Andreas Ekelhart

Andreas Ekelhartis senior researcher and project manager at SBA Research.

  • E-Mail
  • Phone: +43 (1) 505 36 88
  • Fax: +43 (1) 505 88 88
  • PGP Fingerprint: C333 B2B0 93E7 6878 A1F8 185E 588B 1E85 0D44 4C88

Research Interest

His research interests include semantic applications, agent-based modeling and simulation, and applied concepts of IT security with a focus on information security risk management.

Bio

He received a master’s degree in Business Informatics and a master’s degree in Software Engineering & Internet Computing from the TU Wien. He completed his Ph.D. in Computer Science at the Institute of Software Technology and Interactive Systems at the TU Wien.After graduating, Andreas worked as project assistant at the TU Wien and project manager for software development with Security Research. He is a member of the International Information Systems Security Certification Consortium (ISC2) and holds various industrial certifications including CISSP, CSSLP, MCPD, and MCSD.

Top Publications:

  • Security aspects in Semantic Web Services Filtering (2007)
    • INPROCEEDINGS--
    • Witold Abramowicz and Andreas Ekelhart and Stefan Fenz and Monika Kaczmarek and A Min Tjoa and Edgar R. Weippl and Dominik Zyskowski
    • Proceedings of the 9th International Conference on Information Integration and Web-based Applications and Services (iiWAS2007)
    @INPROCEEDINGS{Abramowicz_Securityaspectsin_2007,
       author = {Witold Abramowicz and Andreas Ekelhart and Stefan Fenz and Monika Kaczmarek and {A Min} Tjoa and {Edgar R.} Weippl and Dominik Zyskowski},
       title = {Security aspects in Semantic Web Services Filtering},
       booktitle = {Proceedings of the 9th International Conference on Information Integration and Web-based Applications and Services (iiWAS2007)},
       year = {2007},
       month = {1},
       pdf = {https://www.sba-research.org/wp-content/uploads/publications/2007 - Abramowicz - Security Aspects in Semantic Web Services Filtering.pdf},
       volume = {229},
       pages = {21--31},
       publisher = {Austrian Computer Society},
    }
  • Ontologiebasiertes IT Risikomanagement (2009)
    • INPROCEEDINGS--
    • Andreas Ekelhart and Stefan Fenz and Thomas Neubauer
    • D.A.CH Security 2009
    @INPROCEEDINGS{Ekelhart2009Ontologiebasiertes,
       author = {Andreas Ekelhart and Stefan Fenz and Thomas Neubauer},
       title = {Ontologiebasiertes IT Risikomanagement},
       booktitle = {D.A.CH Security 2009},
       year = {2009},
       month = {1},
       pdf = {https://www.sba-research.org/wp-content/uploads/publications/2009 - Ekelhart - Ontologiebasiertes IT Risikomanagement.pdf},
       pages = {14--24},
       publisher = {Syssec},
    }
  • Komplexe Systeme, heterogene Angreifer und vielfältige Abwehrmechanismen: Simulationsbasierte Entscheidungsunterstützung im IT-Sicherheitsmanagement (2014)
    • INPROCEEDINGS--
    • Andreas Ekelhart and Bernhard Grill and Elmar Kiesling and Christine Strauss and Christian Stummer
    • Lecture Notes in Informatics {GI-Edition}
    @INPROCEEDINGS{Ekelhart2014Komplexe,
       author = {Andreas Ekelhart and Bernhard Grill and Elmar Kiesling and Christine Strauss and Christian Stummer},
       title = {Komplexe Systeme,
       heterogene Angreifer und vielfältige Abwehrmechanismen: Simulationsbasierte Entscheidungsunterstützung im IT-Sicherheitsmanagement},
       booktitle = {Lecture Notes in Informatics {GI-Edition}},
       year = {2014},
       month = {0},
       pdf = {https://www.sba-research.org/wp-content/uploads/publications/Main.pdf},
    }
  • Integrating attacker behavior in IT security analysis: a discrete-event simulation approach (2015)
    • ARTICLE--
    • Andreas Ekelhart and Elmar Kiesling and Bernhard Grill and Christine Strauss and Christian Stummer
    • Information Technology and Management
    @ARTICLE{Ekelhart2015Integrating,
       author = {Andreas Ekelhart and Elmar Kiesling and Bernhard Grill and Christine Strauss and Christian Stummer},
       title = {Integrating attacker behavior in IT security analysis: a discrete-event simulation approach},
       journal = {Information Technology and Management},
       year = {2015},
       month = {6},
       pdf = {http://link.springer.com/article/10.1007/s10799-015-0232-6},
