Semantic model of Information Security: Extracting Conceptual Network with Analysis Approach of Scientific Publications and Delphi

Document Type : Research Paper

Authors

1 Ph.D. Student of Knowledge and Information Science, Science and Research Branch, Islamic Azad University, Tehran, Iran.

2 Associate Professor, Department of Knowledge and Information Science, Science and Research Branch, Islamic Azad University, Tehran, Iran.

3 Associate Prof.of Linguistcs Department, Iranian Research Institute for Information Science and Technology (IRANDOC)

4 Professor, Department of Knowledge and Information Science, Science and Research Branch, Islamic Azad University, Tehran, Iran.

5 Associate Professor, Department of Applied Mathematics, South of Tehran, Islamic Azad University, Tehran, Iran.

Abstract

Purpose: Considering the emergence and increasing expansion of various subject domains and the lack of a valid codified thesaurus, the main aim of this study is to provide a semantic model of information security based on a conceptual network for use in domain ontologies, so it is applied research.
Methodology: The research method is a combination of co-word analysis, library, and Delphi methods. In the first stage, the conceptual network was extracted from 7547 scientific documents on "information security" using the co-words analysis method. These documents were indexed in the Scopus databases and WOS from 2013 to 2017. Pre-processing operations on 19648 keywords and tags were done in a completely targeted manner by using five dictionaries in information security, and three dictionaries in computer science. With a minimum co-occurrence of 5 for each word in "VOS Viewer", 207 preferred concepts were selected based on the latest version of the information security dictionary, and its conceptual network was mapped. By "Gephi", betweenness centrality, density, and clustering coefficient indices were checked. Then in the second stage, for extracting a new semantic model, used the library method. So, seven related semantic models: Security ontology, information security ontology, attack ontology, vulnerability ontology, existence - Ontosec mapping, and threat taxonomy as well as the conceptual model of information systems security in libraries. These entities, classes, subclasses, relationships between them, concepts, and examples attributed to each class and subclass were studied and examined carefully. Then, 207 conceptual network concepts were adapted to the common components of these models, and a new model was presented. Finally, in third stage, using the fuzzy Delphi technique, the consensus of experts in both fields of Knowledge and Information Science (KIS) and Computer Sciences was examined. Using SPSS and Kendall's non-parametric test, the experts' agreement coefficient about the classes and sub-classes, as well as their associated concepts, were investigated. 5 classes, 6 subclasses and also 71 concepts out of 97 common concepts with an agreement coefficient above 0.7 were obtained. Finally, confirmatory factor analysis and Smart PLS structural modeling were used to check the correctness of the relationships governing the classes and subclasses in the conceptual model.
Findings: The main nodes and strong links in the conceptual network of information security include: "information security," "security," "information system," "privacy," "telecommunication," "information," "intrusion detection system," "cryptography," "cyber security," "authentication," "network," "risk," "threat," and "risk management framework." The extracted semantic model has a goodness of fitting (GOF) of 0.710 and confirms 11 semantic relationships. These relationships include: "Requires level," "Diminish," "Threatens," "Exploited by," "has Source," "Uses of," "Lead to," "Attack," "Vulnerability on," "Implemented by," and "Reduce." Also, it has 5 main classes, including "Information Asset," "Security Attribution," "Threat," "Vulnerability," and "Countermeasure." There are also 6 subclasses, which include "Threat Source," "Access Path (influence way)," "Threat Tools," and "Attack," all related to the Threat class. Additionally, there are Technological countermeasures and Organizational countermeasures, which are related to the Countermeasure class. Also, it was discovered that there are 71 attributive concepts, some of which include: Password, Smart card, User, Integrity, Hacker, Malicious code, Virus, Distributed Denial Of Service (DDOS), Risk management, Backup, Digital signature, Penetration testing, Antivirus, Firewall, and so on.
Conclusion: The conceptual network and semantic model can be inferred in semantic systems and databases. This research can provide a new method for creating high-level ontologies to optimize search engines and reduce false dropping, as well as recover unwanted information.

