Security assessment is crucial to the implementation and use of secure web portals. Literature reports studies about knowledge representation models for systems assessment and information security areas; however, there is a lack of conceptual formalization for the security assessment area. The security assessment ontology (SecAOnto) objective is to formalize knowledge on security assessment. It is based on ontologies, taxonomies, vocabularies, glossaries, and market guidelines. This paper presents an application of SecAOnto with the objective of identifying concepts in descriptions of security assessment items; the coverage of security characteristics is determined by using a coverage calculus algorithm. The application of SecAOnto and of the coverage calculus algorithms to the well-known standard ISO/IEC 27001 highlights its expressiveness. The proposal is useful for security experts and researchers in the context of security assessment, as well as to support web-based conceptual architectures.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.