TRANSFORMING BUSINESS POLICIES TO INFORMATION TECHNOLOGY SECURITY CONTROL TERMS FOR IMPROVED SYSTEM COMPLIANCE

摘要

A hierarchically layered group of domain-specific enhanced enterprise ontologies where each domain layer is connected to the immediate domain layer below through a layer policy/control/context translation ontology. Security controls discovery and a mapping ontology is semantically integrated to domain meta models in each layer and a corresponding security controls knowledge base.