Building a comprehensive and multi-dimensional information security ontology: elicitation process and OWL implementation

Ontology is an important tool that provides a full representation of domain knowledge. To build ontology from heterogeneous data sources, a comprehensive process is required to extract concepts with their relationships and then conveniently visualize them. In this paper, an ontology construction process is proposed to automatically build a Multi-Dimensional Information Security Ontology, named MDISOnt. The proposed process includes three main stages. The first is the ontology design that gives the hierarchical representation of security concepts. The second starts from ISO/IEC 27000 standard document and enriches the ontology obtained in stage 1 with semantic and synonym relationships. The third consists of the implementation of the obtained ontology by highlighting the security dimensional views and ontology modules. The obtained ontology, which we named MDISOnt helps security specialists and decision-makers remove the ambiguous understanding of the information security domain, decompose security into several perspectives using dimensional views and modules, and efficiently manage information security management in an organization. Compared to the prominent OWL InfoSec ontologies available in the literature, the comparative study demonstrates the outperformance of MDISOnt in terms of accuracy, understandability, and cohesion.