Keywords


احمدی، ح. (1394). ترسیم و تحلیل شبکه مفهومی و هستی‌شناسی ساختار دانش حوزه علم‌سنجی ایران بر اساس رویکرد تحلیل حوزه‌ [رساله دکتری منتشر نشده]. دانشگاه شهید چمران اهواز.
آرین‌پور، م. (1395). میزان رعایت استانداردهای آی ای اس 27002 و 27019 در حوزه مدیریت امنیت اطلاعات در سازمان اسناد و کتابخانه ملی ایران [پایان‌نامه کارشناسی ارشد منتشر نشده]. دانشگاه الزهرا.
حاجی زین‌العابدینی، م.، و رفعتی، م. (1396). بررسی نظام مدیریت امنیت اطلاعات در کتابخانه‌های مرکزی دانشگاه‌های دولتی شهر تهران، پژوهش‌های نظری و کاربردی در علم اطلاعات و دانش‌شناسی، 7 (1)، 257-279. https://doi.org/10.22067/RIIS.V7I1.55215
حریری، ن.، و نظری، ز. (1391). امنیت اطلاعات در کتابخانه‌های دیجیتالی ایران، کتابداری و اطلاع‌رسانی، 16 (2)، 61-90. https://lis.aqr-libjournal.ir/article_43010.html
خضری‌پور، ف. (1392). ارائه یک مدل برای بهبود مدیریت امنیت دارایی‌های اطلاعاتی سازمان در سیستم مدیریت امنیت اطلاعات ادارات دولتی شهر کرمان [پایان‌نامه کارشناسی ارشد منتشر نشده]. دانشگاه پیام نور.
داوری، ع.، و رضا‌زاده، آ. (1393). مدل‌سازی معادلات ساختاری با نرم‌افزار pls، تهران: جهاد دانشگاهی.
سهیلی، ف.، و عصاره، ف. (1391). مفاهیم مرکزیت و تراکم در شبکه‌های علمی و اجتماعی، فصلنامه مطالعات ملی کتابداری و سازمان‌دهی اطلاعات، 24 (3)، 92-108. https://nastinfo.nlai.ir/?_action=article&kw=500&_kw
سیف، ی.، و نادری بنی، ن. (1396). شناسایی مؤلفه‌های مؤثر بر مدیریت امنیت اطلاعات در فناوری اطلاعات شرکت نفت فلات قاره ایران، مدیریت فناوری اطلاعات، 9 (4)، 851-870. https://www.sid.ir/paper/140422/fa
شیرواندهی، ش. (1397). سنجش عملکرد مدیریت امنیت اطلاعات در کتابخانه دیجیتال سازمان اسناد کتابخانه ملی ایران، [پایان‌نامه کارشناسی ارشد منتشر نشده]. دانشگاه آزاد اسلامی علوم تحقیقات تهران.
فروزنده، ح. (۱۳۹۰). مدیریت پایگاه داده. تهران: عابد.
کوکبی، م.، و کوهی رستمی، م. (1394). امنیت اطلاعات سامانه‌های تحت وب نهاد کتابخانه‌های عمومی کشور، تحقیقات اطلاع‌رسانی و کتابخانه‌های عمومی، 21 (80)‌، 89-107. https://doi.org/20.1001.1.26455730.1394.21.1.5.9
مازا، ر. (1393). مقدمه‌ای بر دیداری‌سازی اطلاعات. ترجمة فریده عصاره، مازیار نصیری، سپیده قلمباز و حمید احمدی. همدان: نشر سپهر.
 
