Cybersecurity Vulnerability Management: An Ontology-Based Conceptual Model

Publication Year:
Usage 75
Abstract Views 67
Downloads 8
Repository URL:
Syed, Romilla; Zhong, Haonan
artifact description
Prevention of exploits requires timely intelligence about the cybersecurity vulnerabilities and threats. The U.S. Computer Emergency Response Team Coordination Center (CERT/CC) is the official body to disclose vulnerability information. Increasingly, hackers also use social media to share vulnerability and exploit information. In this study, we present a conceptual ontology of cybersecurity vulnerability management that integrates information from official sources with social media intelligence. The ontology models products, threats, vulnerabilities, countermeasures, intelligence and their relations. The ontology extends the vulnerability concepts provided by National Institute of Standards and Technology (NIST) and can be used as a general vocabulary of the domain of cybersecurity vulnerability management. Further, the ontology could be useful for reasoning about the relationships between entities to issue cybersecurity alerts for security analysts to analyze and manage vulnerabilities.