search menu icon-carat-right cmu-wordmark

Security and Ontology Resources

This research explores controlled vocabularies, taxonomies, and ontologies to make progress toward a science of cybersecurity.

Publisher:

Software Engineering Institute

We are aware of the need for controlled vocabularies, taxonomies, and ontologies to make progress toward a science of cybersecurity. SEI researchers are addressing this gap by developing the discipline's first common vocabulary.

An Incident Management Ontology

November 2014

In this paper, the authors describe the shortcomings of the incident management meta-model and how an incident management ontology addresses those shortcomings.

Building an Incident Management Body of Knowledge

September 2012

In this paper, the authors describe the components of the CERT Incident Management Body of Knowledge (CIMBOK) and how they were constructed.

The MAL: A Malware Analysis Lexicon

February 2013

In this report, the authors present results of the Malware Analysis Lexicon (MAL) initiative, which developed the first common vocabulary for malware analysis.

Using a Malware Ontology to Make Progress Towards a Science of Cybersecurity

May 2013

In this podcast, Dave Mundie explains why a common language is essential to developing a shared understanding to better analyze malicious code.

FAQ: Collaboration Between the CERT Coordination Center and Computer Security Incident Response Teams Worldwide

June 2008

This FAQ answers questions related to the collaboration between the CERT/CC and CSIRTs worldwide.