Abstract
Risk Management involves complex relations among objects and agents, their capabilities and vulnerabilities, the events they are involved in, and the value and risk they pose to the stakeholders. There are patterns involving these relations that crosscut many domains, ranging from information security to public safety. Understanding and forming a shared conceptualization and vocabulary about these notions is fundamental for modeling the corresponding scenarios and devising security countermeasures. Ontologies are instruments developed to address these issues of conceptual clarification and terminological systematization. Although several ontologies have been proposed over the years for risk management purposes, they display many limitations concerning their generality, expressivity, adequacy, and interoperability. To bridge this gap, we investigate those patterns with the support of the Unified Foundational Ontology (UFO) and the Common Ontology of Value and Risk (COVER). However, we immediately observe that the phenomenon of prevention is crucial to understanding and modeling the security domain. Prevention is about blocking an effect before it happens or stopping it as it unfolds. It may occur as a natural phenomenon or as a result of intentional human intervention– a key aspect of the security domain. For example, vaccines prevent the unfolding of diseases; seat belts prevent events causing serious injuries; and circuit breaks prevent the manifestation of overcurrents. Therefore, an ontological theory of prevention is necessary to build an adequate security ontology. Since the theory of events of UFO lacks a characterization of prevention, this happens to be our first challenge and contribution: (1) an ontological theory of prevention based on UFO. This theory will ground a (2) Reference Ontology for Security Engineering (ROSE), a proposed ontology of the security domain from a risk treatment perspective, according to ISO 31000. We report three other major contributions by applying ROSE to (3) specializing it in a Phishing Attack Ontology (PHATO); (4) proceeding with an ontological analysis of D3FEND, an OWL cybersecurity ontology; we uncover numerous modeling mistakes and propose recommendations of improvement; (5) executing an ontological analysis and redesign of security elements of ArchiMate in the context of Enterprise Risk Management. By doing so, through an ontological approach, we provide a network of novel solutions for security modeling.