    }
  • Architectural approach for handling semi-structured data in a user-centered working environment (2007)
    • ARTICLE--
    • Andreas Ekelhart and Stefan Fenz and Gernot Goluch and Markus Klemen and Edgar R. Weippl
    • International Journal of Web Information Systems
    @ARTICLE{Ekelhart_Architecturalapproachhandling_2007,
       author = {Andreas Ekelhart and Stefan Fenz and Gernot Goluch and Markus Klemen and {Edgar R.} Weippl},
       title = {Architectural approach for handling semi-structured data in a user-centered working environment},
       journal = {International Journal of Web Information Systems},
       year = {2007},
       month = {1},
       pdf = {https://www.sba-research.org/wp-content/uploads/publications/2007 - Ekelhart - Architectural Approach for Handling Semi-Structured Data in a User-Centered Working Environment.pdf},
       volume = {3},
       pages = {198--211},
    }
  • AURUM: A Framework for Supporting Information Security Risk Management (2009)
    • INPROCEEDINGS--
    • Andreas Ekelhart and Stefan Fenz and Thomas Neubauer
    • Proceedings of the 42nd Hawaii International Conference on System Sciences, HICSS2009
    @INPROCEEDINGS{Ekelhart_AURUMFrameworkSupporting_2009,
       author = {Andreas Ekelhart and Stefan Fenz and Thomas Neubauer},
       title = {AURUM: A Framework for Supporting Information Security Risk Management},
       booktitle = {Proceedings of the 42nd Hawaii International Conference on System Sciences,
       HICSS2009},
       year = {2009},
       month = {1},
       pdf = {https://www.sba-research.org/wp-content/uploads/publications/2009 - Ekelhart - AURUM A Framework for Information Security Risk Management.pdf},
       pages = {1--10},
       publisher = {IEEE Computer Society},
    }
  • Automated Risk and Utility Management (2009)
    • INPROCEEDINGS--
    • Andreas Ekelhart and Thomas Neubauer and Stefan Fenz
    • 2009 Sixth International Conference on Information Technology: New Generations
    @INPROCEEDINGS{Ekelhart_AutomatedRiskand_2009,
       author = {Andreas Ekelhart and Thomas Neubauer and Stefan Fenz},
       title = {Automated Risk and Utility Management},
       booktitle = {2009 Sixth International Conference on Information Technology: New Generations},
       year = {2009},
       month = {1},
       pdf = {https://www.sba-research.org/wp-content/uploads/publications/2009 - Ekelhart - Automated Risk and Utility Management.pdf},
       pages = {393-398},
       publisher = {IEEE Computer Society},
    }
  • Formal threat descriptions for enhancing governmental risk assessment (2007)
    • INPROCEEDINGS--
    • Andreas Ekelhart and Stefan Fenz and Thomas Neubauer and Edgar R. Weippl
    • Proceedings of the First International Conference on Theory and Practice of Electronic Governance
    @INPROCEEDINGS{Ekelhart_Formalthreatdescriptions_2007,
       author = {Andreas Ekelhart and Stefan Fenz and Thomas Neubauer and {Edgar R.} Weippl},
       title = {Formal threat descriptions for enhancing governmental risk assessment},
       booktitle = {Proceedings of the First International Conference on Theory and Practice of Electronic Governance},
       year = {2007},
       month = {1},
       pdf = {https://www.sba-research.org/wp-content/uploads/publications/2007 Ekelhart - Formal Threat Descriptions for Enhancing Governmental Risk Assessment.pdf},
       volume = {232},
       pages = {40--43},
       publisher = {ACM},
       acm = {933612},
    }
  • Ontological Mapping of Common Criterias Security Assurance Requirements (2007)
    • INPROCEEDINGS--
    • Stefan Fenz and Edgar R. Weippl and Andreas Ekelhart and Gernot Goluch
    • New Approaches for Security, Privacy and Trust in Complex Environments, Proceedings of the IFIP TC 11 22nd International Information Security Conference, IFIPSEC2007, May 14-16
    @INPROCEEDINGS{Ekelhart_OntologicalMappingof_2007,
       author = {Stefan Fenz and {Edgar R.} Weippl and Andreas Ekelhart and Gernot Goluch},
       title = {Ontological Mapping of Common Criterias Security Assurance Requirements},
       booktitle = {New Approaches for Security,
       Privacy and Trust in Complex Environments,
       Proceedings of the IFIP TC 11 22nd International Information Security Conference,
