An Ontological Approach to Information Security Risk Management Based on ISO/IEC 27001:2022
摘要
An information security management system (ISMS) is no option but a requirement for organizations to defend their systems. This paper seeks to compare the CIS Controls v8 and the ISO/IEC 27001:2022 and understand the purpose, procedures, and effectiveness of both in reducing security vulnerabilities. It presents a conceptual model of ISMS based on the requirements of the ISO/IEC 27001:2022 standard and developed with the diagrams of system structure using UML. The ontology is exported to RDF/XML or Turtle and validated for compliance with the RDF rules.