Ontology-Based Evaluation of ISO 27001 [chapter]

Danijel Milicevic, Matthias Goeken
2010 IFIP Advances in Information and Communication Technology  
Information security risks threaten the ability of organizations of reaching their operational and strategic goals. Increasing diversification of the information security landscapes makes addressing all risks a challenging task. Information security standards have positioned themselves as generic solutions to tackle a broad range of risks and try to guide security managers in their endeavors. However, it is not evident if such standards have the required holistic approach to be a solid
more » ... n. In this paper a metamodel of the ISO 27001 security standard explicating its core concepts is presented. We then compare the constructed metamodel with various information security ontologies and analyze for comprehensiveness. We conclude with a discussion of core concepts in the information security domain.
doi:10.1007/978-3-642-16283-1_13 fatcat:ojxoqkhcp5d73nzfidxsf2tkxq