       IFIPSEC2007,
       May 14-16},
       year = {2007},
       month = {5},
       abstract = {The Common Criteria (CC) for Information Technology Security Evaluation provides comprehensive guidelines for the evaluation and certification of IT security regarding data security and data privacy. Due to the very complex and time-consuming certification process a lot of companies abstain from a CC certification. We created the CC Ontology tool,
       which is based on an ontological representation of the CC catalog,
       to support the evaluator at the certification process. Tasks such as the planning of an evaluation process,
       the review of relevant documents or the creating of reports are supported by the CC Ontology tool. With the development of this tool we reduce the time and costs needed to complete a certification.},
       volume = {232_2007},
       pages = {85-95},
       publisher = {International Federation for Information Processing ,
      },
       note = {978-0-387-72366-2},
    }
    The Common Criteria (CC) for Information Technology Security Evaluation provides comprehensive guidelines for the evaluation and certification of IT security regarding data security and data privacy. Due to the very complex and time-consuming certification process a lot of companies abstain from a CC certification. We created the CC Ontology tool, which is based on an ontological representation of the CC catalog, to support the evaluator at the certification process. Tasks such as the planning of an evaluation process, the review of relevant documents or the creating of reports are supported by the CC Ontology tool. With the development of this tool we reduce the time and costs needed to complete a certification.
  • Ontologiebasiertes IT Risikomanagement (2009)
    • INPROCEEDINGS-true
    • Stefan Fenz and Andreas Ekelhart and Thomas Neubauer
    • D.A.CH Security 2009
    @INPROCEEDINGS{Ekelhart_OntologiebasiertesITRisikomanagement_2009,
       author = {Stefan Fenz and Andreas Ekelhart and Thomas Neubauer},
       authorhotlist = {true},
       title = {Ontologiebasiertes IT Risikomanagement},
       booktitle = {D.A.CH Security 2009},
       year = {2009},
       month = {1},
       abstract = {Informationssicherheitsrisikomanagement (Information Security Risk Management,
       ISRM) stellt einen effizienten Zugang zur Bewertung,
       Verringerung und Evaluierung von Informationssicherheitsrisiken dar. Bereits bestehende ISRM-Ans{\"a}tze sind weitgehend akzeptiert,
       setzen jedoch sehr detailliertes Informationssicherheitswissen und genaue Kenntnisse des tats{\"a}chlichen Unternehmensumfeldes voraus. Die inad{\"a}quate Umsetzung von ISRM gef{\"a}hrdet die planm{\"a}{\ss}ige Umsetzung der Unternehmensstrategie und kann zu einer Minderung des Unternehmenswertes f{\"u}hren. Der vorliegende Beitrag pr{\"a}sentiert das AURUM Tool,
       welches die Schwachstellen bestehender Ans{\"a}tze adressiert und Entscheidungstr{\"a}ger bei der Auswahl eines effizienten IT-Sicherheitsportfolios unter Ber{\"u}cksichtigung organisationsspezifischer,
       technischer und wirtschaftlicher Anforderungen unterst{\"u}tzt.},
       pdf = {https://www.sba-research.org/wp-content/uploads/publications/2009 - Ekelhart - Ontologiebasiertes IT Risikomanagement.pdf},
       pages = {14-24},
       publisher = {Syssec},
    }
    Informationssicherheitsrisikomanagement (Information Security Risk Management, ISRM) stellt einen effizienten Zugang zur Bewertung, Verringerung und Evaluierung von Informationssicherheitsrisiken dar. Bereits bestehende ISRM-Ans{\"a}tze sind weitgehend akzeptiert, setzen jedoch sehr detailliertes Informationssicherheitswissen und genaue Kenntnisse des tats{\"a}chlichen Unternehmensumfeldes voraus. Die inad{\"a}quate Umsetzung von ISRM gef{\"a}hrdet die planm{\"a}{\ss}ige Umsetzung der Unternehmensstrategie und kann zu einer Minderung des Unternehmenswertes f{\"u}hren. Der vorliegende Beitrag pr{\"a}sentiert das AURUM Tool, welches die Schwachstellen bestehender Ans{\"a}tze adressiert und Entscheidungstr{\"a}ger bei der Auswahl eines effizienten IT-Sicherheitsportfolios unter Ber{\"u}cksichtigung organisationsspezifischer, technischer und wirtschaftlicher Anforderungen unterst{\"u}tzt.
