Ontology Based Modeling for Information Security Management

Abstract

Interconnected network centric environment is governed by a complex web of regulatory standards across wide geographical boundaries. With increasing trend of globalization and e-governance initiatives sweeping across different industrial sectors the multi-national corporations are forced to conform to multiple government regulations demanded by numerous stakeholders comprising regulatory authorities, legal entities, consumer forum and partners. In a heterogeneous, multi-regulated, multi-disciplined and global environment, corporations are often required to adhere to more than one standard and best practice method. Compliance auditing (CA) is the process that identifies and analyses any misalignment and non-compliance of the organization's rules and policies vis-a-vis government regulations. A distinct challenge in compliance auditing is the repetitive, resource intensive process of identifying non-compliant organizational issues based on company policies, controls or industrial standards. In this paper, we propose a framework for building a multi-agent information model that captures the notion of compliance semantics and presents it using ontology. We further present a methodology for computing the compliance metric of organizational practices with regulatory standards/ requirements capturing the relevance of the ontological concepts using fuzzy weights for estimating the compliance.