesar; SANTOS, Anderson Fernandes Pereira dos. CSIHO: An Ontology for Computer Security Incident Handling. In: SIMPÓSIO BRASILEIRO EM SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG) , 2018 Anais do XVIII Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais. Porto Alegre: Sociedade Brasileira de Computação, oct. 2018 . p. 1 - 14.