Towards a Human Factors Ontology for Cyber Security Alessandro Oltramari Diane Henshel & Mariana Cains Blaine Hoffman Carnegie Mellon University Indiana University Army Research Laboratory Pittsburgh, USA Bloomington, USA Aberdeen, USA Abstract— Traditional cybersecurity risk assessment is order to enable cybersecurity risk assessment to become reactive and based on business risk assessment approach. The more predictive, the process and models need to incorporate 2014 NIST Cybersecurity Framework provides businesses with humans and risk factors together in a single model and use an organizational tool to catalog cybersecurity efforts and metrics that go beyond the direct assessment of classical areas that need additional support. As part of an on-going vulnerabilities (confidentiality, integrity, accessibility, or effort to develop a holistic, predictive cyber security risk assessment model, the characterization of human factors, CIA). which includes human behavior, is needed to understand how First, when considering CIA, the actual measurement or the actions of users, defenders (IT personnel), and attackers evaluation of these vulnerabilities will depend on the affect cybersecurity risk. Trust has been found to be a crucial situation being modeled. Situations requiring cybersecurity element affecting an individual’s role within a cyber system. risk assessment can include baseline assessments of network The use of trust as a human factor in holistic cybersecurity risk protection, but must also include situations in which the assessment relies on an understanding how differing mental network is being used actively. The actual metrics for, say, models, risk postures, and social biases impact the level trust protection of an SQL database containing personal given to an individual and the biases affecting the ability to information (social security numbers, for example) may be give said trust. The Human Factors Ontology illustrates the individual characteristics, situational characteristics, and very different than the metrics needed to be assessed when relationships that influence the trust given to an individual. evaluating risk related to a field operation using radios, Furthering the incorporation of ontologies into the science of walkie talkies or cell phones to convey information. cybersecurity will help decision-makers build the foundation Second, other variables beyond CIA may be the relevant needed for predictive and quantitative risk assessments. risk variables that need to be analyzed in a risk model. Take, for example, a situation in which information being Keywords— cyber security, risk assessment, human factors, used, generated in, or relayed by one network needs to be cyber operations received in a specific time window either for another I. INTRODUCTION operation to begin or so that the information can be used maybe by the human who will receive the information. A. The Holistic Cybersecurity Risk Framework Within a military or other time critical context, the The science of cybersecurity risk assessment has been evaluation goes beyond time to access information; it must reactive, narrow in focus, and based on a business risk include time to act on the accessed information and can assessment approach. More recently, the National Institute include time for completion of actions within a critical time of Science and Technology (NIST) responded to the 2013 window. In this example, time to completion of a task is the “Improving Critical Infrastructure Cybersecurity” Executive critical metric that must be tracked, and so must be Order with the development of the 2014 NIST incorporated into the risk model. Cybersecurity Framework [1,2]. The NIST framework aims Third, humans are a part of virtually all networks, to provide organizations and businesses with best risk whether as users, defenders (and IT personnel) or attackers. management practices that can be implemented to improve All humans can introduce risk into the network, not just the security and resilience of critical infrastructure. NIST attackers, a consideration acknowledged when users are recognizes that risk management is an iterative process of asked how they use the system (and system components) as risk identification, risk assessment, and risk mitigation. part of the NIST risk management and risk assessment While the NIST framework provides businesses and process. Defenders or IT personnel can also increase cyber organizations with a neatly organized account of their risk if they are, for example, less skilled, or tired, or inside cybersecurity efforts, the framework fails to capture the threats. Humans can also reduce risk in a cybersecurity concept that humans are an inherent risk to any system in system. Defenders put in place baseline protections, and which they directly or indirectly participate. then track attacks on the system to assess whether the To go beyond the current risk framework promulgated protections have been breached and what needs to be done by NIST [1,2], risk assessment needs to be more holistic. In to increase system hardening (protections), counteract STIDS 2015 Proceedings Page 26 