PROJECT PROPOSAL
MASTER IN COMPUTER SCIENCE (INFORMATION SECURITY)
TITLE OF PROJECT
Threat Profile Identification using Ontology in Business Impact Analysis
Prepared by:
Saiful Bahari bin Mohd Sabtu
(MC 121014)
Supervisor:
Not yet Selected
Date:
15/03/2013
ii
TABLE OF CONTENTS
CONTENTS
1.0
PAGE
Introduction……………………………………………………………....... 1
1.1
Background of the problem………………………………………. 1
1.2
Problem Statement……………………………………………….… 2
1.3
Project Aim………………………………………………………… 2
1.4
Project Question…………………………………………………… 2
1.4
Project Objectives………………………………………………….. 2
1.5
Project Scope………………………………………………………. 3
2.0
Literature Review ……………………………………………………...…. 3
3.0
Methodology ………………………………………………………….…… 8
4.0
Expected Outcome ………………………………………………………… 8
5.0
Conclusion…………………………………….…………………………… 9
References…………………………………………………………………. 10
Appendix: Gantt Chart
1
1.0 Introduction
The public sector in Malaysia, especially front-line agencies have already embarked
on the implementation of Business Continuity Management (BCM) in accordance
with the instructions of the Malaysia Administrative Modernization and Planning
Unit (MAMPU) Director General circular letter 22 January 2010 [1].
The Malaysian Cabinet on 24 February 2010 decided that public agencies
listed in the National Critical Information Infrastructure (CNII) must be certified in
the Information Security Management Systems Standard MS ISO / IEC 27001:2007
within 3 years period. Among the required domain in the ISMS Implementation and
Certification in the Public Sector Document is Business Continuity Management [2].
1.1 Background of the Problem
To achieve the mentioned target in the previous section, the Government via
MAMPU has crafted an implementation framework to assists its agencies [1].
Agencies can either chose to establish its own Business Continuity Plan (BCP) or
acquire consultation from the industry experts.
Based on a 2010 survey by MAMPU [3] done to 48 agencies, only 23% has
started developing its BCP, while 52% of them stated they are still planning to do so.
Interestingly, 45% opted for external consultant assistance, leaving only 55% doing it
using internal resources.
One of the main challenges identified by observation to implement an inhouse BCP is providing the required baseline information or template for the
business impact analysis phase, namely Threat Profile Identification.
Taxonomies and ontologies can help in making sense of huge amount of
content. As many government agencies develop their BCP in a closed silo mode to
preserve secrecy and confidentiality, accessing these different information silos can
be cumbersome.
Therefore a method for sharing valuable collaborative information for the
purpose of referencing common vocabulary and benchmarking baseline information
2
such as threat attack identification profiles, common information assets threat and
vulnerability listing is needed to accelerate the BCP establishment.
The fundamental motivation is enabling the representation and sharing of
common pattern in the business continuity sense across government agencies without
disclosing the whole BCP document.
1.2 Problem Statement
The absence of information resource to enable sharing of critical information security
model in the government sector in the form of conceptual schema hinders efficient
understanding of information required for many management purposes. An
information schema can clarify the meaning and interdependence of Information
Technology Security relevant terms thus closing the gap in facilitating sharing
valuable information on risk analysis and threat identification and simulation
processes.
This study is designed to develop and evaluate an ontological based approach
for business impact analysis phase in the I.T business continuity management
planning among government agencies.
1.3 Project Aim
The aim of this study is to identify baseline threat attack profiles in the government
information and communications sector using ontological approach and to further
evaluate the applications in the business impact analysis phase.
1.4 Project Question

How ontological mapping can assists BCP?

What is the required domain ontology?