  • Ontology-based Business Knowledge for Simulating Threats to Corporate Assets (2006)
    • INPROCEEDINGS--
    • Andreas Ekelhart and Stefan Fenz and Markus Klemen and A Min Tjoa and Edgar R. Weippl
    • Practical Aspects of Knowledge Management, 6th International Conference, PAKM 2006
    @INPROCEEDINGS{Ekelhart_OntologybasedBusinessKnowledge_2006,
       author = {Andreas Ekelhart and Stefan Fenz and Markus Klemen and {A Min} Tjoa and {Edgar R.} Weippl},
       title = {Ontology-based Business Knowledge for Simulating Threats to Corporate Assets},
       booktitle = {Practical Aspects of Knowledge Management,
       6th International Conference,
       PAKM 2006},
       year = {2006},
       month = {12},
       pdf = {https://www.sba-research.org/wp-content/uploads/publications/2006 - Ekelhart - Ontology-based Business Knowledge for Simulating Threats to Corporate Assets.pdf},
       volume = {4333_2006},
       pages = {37--48},
       publisher = {Springer Berlin Heidelberg},
    }
  • Ontology-based Decision Support for Information Security Risk Management (2009)
    • INPROCEEDINGS--
    • Andreas Ekelhart and Stefan Fenz and Thomas Neubauer
    • International Conference on Systems, 2009. ICONS 2009.
    @INPROCEEDINGS{Ekelhart_OntologybasedDecisionSupport_2009,
       author = {Andreas Ekelhart and Stefan Fenz and Thomas Neubauer},
       title = {Ontology-based Decision Support for Information Security Risk Management},
       booktitle = {International Conference on Systems,
       2009. ICONS 2009.},
       year = {2009},
       month = {3},
       abstract = {As eBusiness and eCommerce applications are increasingly exposed to a variety of information security threats,
       corporate decision makers are increasingly forced to pay attention to security issues. Risk management provides an effective approach for measuring the security but existing risk management approaches come with major shortcomings such as the demand for very detailed knowledge about the IT security domain and the actual company environment. This paper presents the implementation of the AURUM methodology into a software solution which addresses the identified shortcomings of existing information security risk management software solutions. Thereby,
       the presented approach supports decision makers in risk assessment,
       risk mitigation,
       and safeguard evaluation.},
       pdf = {https://www.sba-research.org/wp-content/uploads/publications/2009 - Ekelhart - Ontology-based Decision Support for Information Security Risk Management.pdf},
       pages = {80-85},
       publisher = {IEEE Computer Society},
    }
    As eBusiness and eCommerce applications are increasingly exposed to a variety of information security threats, corporate decision makers are increasingly forced to pay attention to security issues. Risk management provides an effective approach for measuring the security but existing risk management approaches come with major shortcomings such as the demand for very detailed knowledge about the IT security domain and the actual company environment. This paper presents the implementation of the AURUM methodology into a software solution which addresses the identified shortcomings of existing information security risk management software solutions. Thereby, the presented approach supports decision makers in risk assessment, risk mitigation, and safeguard evaluation.