malware that may have introduced access to the system (or risk, conceived as “the probability that a successful attack otherwise compromised the system and system assets), and occurs”, which clearly fails to account for the mutual repair damage to the system. Users can decrease risk by dependence between profiles of attackers, system being aware of (and not being hooked by) spam or phishing vulnerabilities, level of expertise of the defenders, efforts, ensuring their personal system assets are monetization of information loss resulting from data appropriately protected, and by not downloading infected breaches, etc. In general, a too-coarse representation of risk files or accessing malware-linked websites. Therefore, is a pervasive problem in the state of the art on ontologies of human-dependent metrics must be included in a holistic risk cyber security: it’s the case of [6] and [7] where the in-depth analysis of cyber security. conceptual distinctions adopted to model cyber attacks are A fully predictive cyber security risk assessment model not matched by a corresponding level of detail in defining will take into account humans as risk factors, and as risk cyber threats and risk assessment procedures. mitigators, and will enable the incorporation of metrics that The most popular modeling solution in risk-related go beyond the classic CIA vulnerabilities. In order to ontology research seems to be the reification of risk- develop such a model, we have been characterizing the assessment and threat-quantification into the process of universe of cybersecurity by framing the characteristics, ‘rating’, whose attributes are expressed either qualitatively attributes and, ultimately, metrics that can be use to describe (e.g., by means of high, medium and low dimensions in the the risks associated with any cyber network. The framework Likert scale) or quantitatively (measuring the probability of a has multiple pieces, and metrics that are assessed at different risk). Note that in ontology modeling, reification of levels. properties is commonly adopted as a method to bypass Three main parts to the Cybersecurity Risk Framework language expressivity limits: in RDF, for instance, a relation identifies system level metrics, policy related metrics, and with arity n > 2 can be represented with a statement about asset related metrics. System level metrics are evaluated at those n entities. Thus, for instance, we could represent the the full system level, such as probability of completion of a fact that a set of n cyber vulnerabilities exposes a system to a mission or a system level task. Policy level metrics evaluate certain risk factor, by asserting a risk-rating statement about the risks associated with the policies that govern the those known n vulnerabilities [8]. An alternative approach network and network assets. Asset level metrics are comes from Enterprise Risk Management (ERM), an area evaluated at the asset level, such as metrics to assess risks that concerns the identification, assessment and mitigation of associated with specific machines, a virtual network, or an operational risk: for instance, Lykourentzou and colleagues operating system. One piece of the asset level framework focus on seven subclasses of events, i.e. ‘Failure’, characterizes the Human Factors that introduce or mitigate ‘Infrastructure disruption’, ‘Occupational incident’, ‘Fraud’, risk in a cyber network [3], which is then being incorporated ‘Disaster’, ‘Attack’, binding each of these event types to a into an ontology. One goal of this framework and ontology wide spectrum of ‘Root causes’ and ‘Treatment plans’ to is to identify the factors that contribute to a key aspect of address risk factors [9]. ERM’s approaches can be effective human-related cyber risk, trust. not only to identify risk-related event patterns, but also to elicit the behavioral patterns in the adoption of risk management practices. In this context, ontologies supply an B. An ontological approach to risk modeling axiomatic infrastructure to mental models of risk-related A recent report on quantification of cyber threats patterns. highlights the intrinsic complexity of the cyber domain [4]: The rest of the paper is organized as follows: Section II in this document experts pinpoint the bottleneck of cyber makes the case for a holistic approach to risk in cyber threat assessment on the lack of “standardization and security, introducing the role of trust ontologies; Section III benchmarking of input variables”, as conversely focuses on the Human Factors Ontology (HUFO); finally, accomplished – they add – “by the car insurance industry” Section IV draws preliminary conclusions and sets an agenda (p.16). But if agreeing on the meaning of notions like ‘age’ for future research. and ‘gender’ of drivers, ‘weight’ and ‘year of built’ of cars, ‘claims history’, etc. seems mostly straightforward, specifying the semantics of concepts like ‘system II. RELATED WORK vulnerability’, ‘software usability’, ‘trust’, ‘password strength’, etc. requires advanced technical knowledge, fine- A. Ontologies of cyber security grained modeling primitives, and non-trivial