Search GSSD

Reference Ontology for Cybersecurity Operational Information.

Abstract: 
As our cyber society develops and expands, the importance of cybersecurity operations is growing in response to cybersecurity threats coming from beyond national borders. Efficient cybersecurity operations require information exchanges that go beyond organizational borders. Various industry specifications defining information schemata for such exchanges are thus emerging. These specifications, however, define their own schemata since their objectives and the types of information they deal with differ, and desirable schemata differ depending on the purposes. They need to be organized and orchestrated so that individual organizations can fully exchange information and collaborate with one another. To establish the foundations of such orchestration and facilitate information exchanges, this paper proposes a reference ontology for cybersecurity operational information. The ontology structures cybersecurity information and orchestrates industry specifications. We built it from the standpoint of cybersecurity operations in close collaboration with cybersecurity organizations including security operation centers handling actual cybersecurity operations in the USA, Japan and South Korea. This paper demonstrates its usability by discussing the coverage of industry specifications. It then defines an extensible information structure that collaborates with such specifications by using the ontology and describes a prototype cybersecurity knowledge base we constructed that facilitates cybersecurity information exchanges among various parties. Finally, it discusses the usage scenarios of the ontology and knowledge base in cybersecurity operations. Through this work, we wish to contribute to the advancement of cybersecurity information exchanges.
Author: 
Takeshi Takahashi, Youki Kadobayashi
Year: 
2015
Dimensions-Problem/Solution: 
Industry Focus: 
Internet & Cyberspace
Datatype(s): 
Models
Theory/Definition