Towards Cybersecurity Risk Assessment Automation: an Ontological Approach.

In the past decade, cyber attacks have been escalating, affecting both large organizations and smaller businesses, as well as individuals and a proactive approach to cybersecurity risk assessment has become indispensable. The risk assessment process is composed of different activities, from vulnerability management to the identification of threats (threat modeling). The main challenge lies in the manual nature of these activities facing complexities due to evolving threats and the growth of ICT infrastructures. Hence, providing automation to the risk assessment process is becoming crucial. The work presented in this paper aims to automate risk assessment using an ontology-based approach; a structured and formal representation of data is provided for ICT infrastructures description and related security information leveraging a defined ontology. The proposed solution follows an asset-oriented approach in defining the ontology; this allows to tightly link together infrastructure components and security data, enhancing automation's effectiveness and precision. The ontology is automatically populated with the required security information of the infrastructure under analysis, threat modeling is performed resorting to defined inference rules and all this information items are used to assess the risk of identified threats. The risk assessment process automation, as well as the supporting models and knowledge-base, proposed allows to easily adapt to changes in both the ICT infrastructure under analysis and the threat land scape as new information are integrated seamlessly in the evaluation process and support analyst in gather, combine and analyse the information required for evaluating risk.