metrics. The U.S faces cyber attacks by rogue states and terrorist Little effort has been put into this standardization organizations on a daily basis. While greatly increased use process. For instance, Fenz and Ekelhart propose an ontology of information systems has contributed enormously to based on four parts, i.e. security and dependability economic growth, it has also made the U.S. vulnerable to a taxonomy, the underlying risk analysis methodology, the variety of cyber threats that are difficult to contrast and concepts of the IT infrastructure domain and a simulation prevent. There are numerous factors that make cyber enabling enterprises to analyze various policy scenarios [5]. defense, and cyber security in general, especially Notwithstanding the comprehensive investigation, the work problematic. The kinds of threats are diverse and span a presented in [5] is affected by an underspecified notion of wide spectrum of private and public interests: destruction or STIDS 2015 Proceedings Page 27 theft of data, interference with computer networks and based on a probabilistic ontology that detects warnings in a information systems, disruption of the power grid and cloud computing environment. A generic service-oriented telecommunications, denial of services, etc. The legal and framework of trust ontologies is described in [18]. A trust ethical status of cyber attacks or counterattacks by states are ontology aiming at improving the semantic specification of also unclear, at least when deaths or permanent destruction trust networks in the context of social institutions and of physical objects does not result. It is still an open ecosystems is discussed in [19]. In [20], the author focuses question what U.S. policy is or should be, and how cyber on six general areas to derive trust for a system, namely threats are analogous to traditional threats and policies—for user, hardware, software, network, machines, and the example whether “first use” deterrence, and in-kind applications, mapping trust associated with each area to responses apply, and whether a policy of pure cyber defense specific attributes. An ontology-based approach to integrate does not put the far greater burden on attacked rather than semantic web based trust networks with provenance attacking nations [10]. information to evaluate and filter a set of assertions is As these arguments suggest, untangling the complexity presented in [21]. In [22], a reference ontology to develop of cyber security does not solely depend on pinning down privacy preserving negotiation systems is delineated. the computational elements into play, but demands a thorough analysis of the human factors involved. In this regard, cyber security must be studied in the context of III. THE HUMAN FACTORS TRUST ONTOLOGY “sociotechnical systems” [11], where the interaction A. The Human Factors Trust Ontology between people and technology in workplace is central. Adopting a standard understanding and definition of Ontology analysis has recently proved to be an effective tool terms and concepts is a foundational requirement for good for investigating the defining aspects of that interaction [12]. cyber security practice, owing to the nature of the space and Informed decisions emerge when a cyber analyst the need for rapid, efficient decision-making. Cyber security projects her observations into a broad context that factors in is an adversarial space, where defenders must project threat and attack types, space of defensive maneuvers, possibilities and be ahead of their opposition in order to be system vulnerabilities, risk assessment and mitigation under successful. Enacting strategies favors selecting a suitable time constraints. Obrst and colleagues [13] provide the most course of action in minimal time over exhaustively systematic description of a wide-ranging ontology of cyber searching [23,24]. Furthermore, the data available is not security, but only a small portion of this large-scale project always straightforward, requiring collection and parsing in is devoted to the human component. Various agencies and order to construct an understanding of the situation(s) at corporations (NIST [1,2], MITRE [14], and Verizon [15]) hand. Numerous sources of relevant information are often have formulated enumerations of types of malware, applicable, including network monitoring tools, logs, system vulnerabilities, and exploitations: MITRE, which has been statuses, and hardware monitors. Analysts are situated at the very active in this field, maintains two dictionaries, namely center of a large-scale data fusion process, identifying and CVE (Common Vulnerabilities and Exposure1) and CWE defining information through patterns and relationships to (Common Weakness Enumeration2) and a classification of perceive the ground truth of the cyber systems and assets attack patterns (CAPEC - Common Attack Pattern they are defending and monitoring [25,26,27]. Once Enumeration and Classification 3 ). Regardless of the collected, the information must be appropriately combined, important issues covered by these initiatives, they have two categorized, and communicated in order