Ontology-based decision support for information security risk management

Abstract—As e-Business and e-Commerce applications are increasingly exposed to a variety of information security threats, corporate decision makers are increasingly forced to pay at-tention to security issues. Risk management provides an ef-fective approach for measuring the security but existing risk management approaches come with major shortcomings such as the demand for very detailed knowledge about the IT secu-rity domain and the actual company environment. This paper presents the implementation of the AURUM methodology into a software solution which addresses the identified shortcomings of existing information security risk management software solutions. Thereby, the presented approach supports decision makers in risk assessment, risk mitigation, and safeguard evaluation. I