Tailorable representation of security control catalog on semantic wiki

Abstract

Selection of security controls to be implemented is an essential part of the information security management process in an organization. There exist a number of readily available information security management system standards, including control catalogs, that could be tailored by the organizations to meet their security objectives. Still, it has been noted that many organizations tend to lack even the implementation of the fundamental security controls. At the same time, semantic wikis have become popular collaboration and information sharing platforms that have proven their strength as an effective way to distribute domain-specific information within an organization. This paper evaluates the adequacy of the semantic wiki as a security control catalog platform for building an information security knowledge base that would especially help small and medium-sized enterprises to develop and maintain their security baseline.