to provide a useful major problems: 1) machine-readability is not supported, and accurate picture of the world on which future strategies making them ineffectual as computational models of cyber can be based. Simply stated, cyber defense is heavily security; 2) the human component is mostly overlooked, focused on the human analysts and agents involved in a data making the resulting models partial in scope. fusion and situation awareness process. In order to overcome these problems, in the context of Through processing of data, defenders can draw the Cyber Collaborative Research Alliance we are conclusions and decide how to respond to evolving developing CRATELO, a three-level modular ontology of scenarios. Implicit within the workload is a desire and cyber security. In the next section we are going to describe preference for information that can be trusted, a concept that the general features of CRATELO, focusing on the Human requires a lot of unpacking to properly understand. In fact, Factors Trust Ontology module (HUFO). conceptualizing trust in order to evaluate its role and presence within a system is itself a difficult problem; there are literally hundreds of definitions of trust covering B. Trust ontologies interpersonal trust, trust in automation (system trust), and Ontology-based models of trust have been studied in human-machine interaction [28]. However, that variety only various domains [16]. In [17], the authors propose an strengthens the argument for constructing and supporting an intelligent and dynamic Service Level Agreement (SLA) ontological representation of cyber security. The core similarities of cyber security and the tasks involved are 1 essentially the same [29], which also supports the creation https://cve.mitre.org/ 2 https://cwe.mitre.org/ 3 https://capec.mitre.org/ STIDS 2015 Proceedings Page 28 of a standard ontology. Thus we should be able to describe insider access they possess, denoting when this access is the human factors that influence trust in a way that can be authorized or unauthorized. A person’s situational applicable regardless of the specific cyber environment or characteristics also influence the knowledge they can access organization involved and that will help explicate the role of and may influence the attention they bring to a situation. For trust in risk assessment and evaluation. example, a user who is an executive of a company may have Assessing cyber security risks is a multi-component, significant authorized access to assets but lack the same multi-tiered problem that involves hardware, software, level of attentiveness to security concerns and information environmental, and human factors. Effective and successful that a network analyst possesses. Knowledge and skill efforts must consider impacts beyond the computer assets characteristics call to attention the experience, expertise, and network, taking a more holistic approach that considers and situational awareness capabilities of the individual, the users, defenders, and attackers involved [3]. Exploring including demographics such as years working in a position the differences among human roles and human factors and training as well as their proficiency with relevant tools includes exploring how trust permeates risk assessment, and techniques. Behavioral Characteristics are split into such as trust in information, in people, or in security spaces such as motivation, rationality, malevolence vs. policies. Information is not uniformly trusted and benevolence, and integrity. For example, a defender who is incorporated into situation awareness and defender rational, benevolent, and has a record of following through responses automatically, but it is built over time as those with work and being accountable for his or her involved develop relationships, progress through training, responsibilities will likely exhibit persistence in defending and gain experience [30]. Individuals grow trust in one assets and building appropriate situational awareness. We another through working together, and people gain trust in have expanded the framework to include traits that influence systems as they continue to demonstrate consistent behavior. the behavioral characteristics, including ideology, ethical Previous definitions of trust aggregate characteristics into a attributes, risk averseness, and personality traits. Each of whole sum, including concepts such as competence, these may scale the behavioral characteristics in some benevolence, integrity, predictability, attitude, intention, fashion or serve as the driving force behind a person’s behavior, reliability, dependability, and faith [31] [32] [20]. integrity, benevolence, or rational approach to cyber The human factors trust ontology aims to map these security situations. Collectively, these characteristics and concepts into understood and explicit relationships that tie traits impact the individual’s interactions with mission together risk assessment across the human and human- assets and play a role in determining risk. For example, system interactions within the cyber security space. defender with poor motivation and integrity, insufficient