 
Abubakar, F., & Aduku, B. S. (2016). Approaches to security of information resources in academic libraries in Niger State, Nigeria. Samaru Journal of Information Studies, 16(1), 12-24. https://www.ajol.info/index.php/sjis/article/view/174811
Ahmadi, H‌, (2016). Mapping and Analysis of Iranian Conceptual Network of the Structure of Scientometrics [Unpublished doctoral dissertation], Shahid Chamran university of Ahvaz [In Persian].
Alshboul, Y., & Streff, K.)2015). Analyzing Information Security Model for Small-Medium Sized Businesses. Proceeding of Americas Conference on Information Systems (AMCIS) in Information systems security, Assurance and privacy (SIGSEC), June 26, Corpus ID: 41307801.‌ https://www.researchgate.net/publication/281079574_Analyzing_Information_Security_Model_for_Small-Medium_Sized_Businesses
Amini, M., Vakilimofrad, H., & Saberi, M. K. (2021). Human factors affecting information security in libraries. The Bottom Line, 34 (1), 45-67. https:/doi.org/10.1108/BL-04-2020-0029
Anwar, M.A., Rongting, Z., Dong, W., Asmi, F., & Meissner, R. (2018). Mapping the knowledge of national security in 21st century a bibliometric study. Cogent Social Sciences, 4(1). https:/doi.org/10.1080/23311886.2018.1542944
Arianpour, M. (2017). Examining compliance with IES 27002 and 27019 standards in information security management in the National Library and Documents Organization of Iran [Unpublished master dissertation], Alzahra university [In Persian].
Brandão, A. J. S. (2006). Using Ontologies to Classify Vulnerabilities on Security Systems [Unpublished master dissertation], ICMC-USP. São Carlos-SP-Brazil. https://protege.stanford.edu/conference/2005/submissions/posters/poster-martimiano.pdf
Calder, A., & Steve, W. G. (2007). A Dictionary of Information Security Terms, Abbreviation and Acronyms, IT Governance publishing, United Kingdom.
Cheng, K. (2005). Surviving hacker attacks proves that every cloud has a silver lining. computers in libraries, 25(3), 52-56.‌ https://www.researchgate.net/publication/234576575_Surviving_Hacker_Attacks_Proves_That_Every_Cloud_Has_a_Silver_Lining
Da Veiga, A., Martins, N., & Eloff, J. H. (2007). Information security culture-validation of an assessment instrument. Southern African business Review, 11(1), 147-166. https://www.researchgate.net/publication/235526018_Information_security_culture_-_Validation_of_an_assessment_instrument
Daconta, M.C., Obrst, L.J., & Smith, K.T. (2003). The Semantic Web: A Guide to the Future of XML, Web Services, and Knowledge Management, Wiley. Publisher: WileyISBN: 978-0-471-43257-9
Davari, A., & Rezazadeh, A. (2015), Structural equation modeling with pls software. Tehran: Jahad Daneshgahi [In Persian].
Dawar, V. (2016). DIGITAL INFORMATION SECURITY FOR ACADEMIC LIBRARIES, Proceedings of TIFR-BOSLA National Conference on Future Librarianship: Innovation for Excellence, (April), 22-23, Mumbai, India. https://www.researchgate.net/publication/335389774_DIGITAL_INFORMATION_SECURITY_FOR_ACADEMIC_LIBRARIES
Dictionary of IBM & computing technology (2010). New York: IBM.
Doynikova, E., Fedorchenko, A., & Kotenko, I. (2020). A Semantic Model for Security Evaluation of Information Systems, Journal of Cyber Security and Mobility, 9(2). https:// doi.org/10.13052/jcsm2245-1439.925
Ekelhart, A., & Fenz, S. (2009و March). Ontology-Based Decision Support for Information Security Risk Management. Proceedings of 4th International Conference on Systems (ICONS), 1-6, Gosier, France. https://doi.org/10.1109/ICONS.2009.8.
Elmasri, R., & Navathe, S. B. (2015). Fundamentals of database systems (7th ed.). Pearson. https://amirsmvt.github.io/Database/Static_files/Fundamental_of_Database_Systems.pdf
