The International Journal of Innovative Research in Computer and Communication Engineering
Information security risk management is gathering significant attention in organizations today. Incident response teams are set up to handle cyber incidents. Adequate security procedures to manage information security are obviously required and organizations need to carefully evaluate their security policies. In this context information security risk management should be performed as part of information security management activity. Its objectives are to identify, address and mitigate risks before they become serious threats. The definition of an ontology, which contains a hierarchical representation and description of security concepts, defined according to the ISO/IEC-JTC1 standards, can assist organizations to classify attacks, identify the critical assets and mitigate their vulnerabilities and threats.