Joaquín Lasheras

A Systematic Review and Comparison of Security Ontologies

The use of ontologies for representing knowledge provides us with organization, communication and reusability. Information security is a serious requirement which must be carefully considered. Concepts and relations managed by any scientific community need to be formally defined and ontological engineering supports their definition. In this paper, the method of systematic review is applied with the purpose of identifying, extracting and analyzing the main proposals for security ontologies. The main identified proposals are compared using a formal framework and we conclude by stating their early state of development and the need of additional research efforts.

Basis for an integrated security ontology according to a systematic review of existing proposals

The use of ontologies to represent knowledge provides us with organization, communication and reusability. The concepts and relations managed by any scientific community need to be formally defined. Since security in information technologies has evolved as a critical aspect and many related topics have been developed, this paper applies the method of systematic review for identifying, extracting and analyzing the principal proposals for security ontologies. The most mature proposals have been selected and compared by using a formal framework, extracting the key requirements that an integrated and unified security ontology should have, and providing the first steps towards its definition.

A Personal Data Audit Method through Requirements Engineering

Organizations using personal data in areas such as in Health Information Systems have, in recent years, shown an increasing interest in the correct protection of these data. It is not only important to define security measures for these sensitive data, but also to define strategies to audit their fulfilment. Although standardisation organisations have defined recommendations and standards related to security and audit controls, no methodological frameworks proposing the audit of these sensitive data have been described. This paper presents a methodology with which to audit personal data protection, using Requirements Engineering and based on CobiT. This methodology has been validated in four real case studies.

An integrated domain analysis approach for teleoperated systems

Teleoperated systems for ship hull maintenance (TOS) are robotic systems for ship maintenance tasks, such as cleaning or painting a ship’s hull. The product line paradigm has recently been applied to TOS, and a TOS reference architecture has thus been designed. However, TOS requirements specifications have not been developed in any rigorous way with reuse in mind. We therefore believe that an opportunity exists to increase the abstraction level at which stakeholders can reason about this product line. This paper reports an experience in which this TOS domain was analyzed, including the lessons learned in the construction and use of the TOS domain model. The experience is based on the application of extensions of well-known domain analysis techniques, together with the use of quality attribute templates traced to a feature model to deal with non-functional issues. A qualitative research method (action research) was used to carry out the experience.