  • Security Issues for the Use of Semantic Web in e-Commerce (2007)
    • INPROCEEDINGS--
    • Andreas Ekelhart and Stefan Fenz and A Min Tjoa and Edgar R. Weippl
    • Business Information Systems, 10th International Conference on Business Information Systems, BIS 2007
    @INPROCEEDINGS{Ekelhart_SecurityIssuesUse_2007,
       author = {Andreas Ekelhart and Stefan Fenz and {A Min} Tjoa and {Edgar R.} Weippl},
       title = {Security Issues for the Use of Semantic Web in e-Commerce},
       booktitle = {Business Information Systems,
       10th International Conference on Business Information Systems,
       BIS 2007},
       year = {2007},
       month = {4},
       pdf = {https://www.sba-research.org/wp-content/uploads/publications/2007 - Ekelhart - Security Issues for the Use of Semantic Web in e-Commerce.pdf},
       pages = {1--13},
       publisher = {Springer Berlin Heidelberg},
    }
  • Security Ontologies: Improving Quantitative Risk Analysis (2007)
    • INPROCEEDINGS--
    • Andreas Ekelhart and Stefan Fenz and Markus Klemen and Edgar R. Weippl
    • Proceedings of the 40th Hawaii International Conference on System Sciences, HICSS2007
    @INPROCEEDINGS{Ekelhart_SecurityOntologiesImproving_2007,
       author = {Andreas Ekelhart and Stefan Fenz and Markus Klemen and {Edgar R.} Weippl},
       title = {Security Ontologies: Improving Quantitative Risk Analysis},
       booktitle = {Proceedings of the 40th Hawaii International Conference on System Sciences,
       HICSS2007},
       year = {2007},
       month = {1},
       pdf = {https://www.sba-research.org/wp-content/uploads/publications/2007 - Ekelhart - Security Ontologies Improving Quantitative Risk Analysis.pdf},
       pages = {156--162},
       publisher = {IEEE Computer Society},
    }
  • Security Ontology: Simulating Threats to Corporate Assets (2006)
    • INPROCEEDINGS--
    • Andreas Ekelhart and Stefan Fenz and Markus Klemen and Edgar R. Weippl
    • Second International Conference on Information Systems Security (ICISS 2006)
    @INPROCEEDINGS{Ekelhart_SecurityOntologySimulating_2006,
       author = {Andreas Ekelhart and Stefan Fenz and Markus Klemen and {Edgar R.} Weippl},
       title = {Security Ontology: Simulating Threats to Corporate Assets},
       booktitle = {Second International Conference on Information Systems Security (ICISS 2006)},
       year = {2006},
       month = {12},
       pdf = {https://www.sba-research.org/wp-content/uploads/publications/2006 - Ekelhart - Security Ontology Simulating Threats to Corporate Assets.pdf},
       volume = {4332_2006},
       pages = {249--259},
       publisher = {Springer Berlin Heidelberg},
    }
  • XML Security - A comparative literature review (2008)
    • ARTICLE--
    • Stefan Fenz and Edgar R. Weippl and Andreas Ekelhart and Gernot Goluch and Markus Steinkellner
    • Journal of Systems and Software
    @ARTICLE{Ekelhart_XMLSecurity_2008,
       author = {Stefan Fenz and {Edgar R.} Weippl and Andreas Ekelhart and Gernot Goluch and Markus Steinkellner},
       title = {XML Security - A comparative literature review},
       journal = {Journal of Systems and Software},
       year = {2008},
       month = {1},
       volume = {81},
       pages = {1715-1724},
       note = {ISSN: 0164-1212},
    }
  • Information Security Risk Management: In which security solutions is it worth investing? (2011)
    • ARTICLE--
    • Stefan Fenz and Andreas Ekelhart and Thomas Neubauer
    • Communications of the Association for Information Systems
    @ARTICLE{Fenz2011a,
       author = {Stefan Fenz and Andreas Ekelhart and Thomas Neubauer},
       title = {Information Security Risk Management: In which security solutions is it worth investing?},
       journal = {Communications of the Association for Information Systems},
       year = {2011},
       month = {5},
       pdf = {https://www.sba-research.org/wp-content/uploads/publications/2011 - Fenz - Information Security Risk Management In Which Security Solutions Is It Worth Investing.pdf},
       volume = {28},
       pages = {329-356},
    }
  • Business Process-based Resource Importance Determination (2009)
    • INPROCEEDINGS--
    • Stefan Fenz and Andreas Ekelhart and Thomas Neubauer
    • Proceedings of the 7th International Conference on Business Process Management (BPM 2009)
    @INPROCEEDINGS{Fenz_BusinessProcessbasedResource_2009,
       author = {Stefan Fenz and Andreas Ekelhart and Thomas Neubauer},
       title = {Business Process-based Resource Importance Determination},
       booktitle = {Proceedings of the 7th International Conference on Business Process Management (BPM 2009)},
       year = {2009},
       month = {1},
       abstract = {Information security risk management (ISRM) heavily depends on realistic impact values representing the resources importance in the overall organizational context. Although a variety of ISRM approaches have been proposed,
