Security ontologies: Improving quantitative risk analysis

  • Ekelhart A
  • Fenz S
  • Klemen M
 et al. 
  • 75


    Mendeley users who have this article in their library.
  • 51


    Citations of this article.


IT-security has become a much diversified field and small and medium sized enterprises (SMEs), in particular, do not have the financial ability to implement a holistic IT-security approach. We thus propose a security ontology, to provide a solid base for an applicable and holistic IT-security approach for SMEs, enabling low-cost risk management and threat analysis. Based on the taxonomy of computer security and dependability by Landwehr, a heavy-weight ontology can be used to organize and systematically structure knowledge on threats, safeguards, and assets. Using this ontology, each threat scenario can be simulated with a different protection profile as to evaluate the effectiveness and the cost/benefit ratio of individual safeguards

Get free article suggestions today

Mendeley saves you time finding and organizing research

Sign up here
Already have an account ?Sign in

Find this document

Get full text


  • Andreas Ekelhart

  • Stefan Fenz

  • Markus Klemen

  • Edgar Weippl

Cite this document

Choose a citation style from the tabs below

Save time finding and organizing research with Mendeley

Sign up for free