Faruzandeh, H. (2019). Database management. Tehran: Abed. [In Persian].
Fox, R. (2006). Digital libraries: the systems analysis perspective, vandals at the gate, OCLC systems & services, 22(4), 249-255. https://doi.org/10.1108/DLP-022016-0006
Gattiker, U. E. (2004). THE INFORMATION SECURITY DICTIONARY Defining the Terms that Define Security for E-Business, Internet, Information and Wireless Technology, KLUWER ACADEMIC PUBLISHERS, NEW YORK.
Hariri, N., & Nazari, Z. (2012). Information security in Iran’s digital libraries, library and information Science,15(2), No 58. https://lis.aqr-libjournal.ir/article_43010.html [In Persian].
Henderson, H. (2009). Encyclopedia of computer science and technology, Facts on File, New York.
Henseler, J., Ringle, C. M., & Sinkovics, R. R. (2009). The use of partial least squares path modeling in international marketing. In New challenges to international marketing, Vol. 20, pp. 277-319). Emerald Group Publishing Limited. https:/doi.org/10.1108/S1474-7979(2009)0000020014
Herzog, A., Shahmehri, N., & Duma, C. (2007) An Ontology of Information Security, International Journal of Information Security and Privacy. 1(4), 1-23. https:/doi.org/10.4018/jisp.2007100101
Ismail, R., & Zainab, A. N.(2011). Information systems security in special and public libraries: an assessment of status, Malaysian Journal of Library & Information Science, 1(2), 45-62. https://www.researchgate.net/publication/234813293_Information_systems_security_in_special_and_public_libraries_An_assessment_of_status
Jouini, M., Ben Arfa Rabai, L., & Ben Aissab, A. (2014). Classification of security threats in information systems. Procedia Computer Science‌, 32, 489-496. https://doi.org/10.1016/j.procs.2014.05.452
Khezripour, F (2014). Model for improving the security management of the organization’s information assets in the information security management system of Kerman government departments [Unpublished master dissertation], Payame Noor University. [In Persian].
Kissel, R. (Ed.). (2011). Glossary of key information security terms. Diane Publishing.
Kokabi, M., & Kohi Rostami, M. (2015). Information security of Web-based systems in Iran Institution of public libraries. Research on Information Science and Public Libraries, 21 (1), 89-107. [In Persian]. https:/doi.org/ 20.1001.1.26455730.1394.21.1.5.9
Manoilov, G., & Radichkova, B. (2007). Elsevier’s Dictionary of Information Security. Elsevier.
Martimiano, L.A.F., & dos Santos Moreira, E. (2006). The evaluation process of a computer security incident ontology. Proceedings of 2nd Workshop on Ontologies and their applications (WONTO06), October 23-27, Brazil: Corpus ID: 6735571. https://www.researchgate.net/publication/221336544_The_Evaluation_Process_of_a_Computer_Security_Incident_Ontology
Mazza, R. (2013). An introduction to information visualization. Translated by Osareh, F. et al. Hamedan: Sepehr Publishing. [In Persian].
McGuinness, D. L. (2017). Ontologies for the Modern Age, Slide share, Slide 4.
Newby, G. B.(‌May 2000). Information security for libraries, Proceeding of Information Resources Management Association International conference An Charge, 21-24, Alaska,USA: 558-563. https://www.researchgate.net/publication/221412122_Information_security_for_libraries
Noy, N. F., & McGuinness, D. L. (2001). Ontology Development 101: A Guide to Creating Your First Ontology, Stanford Knowledge Systems Laboratory Technical Report KSL-01-05and Stanford Medical Informatics Technical Report SMI-2001-0880. Available from http://protege.stanford.edu/publications/ontology_ development/ontology101-noy-mcguinness.html
