-
Notifications
You must be signed in to change notification settings - Fork 0
Notes
Notes from A Collaborative Ontology Development Tool for Information Security Managers
From both the examination of current policy-making approaches and discussions with CISOs, the following requirements of a collaborative ontology development tool for information security knowledge management have been identified:
-
Knowledge Capture: the ontology editor tool must allow capture and organisation of formalised knowledge relating to familiar information security concepts (e.g. assets, vulnerabilities, threats, procedural controls etc). Disparate knowledge fragments may also be interrelated, and users should be able to record these relationships.
-
Collaboration and Consensus: an interface should allow collaborative capture of distributed knowledge between disparate parties. There should also be features to allow members of the user community to reach consensus (e.g. by discussing content).
-
User Guidance: users must be guided through all aspects of ontology development and exploration using “nonontological” terms and concepts. There should also be appropriate mechanisms to minimise errors.
-
Knowledge as Evidence: it may be necessary to present ontology content to other stakeholders (such as senior management) whenever policy-related knowledge is used to justify the management of risks to the organisation.
-
User Anonymity: users must be able to preserve an appropriate level of anonymity. Users should not be expected to divulge specific organisation security practices.
The Tool Interface allows CISOs to access ontology content in a manner that abstracts away details of ontology construction. Users are then free to view, add, modify or relate fragments of ITsecurity knowledge to help them:"
- View information security management knowledge and the interdependencies between knowledge fragments.
- Record (and share) knowledge of information security concerns (through use of editing controls).
- Collaboratively refine the knowledge stored within the underlying ontology, using the tool's collaboration features.