As part of an ongoing development of holistic cyber knowledge, and appropriate insider access can present a security risk assessment, we have been creating a higher risk, whereas an attacker with high motivation and framework that enables predictive and proactive defenses knowledge despite limited insider access also poses higher [33,34,35]. A critical component of this process has been the risk. characterization of human factors, such as trust, and Trust also comes through across these spaces. The mapping the relevant risk attributes to the risk spaces predictability and reliability of an individual generates a involved in cyber security. Overall, this is a process of sense of trust in his or her actions and creates a reputation creating, enumerating, and solidifying risk characteristics for that individual. The expertise and knowledge possessed and factors, and in many cases refining them and relating can instill a faith or confidence in the work a defender will them to the human factors. The latter are broken into three do, and users with sufficient integrity will be trusted to main categories of attacker, defender, and user with a shared follow security policy and not act maliciously within the core of spaces (their behavioral characteristics, knowledge network. In effect, the human factors of trust directly and skill characteristics, situational characteristics, and associates with risk evaluation of cyber situations, and we traits that influence behavior) that create the definition of can explore the relationships across the human factors of each [3]. The framework (see Figure 1) can be navigated cyber security to discover where risk manifests and how from top to bottom, the lower tiers breaking out into the trust is generated and influenced. Integrating the human more specific metrics and concepts that, collectively, factors framework into a cyber security ontology provides a describe and detail these core spaces, which allows for the logical means to explicate relationships both obvious and mapping of attributes to measures and data that can be used unintuitive, follow their connections, and evaluate trust’s to create risk evaluations. presence and impact on the risk present within a given Situational Characteristics focus on where in the network. system/network the individual is positioned and the level of STIDS 2015 Proceedings Page 29 Figure 1 – Trust Framework of Human Factors in Cyber Security. Figure 2 – A visualization of HUFO. has been originally formulated by [39] and subsequently B. HUFO and Trust: an overview formalized in DOLCE ontology [37]. Intuitively, a quality HUFO (see Figure 2 above) is part of CRATELO [36], a corresponds to an individual attribute of a specific entity, as suite of integrated ontologies of cyber security, designed on ‘predictability’ or ‘reliability’ can be considered attributes the basis of DOLCE top level [37], extended with a of ‘trust’; a quality space is the abstract representation of an security-related middle ontology. These top, middle and attribute’s semantics, e.g. a boolean space that denotes the domain level ontologies currently add up to 330 classes, ‘reliable/unreliable’ dichotomy. An important topological connected by 162 relationships (132 object properties and property of quality spaces is that their dimensional structure 30 datatype properties) and encoded in OWL-DL. The can vary. For instance, the ‘reliability space’ can be more logical expressivity of CRATELO is SRIQ, a decidable complex than a bidimensional configuration: in particular, extension of the description logic SHIN (for more details this is the case when reliability is conceptualized as see [38]). probabilistic distribution between maximum reliability The relation holding between the human factors and the (100%) and complete unrealibility (0%). The atomic parts of metrics used to assess them is captured by the semantic a quality space, which collectively denote the range of characterization of ‘qualities’ and ‘quality spaces’, which STIDS 2015 Proceedings Page 30 values used to specify an attribute’s semantics, are called support of risk assessment and risk prioritazion in cyber ‘quality regions’. Note that quality regions of a linear space operations. reduce to points. The semantic model outlined in this paper is only a first, As mentioned above, ‘predictability’ and ‘reliability’ are preliminary step in the process of porting a larger model of conceived in HUFO as components of ‘trust’, a complex the cyber security ecosystem into a computational ontology. factor that is influenced by inherent and external The holistic nature of our approach makes the task characteristics, in combination with measures of human exceptionally challenging and, to the best of our knowledge, performance in a given situation. Hence, trust is not only uniquely systematic in cyber security research. Despite the associated to human characteristics, but emerges as an complex problems we are trying to solve, we’re also essential aspect of sociotechnical systems: the hybrid nature convinced that, in the forward-looking vision of the ARL of trust is particularly evident in