Is the proposed method feasible for adoption by government agencies
1.5 Project Objectives

To study the use of ontology in BCP

To develop an ontology for business impact analysis in BCP

To evaluate and analyze the ontological approach
3
1.6 Project Scope
The study will be conducted on selected government agencies in the information
sector which has completed their BCP namely National Archives and National
Library.
The domain Ontology will be derived from existing security ontology and
will be adapted to the general framework outlined by MAMPU [1]. It will then
further defined based on the existing BCP document and structured interviews with
related personals especially the domain experts such as the risk analyst and business
analyst involved in the creation of BCP.
Evaluation and testing will be done in another selected information sector
agency which has not completed their BCP implementation.
2.0 Literature Review
The ability to reuse existing information highly accelerates any effort to identify,
create and manage concepts in knowledge management. In representing and
management of information security knowledge especially business continuity
management, ontology appears to be a promising area of research to enable common
understanding of related topics. Concepts can be exchanged amongst data resources
owner and users.
Authors of [4][5] worked on ontology, as the medium to store and convey
common dictionary or concepts. Based on fundamental understanding of ontology,
the authors make use of ontology to solve problems in a specific knowledge domain.
Pereira and Santos in [6] outlined characteristics of ontology which are
relevant for knowledge sharing and modelling of information:

Ontologies enable to specify semantic relationships between diverse
concepts;
4

Ontologies share a common understanding of structured information among
different parties such as humans or software agents, which enables to be
reasoned and analyzed automatically;

Ontologies are reusable and able to evolve over time;

Ontologies are shared among different agents to solve interoperability
problems.
Their work is intended to present a conceptual implementation model of an
ontology defined in the security domain. (See fig. 1)
Fig. 1. Concepts and relationships of the Ontology [1]
Concepts proposed are described as following:

Threat – This concept represent the types of dangers against a given set of
properties (security properties).

Attack – This concept represent the security incidents caused by some agent.

Impact – This concept represent the effects that a security incident can imply.

Control – This concept represent the mechanisms used to reduce or avoid the
effects of an incident or to protect vulnerability.

Vulnerability – This concept represent the weaknesses of the system.
While in [7], Zaini and Omar
proposes a system in supporting initial
collaborative ontology development works between ontology developers without
5
requiring the presence of domain experts, aiming at accelerating the ontology
development process. They identified the challenge of forming a collaborative
procedure in:

acquiring and modeling the knowledge,

allocating a platform that is accessible to geographical distributed parties
and

to handle update conflicts during the development.
In their literature, the author highlighted notable methodologies in ontology
development. They also stated that development process is a time-consuming
activity, which involves participants namely ontology developers and domain
experts.
They adopted a general methodology to cater the requirement for
collaborative ontology development. The process flow is illustrated in figure 2.
Fig. 2. Methodology chosen in [2]
Scope of their work is focused on step 2 and 3 in figure 2.
6
Salim et al. in [8], selected Islamic ontology as their domain specific scope.
Existing knowledge sources such as documents, reports, etc. are mapped into the
domain ontology and semantically enriched using a framework that advocates the
symbiosis of thesaurus and domain expert. This semantically enriched information
enables better knowledge indexing and searching process. The result improved
precision and search time. The authors stressed on how a well-structured thesaurus
can be used as knowledge base for an interface that can assist user with search topic
clarification. They demonstrates ontology development using thesaurus as additional
resource to enforce better comprehension of underlying taxonomy involved in the
specific domain.
It is evident that ontology can be a solution at enabling reuse of domain
knowledge and provide a well-defined representation for knowledge models. From
the perspective of mapping the knowledge and further use it in the decision making
process in the information security domain, a work by [9] proposed a unified method,
integrating both points of views to enable risk-aware business process management
and optimization. They demonstrated a mapping between the Threat-Impact Process
(TIP) Layer and the security ontology’s threat, vulnerability and safeguard
representation. The security ontology provides information about the vulnerabilities
associated with a given threat. The safeguard elements are mapped via Relation 1.
Meanwhile Relation 2 represents the mapping of the threat element sec:PingOfDeath
to the corresponding threat elements in the TIP diagram.
7
Fig. 3. TIP - Security Ontology Mapping
Mapping illustrated in Fig. 3, displays a risk-aware simulation. The
simulation provides essential information on potential single points of (business
process) failure, weaknesses in the selection of security mechanisms, and detailed
information on costs and benefits of implemented security measures.
By leveraging from Semantic Web, Ontology in the specific domain can be
created using various ontology creation environments like Protégé or custom built
environment as Ontology language is made up from an XML base. Therefore
ontology proves viable to be a plausible method for sharing valuable collaborative
information for the purpose of referencing common vocabulary.
In integrating ontology to reflect data sources, further reading suggests
ontology can also be mapped to DBMS to extend the portability features sharing
common understanding of the structure of information among people or software
agents.
8
3.0 Methodology
The research will develop and evaluate a ontological model to define the common
information schema needed to share business continuity management concepts and
relations. The operational framework is depicted as follows:
Fig. 4. Proposed Operational Framework
Project Gantt chart is enclosed in the Appendix Section.
4.0 Expected Outcome
The expected outcome is an ontological model for risk analysis and threat
identification.
9
5.0 Conclusion
The proposed model is designed to close the gap in sharing common patterns of
resources needed for business impact analysis. Ontologies help in all three
fundamental
knowledge
management
processes,
namely,
communication,
integration, and reasoning. Once ontology has been created, it serves as a base for
communication, facilitating knowledge transfer in the business continuity sense.
10
References
[1] Malaysia Administrative Modernization and Planning Unit (MAMPU). Pengurusan
Kesinambungan Perkhidmatan Agensi Sektor Awam. Surat Arahan Ketua Pengarah
MAMPU BPICT.700-4/2/11(3). 2010.
[2] Malaysia Administrative Modernization and Planning Unit (MAMPU). Pelaksanaan dan
Pensijilan ISMS Dalam Sektor Awam. Surat Pekeliling Am Bil. 3 Tahun 2010.
MAMPU.BPICT.700-4/3/5 Jld. 2 (6). 2010.
[3] Hashim, S. (2010). Business Continuity Management : Public Sector BCM
Implementation. In Persidangan Keselamatan ICT Sektor Awam. Unpublished. Malaysia
Administrative Modernization and Planning Unit (MAMPU).
[4] S. Fenz, T. Pruckner, and A. Manutscheri, “Ontological Mapping of Information Security
Best-Practice Guidelines,” pp. 49–60, 2009.
[5] V. Varma, “Use of Ontologies for Organizational Knowledge Management and
Knowledge Management Systems.” In A Handbook of Principles, Concepts and Application
in Information Systems. R. Koshore, R. Ramesh. Berlin. Springer-Verlag, 2007. ch. 2 pp. 2147.
[6] Pereira, T., & Santos, H. (2009). An Ontology Based Approach to Information
Security. 3rd International Conference on Metadata and Semantic Research MTSR
2009 (Vol. 46, pp. 183-192).
[7] Zaini, N., & Omar, H. (2011). An online system to support collaborative knowledge
acquisition for ontology development. 2011 IEEE International Conference on Computer
Applications and Industrial Electronics ICCAIE. IEEE. Retrieved from
http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=6162194
[8] Salim, J., Hashim, S. F. M., & Noah, S. A. M. (2011). A framework to the development
of Islamic ontology: Symbiosis of thesaurus and domain expert in ontology
development. Proceedings of the 2011 International Conference on Electrical Engineering
and Informatics. IEEE. Retrieved from
http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6021626&isnumber=6021499
[9] Goluch, G., Ekelhart, A., Fenz, S., Jakoubi, S., Tjoa, S., & Muck, T. (2008). Integration
of an Ontological Information Security Concept in Risk-Aware Business Process
Management. Proceedings of the 41st Annual Hawaii International Conference on System
Sciences HICSS 2008. IEEE. Retrieved from
http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=4439082
1
Appendix
Project I Gantt Chart
Project II Gantt Chart