Obrest, L. (2006). The Ontology Spectrum & Semantic Models, MITRE Pwerpoint, slid 9. https://slideplayer.com/slide/12792399/77/images/1/The+Ontology+Spectrum+%26+Semantic+Models.jpg
Olijnyk, N. (2015). A quantitative examination of the intellectual profile and evolution of information security from 1965 to 2015, Scientometrics, 105, 883–904. https://link.springer.com/article/10.1007/s11192-015-1708-1
Parvin, S., Sadoughi, F., Karimi,A., Mohammadi, M., & Aminpour, F.(2019). Information Security from a Scientometric Perspective, Webology, 16(1)‌, 196-‌209. https://www.webology.org/data-cms/articles/20200515032131pma187.pdf
Razzaq, A., Anvar, Z., Farooq Ahmad, H., Latif, K., & Munir, F.(2014). Ontology for attack detection: An intelligent approach to web application security. Computers & Security, 45, 124-‌146. https://doi.org/10.1016/j.cose.2014.05.005
Rigdon, J. C. (2016). Dictionary of computer and internet terms, Eastern Digital Resources, Cartersville.
Seif, Y. & Nadery Bany, N. (2018). Identifying the effective components on information security management in the information technology of Iranian continental shelf oil company, Management Information Technology, 9(4), 851-870. https://doi.org/10.22059/JITM.2017.239211.2127 [In Persian].
Shirvandehi, S. (2017). Measuring the performance of information security management in the digital library of the National Library of Iran [Unpublished master dissertation], Islamic Azad University of Research Sciences, Tehran branch. [In Persian].
Slade, R. (2006). Dictionary of Information Security, Syngress, Rockland.
Soheili, F., & Osareh , F. (2014). Concepts of Centrality and Density in Scientific and Social Networks, Library studies and information organization, 24(3). https://nastinfo.nlai.ir/? _action=article&kw=500 [In Persian].
Solms , R., & Nikert, J. (2013). From information security to cyber security. Computer & Security, 38, 97-102. https://doi.org/10.1016/j.cose.2013.04.004
Spaccapietra, S., Parent, C., Vangenot, C., & Cullot, N. (2004). On Using Conceptual Modeling for Ontologies. In: Bussler, C., et al. Web Information Systems – WISE 2004 Workshops. WISE 2004. Lecture Notes in Computer Science, vol 3307. Springer, Berlin: Heidelberg. https://doi.org/10.1007/978-3-540-30481-43
Tenenhaus, M., Amato, S., & Esposito Vinzi, V. (2004). A global goodness of fit index for PLS Structural equation modeling. In Proceedings of the XLII SIS Scientific Meeting, 1(2), 739-742. https://www.researchgate.net/publication/284462849_A_global_goodness-of-fit_index_for_PLS_structural_equation_modelling
Wang, C. K. (2013). An Invisible Network of Knowledge of Security and Privacy of Health. International Journal of Engineering and Technology, 5(3), 357-360. http://www.ijetch.org/papers/575-ST0024.pdf
Wetzels, M., Odekerken-Schröder, G., & Van Oppen, C. (2009). Using PLS path modeling for assessing hierarchical construct models: Guidelines and empirical illustration. MIS quarterly, 177-195. https://doi.org/10.2307/20650284
Yang, Y., Wu, M., & Cui, L. (2012). Integration of three visualization methods based on co-word analysis. Scientometrics, 90(2), 659-673. https://doi.org/10.1007/s11192-011-0541-4
Zeinolabedini, M., & Rafati, M. (2018). Survey of Information Security Management System in the Central Library of the Universities in Tehran, Theoretical and applied researches in information science and epistemology, 7(1).  https://doi.org/10.22067/RIIS.V7I1.55215 [In Persian].
Zhao, L., Zhang, L., & Wang, D. (2018, July). Security Management and Operation Mechanism of Digital Libraries in Military Academies. In 3rd International Conference on Contemporary Education, Social Sciences and Humanities (ICCESSH 2018), 019-1022, Atlantis Press. https:/doi.org/ 10.2991/iccessh-18.2018.231