Ontology for Information Security Management in Systems-of-Systems.
Master’s Thesis by Roberto Monteiro Dias. Graduate Program of Informatics, UNIRIO, 2022.
Advisor: Rodrigo Pereira dos Santos
The intense transformations that have taken place in society in this decade have made information systems (IS) more complex. Such complexity relates to a category of systems defined as systems-of-systems (SoS). Although SoS offers benefits to organizations, the difficulty of Information Technology (IT) managers in dealing with information security in these systems can leave them vulnerable to threats and impacts caused by cyber attacks. Researchers consider that ontologies can be used as a solution to this problem because they define knowledge structures and promote a shared understanding of a domain, task or application. The objective of this research is to develop a domain ontology to support IT managers in decision making on information security issues in the context of SoS. For this, a systematic mapping study (SMS) was conducted to identify which information security technologies have been applied in the context of SoS. A survey research was carried out to analyze how these aspects have been perceived by specialists who work professionally in the industry or have research projects applied in real scenarios within the scope of these systems. Methodology 101 was also applied for the development of an information security domain ontology in SoS. Finally, the ontology evaluation was performed through a focus group with specialists, the ontology refinement and the feasibility study. The ontology aims to ensure the management of security knowledge in SoS and its shared understanding so that stakeholders, IT managers and their teams can avoid risks, vulnerabilities and threats in SoS. Its contribution is the standardization of concepts, terms and definitions, as well as the ease of sharing information to make more explicit assumptions and assist in the analysis of knowledge and domain relationships.