A contextual driven approach to risk event tagging

Abstract

Current methods of tagging events in a particular context, when deciding which ones pose a security risk on an enterprise network are inadequate. For example, changes in an environment, such as a larger number of HIPAA violations by certain user roles, can pose a risk to specific organizational functions or cyber infrastructure. To compound the problem, different information owners typically specify different user contexts based on differing organizational or individual needs. To address this problem, we developed an approach that utilizes semantic annotations, a technique that can aid in the understanding of how an event may affect knowledge of information in a domain. In this approach, semantic annotations are used to enable the tagging of events in accordance with differing organizational goals and user preferences. This work can be used to flag possible security violations and assist in their prevention.