the cyber security domain, Cyber Security Collaborative Research Alliance, our where a trustworthy interaction with computer network approach sets a realistic and crucial milestone toward the systems is the ‘conditio sine qua non’ for a foundation of a science of cyber security. defender/attacker to accomplish a mission in cyberspace4. Figure 2 represents an overview of HUFO generated using OWLGrEd5: the purple links represent subsumption ACKNOWLEDGMENTS relationship between classes, whereas the dotted arrows This research was sponsored by the Army Research indicate either the ‘component-of’ or the ‘influenced-by’ Laboratory and was accomplished under Cooperative property (textual labels in the figure disambiguate the Agreement Number W911NF-13-2-0045 (ARL Cyber equivalent graphical notations); classes are depicted as Security CRA). The views and conclusions contained in this yellow boxes, instances as green boxes. The object property document are those of the authors and should not be ‘component of’, holding between attributes and qualities, is interpreted as representing the official policies, either modeled as a generic ‘part-of’ relation [40], whereas the expressed or implied, of the Army Research Laboratory or ‘influenced-by’ relation reflects DOLCE’s characterization the U.S. Government. The U.S. Government is authorized to of general dependence, to highlight the strong connection reproduce and distribute reprints for Government purposes between the assessment (existence) of proper internal and notwithstanding any copyright notation here on. external characteristics and the computation of the derived trust level. Note that objective, subjective, and objective- subjective designate the sorts of metrics that can be BIBLIOGRAPHY predicated to each human factor (represented in Figure 1). [1] Technology, National Institute of Standards and, An objective metric represents characteristics that are based "Framework for Improving Critical Infrastructure in quantifiable and unbiased facts such as highest level of Cybersecurity", Dept. of Commerce, NIST, Ver. 1 education completed. A subjective metric represents 2014. characteristics based in human decision-making and [2] Technology, National Institute of Standards and, assumptions such as political rationality. An objective- "Guide for Conducting Risk Assessments", US Dept. subjective metric represents characteristics that are based in of Commerce, NIST, Special Publication 800-30 fact while also influenced by human decision-making such 2012. as emotional state. These metrics types are modeled as [3] M., Hoffman, B., Kelley, T., and Henshel, D. Cains, instances in HUFO: the use of meta-classes would have "Trust as a Human Factor in Holistic Cyber Security required OWL-Full, which is the undecidable fragment of Risk Assessment", in 6th International Conference on OWL, and therefore unfit for reasoning. Consequently, we Applied Human Factors and Ergonomics (AHFE), opted for modeling the three types of metrics as a collection 2015. of individual instances (range) associated to human factors classes (domain) through the object property ‘has metric’. [4] World Economic, Deloitte Forum. (2015) weforum.org.[Online]. http://www3.weforum.org/docs/WEFUSA_Quantifica IV. CONCLUSIONS AND FUTURE WORK tionofCyberThreats_Report2015.pdf In this paper we examined the effort of building a human [5] S., Ekelhart, A. Fenz, "Formalizing Information factors ontology (HUFO) as part of a broader ontology of Security Knowledg" in the International Symposium cyber security (CRATELO). In particular, we focused on the on Information, Computer, and Communications notion of trust, showing its ties with the inherent and Security (ASIACCS ’09), New York, pp. 183-194. external characteristics of humans interacting with computer [6] D. B., Prakash, M., & Shepherd, M. Lenat, "CYC: networks. In the long term, we envision to apply HUFO in Using Common Sense Knowledge to Overcome Brittleness and Knowledge Acquisition Bottlenecks", 4 This is the case, for instance, when a cyber analyst uses a network-based Artificial Intelligence, vol. 6, no. 4, pp. 65-85, 1985. intrusion prevention system (or NIPS) to monitor and protect a given [7] A., Lenne, D., Debray, B. Assali, "Ontology network environment from cyber attacks. Development for Industrial Risk Analysis", in IEEE 5 http://owlgred.lumii.lv/ STIDS 2015 Proceedings Page 31 International Conference on Information & Computation: Theory and Applications VIII, 2014. Communication Technologies: from Theory to [21] J., Parsia, B. Goldbeck, "Trust network-based filtering Applications., Damascus, 2008. of aggregated claims", International Journal of [8] B. McBride, "Jena: Implementing the RDF Model and Metadata, Semantics and Ontologies , vol. 1, no. 1, Syntax Specification", in SemWeb, Chicago, 2001. pp. 58-65, 2006. [9] I. , Papadaki, K. Lykourentzou and A., Djaghloul, Y., [22] A.C., Bertino, E. Ferrari Squicciarini, "Achieving Latour, T., Charalabis, I., Kapetanios, privacy in trust negotiations with an ontology based E. Kalliakmanis, "Ontology-based Operational Risk approach", IEEE Transactions on Dependable and Management", in 13th Conference on Commerce and Secure Computing, vol. 3, no. 1, pp. 13-30, Jan-Mar Enterprise Computing (CEC). 