Security ontologies: Improving quantitative risk analysis

  • Ekelhart A
  • Fenz S
  • Klemen M
 et al. 
  • 76


    Mendeley users who have this article in their library.
  • 53


    Citations of this article.


IT-security has become a much diversified field and small and medium sized enterprises (SMEs), in particular, do not have the financial ability to implement a holistic IT-security approach. We thus propose a security ontology, to provide a solid base for an applicable and holistic IT-security approach for SMEs, enabling low-cost risk management and threat analysis. Based on the taxonomy of computer security and dependability by Landwehr, a heavy-weight ontology can be used to organize and systematically structure knowledge on threats, safeguards, and assets. Using this ontology, each threat scenario can be simulated with a different protection profile as to evaluate the effectiveness and the cost/benefit ratio of individual safeguards

Get free article suggestions today

Mendeley saves you time finding and organizing research

Sign up here
Already have an account ?Sign in

Find this document


  • Andreas Ekelhart

  • Stefan Fenz

  • Markus Klemen

  • Edgar Weippl

Cite this document

Choose a citation style from the tabs below

Save time finding and organizing research with Mendeley

Sign up for free