Modeling Knowledge for Information Security and Compliance

Abstract

This page gathers some information about the tools used in a project, developed the Bank I work for, supporting the Compliance Assurance Process, and the Risk Assesment Process, related to compliance risk.
I believe that this material is interesting for the community, because the project was developed using a wide range of open source technologies, and was centered about ontological analysis of concept domains, an approach not common in security-related projects.
pictures

News

The project will be presented at:

SEI ..

Blog

  • second alpha version of the velociowl plugin (oct. 10, 2006)
  • release of the alpha version of velociowl plugin (sept. 26,2006)
  • september 2006: this page created
  • january 2006: project started

Links

  • Logo Open Tech
    the Company implementing some ideas from this project in a commercial application for Compliance Risk Management
  • The OWL Standard Page at W3C
  • A paper on ontology for Regulatory compliance Services

A Protégé OWL plugin for reporting

The plugin integrates the power of the Velocity templating tool inside Protégé. The user can produce reports (really any kind of file output) from "templates" using the full OWL API of Protégé.

Documentation and code
You can download the plugin and the documentation here.
Development status
The plugin is currently actively developed.
The published version is a really "alpha" release, anyhow can be used without many issues.

Ontological analysis of the security and compliance domain

A paper describing the approach used to create an ontology of the information security system, and the compliance risks.

Site Meter