2006. [10] R. Dipert, "The Essential Features of an Ontology for [23] G. A. Klein, "Recognition-primed-decision". In W.B. Cyber Warfare", in Conflict and Cooperation in Rouse (Ed.), Advances of Machine-System Reserch. Cyberspace: The Challenge to National Security, A. Greenwich, CT: JAI Press, 1989, vol. 5, pp. 47-92. Lowther and P. Yannakogeorgos, Eds.: Air Force [24] G.A., Calderwood, R., & Clinton-Cirocco, A. Klein, Press (by Taylor & Francis), 2013. "Rapid decision making on the fire ground", in [11] K. B. De Greene, Sociotechnical systems: factors in Human Factors Society 30th Annual Meeting, pp. analysis, design, and management.: Prentice-Hall, 576-580. 1973. [25] E. Blasch, "Introduction to Level 5 Fusion: the Role of [12] N. Guarino, E. Bottazzi, R. Ferrario, and G. Sartor, the User", in Handbook of Multisensor Data Fusion, "Open Ontology-Driven Sociotechnical Systems: D. Hall, and J. Llinas. M. E. Liggins, Ed.: CRC Press, Transparency as a Key for Business Resiliency", in 2008, pp. 503-535, . Information Systems: Crossroads for Organization, [26] N. A. Giacobe, "Application of the JDL Data Fusion Management, Accounting and Engineering, 2012, pp. Process Model for Cyber Security" , 2010. 535-542. [27] E.P., Breton, R., and Valin, P. Blasch, "User [13] L. Obrst, P. Chase, and R. Markeloff, "Developing an Information Fusion Decision Making Analysis with Ontology of the Cyber Security Domain", in STIDS the C-OODA Model", in 14th International 2012, Fairfax, VA, 2012. Conference on Information Fusion, 2011, pp. 2082- [14] MITRE. Common Malware Enumeration list. 2089. [Online]. http://cme.mitre.org/data/list.html [28] D. R. Billings, K. E. Schaefer, N. Llorens, and P. A. [15] Verizon. (2015) Data Breach Investigation Report. Hancock, "What Is Trust? Defining the Construct [Online]. Across Domains", in American Psychological http://www.verizonenterprise.com/DBIR/2015/?utm_s Association Conference (Division 21), Orlando, FL, ource=pr&utm_medium=pr&utm_campaign=dbir201 2012. 5 [29] A., Whitley, K. D'Amico, "The real work of computer [16] L. Viljanen, "Towards an Ontology of Trust", in Trust, network defense analysts," in Workshop on Privacy, and Security in Digital Business. Berlin- Visualization for Computer Security, 2008, pp. 19-37. Heidelberg: Springer-Verlag, 2005, vol. 3592, pp. [30] A. Jøsang, J. Dezert, P.C.G. Costa, and A.-L. 175–184. Jousselme. E. Blasch, "URREF self-confidence in [17] O, Hafid, A. and M.A. Serhani Jules, "Bayesian information fusion trust", in In 17th International network, and probabilistic ontology driven trust model Conference on Information Fusion (FUSION’2014), for sla management of cloud services", in 3rd IEEE Salamanca, Spain, 2014, pp. 1-8, . International Conference on Cloud Networking, 2014. [31] D.H., and Chervany, N.L. McKnight, "Trust in Cyber- [18] E., Dillon, T. S., Hussain, F. Chang, "Trust ontologies societies: Integrating the Human and Artificial for e-service environments", International Journal of Perspectives", in Lecture Notes in Computer Science, Intelligent Systems, vol. 22, pp. 519-545, 2007. M. Singh, Y.-H. Tan R. Falcone, Ed. New York: [19] N. and Matskin, M. I, pages Papeete, France, 4-9 Nov. Springer, 2001, pp. 27-54, . 2007. Dokoohaki, "Structural determination of [32] B., Moray, N. Muir, "Trust in automation: Part II. ontology-driven trust networks in semantic social Experimental studies of trust and human Intervention institutions and ecosystems", in International in a process control simulation", Ergonomics, vol. 39, Conference on Mobile Ubiquitous Computing, no. 3, pp. 429-460, 1996. Systems, Services and Technologies, 2007, pp. 263– [33] D.S. Henshel, A. Alexeev, P. Rajivan M.G. Cains, 268. "Human Actors’ Roles in Holistic Cyber Security Risk [20] E. Blasch, "Trust metrics in information fusion", in Assessment", in World Congress on Risk , Singapore, SPIE 9119 - Machine Intelligence and Bio-inspired 2015. STIDS 2015 Proceedings Page 32 [34] A. Alexeev, M.G. Cains, P. Rajivan. D.S. Henshel, "Risk Parameters in Holistic Cyber Security Risk Assessment", in World Congress on Risk , Singapore, 2015. [35] D. S. Henshel M.G. Cains, "Holistic Cyber Security Risk Assessment", in Society for Risk Analysis, Denver, Denver (CO), 2014. [36] Oltramari, A., Cranor, L.F, Walls, R., McDaniel, P., "Building an Ontology of Cyber Security", in STIDS 2014 (9th International Conference on Semantic Technology for Intelligence, Defense, and Security, 2014. [37] Masolo, C., Borgo, S., Gangemi, A., Guarino, N., Oltramari, A., Schneider, L., "The WonderWeb Library of Foundational Ontologies and the DOLCE ontology," Laboratory For Applied Ontology, ISTC- CNR, Technical Report 2002. [38] Kutz, O., Lücke,D., and Mossakowski, T., "Heterogeneously Structured Ontologies—Integration, Connection, and Refinement", in Knowledge Representation Ontology. Workshop, 2008, pp. 41-50. [39] Gärdenfors, P. "Conceptual Spaces: The Geometry of Thought", p. 2004. [40] Simons, P. "Parts: a study on ontology" , 1987. STIDS 2015 Proceedings Page 33