Ontology-based security standards mapping pptimization by the means of Graph theory

Abstract

There are many security standards which a company can use. Sometimes usage of security standards can be required by regulating institutions. While security standards can differ in purpose and covered area, more than one standard can be used at the same time which leads to overlap and potential conflicts in requirements of different standards. In such cases, deep analysis of used standards has to be done to ensure optimal usage of company’s resources implementing these security requirements. In this paper we analyze existing solutions for standard harmonization and security ontologies to design an adaptive mapping of security standards by using ontology to map standards and graph theory to visualize mapped standards. We present the architecture of prototype and use it to map ISO27001 standard and Grundschutz best practice. The experiment shows the proposed model can reduce the need of standard mapping documents. Proposed solution can be useful for detailing certain controls of security standards in wider domain; nevertheless, it depends on the description of security standards in the base ontology. The study was carried out within the framework of the National Project No.VP1-3.1-MM-08-K-01-012: "Virtualisation, visualization and e-services security technologies and research", supported by the EU Social Fund.