A framework for conceptual characterization of ontologies and its application in the cybersecurity domain

Organizations are actively seeking efficient solutions for the management and protection of their assets. However, Cybersecurity is a vast and complex domain, especially for large enterprises because it requires an interdisciplinary approach. Knowledge Graphs are one of the mechanisms that organizations use to explore security among assets and possible attacks. The grounding of concepts is fundamental to implementing Knowledge Graphs, and it is one of the most relevant ontology applications. Therefore, Cybersecurity Ontologies have emerged as an important research subject. The first contribution of this paper is a search for previously existing works that have defined Cybersecurity Ontologies. We found twenty-eight ontologies in this search. Based on this result, we propose a Cybersecurity Terminological Validation and a Framework for Classifying Ontologies. Then, we provide a cross-analysis of these two proposals and present a proposal of best practices for improving the ontological approach in the cybersecurity domain. We also discuss the impact of this proposal with regard to the Ontology Engineering process. Our goal is to provide a solution that meets the organization’s needs in terms of Cybersecurity and to contribute to Ontology Engineering research.