       well-founded methods that provide an answer to the following question are still missing: How can business processes be used to determine resources importance in the overall organizational context? We answer this question by measuring the actual importance level of resources based on business processes. Therefore,
       this paper presents our novel business process-based resource importance determination method which provides ISRM with an efficient and powerful tool for deriving realistic resource importance figures solely from existing business processes. The conducted evaluation has shown that the calculation results of the developed method comply to the results gained in traditional workshop-based assessments.},
       pages = {113-127},
       publisher = {Springer},
       note = {accepted for publication},
    }
    Information security risk management (ISRM) heavily depends on realistic impact values representing the resources importance in the overall organizational context. Although a variety of ISRM approaches have been proposed, well-founded methods that provide an answer to the following question are still missing: How can business processes be used to determine resources importance in the overall organizational context? We answer this question by measuring the actual importance level of resources based on business processes. Therefore, this paper presents our novel business process-based resource importance determination method which provides ISRM with an efficient and powerful tool for deriving realistic resource importance figures solely from existing business processes. The conducted evaluation has shown that the calculation results of the developed method comply to the results gained in traditional workshop-based assessments.
  • Formalizing Information Security Knowledge (2009)
    • INPROCEEDINGS--
    • Stefan Fenz and Andreas Ekelhart
    • Proceedings of the 4th ACM Symposium on Information, Computer, and Communications Security
    @INPROCEEDINGS{Fenz_FormalizingInformationSecurity_2009,
       author = {Stefan Fenz and Andreas Ekelhart},
       title = {Formalizing Information Security Knowledge},
       booktitle = {Proceedings of the 4th ACM Symposium on Information,
       Computer,
       and Communications Security},
       year = {2009},
       month = {1},
       abstract = {Unified and formal knowledge models of the information security domain are fundamental requirements for supporting and enhancing existing risk management approaches. This paper describes a security ontology which provides an ontological structure for information security domain knowledge. Besides existing best-practice guidelines such as the German IT Grundschutz Manual also concrete knowledge of the considered organization is incorporated. An evaluation conducted by an information security expert team has shown that this knowledge model can be used to support a broad range of information security risk management approaches.},
       pages = {183-194},
       publisher = {ACM},
       note = {978-1-60558-394-5},
    }
    Unified and formal knowledge models of the information security domain are fundamental requirements for supporting and enhancing existing risk management approaches. This paper describes a security ontology which provides an ontological structure for information security domain knowledge. Besides existing best-practice guidelines such as the German IT Grundschutz Manual also concrete knowledge of the considered organization is incorporated. An evaluation conducted by an information security expert team has shown that this knowledge model can be used to support a broad range of information security risk management approaches.
  • Fortification of IT security by automatic security advisory processing (2008)
    • INPROCEEDINGS--
    • Stefan Fenz and Edgar R. Weippl and Andreas Ekelhart
    • Proceedings of the 22nd International Conference on Advanced Information Networking and Applications, AINA2008
    @INPROCEEDINGS{Fenz_FortificationofIT_2008,
       author = {Stefan Fenz and {Edgar R.} Weippl and Andreas Ekelhart},
       title = {Fortification of IT security by automatic security advisory processing},
       booktitle = {Proceedings of the 22nd International Conference on Advanced Information Networking and Applications,
       AINA2008},
       year = {2008},
       month = {3},
       abstract = {The past years have seen the rapid increase of security related incidents in the field of information technology. IT infrastructures in the commercial as well as in the governmental sector are becoming evermore heterogeneous which increases the complexity of handling and maintaining an adequate security level. Especially organizations which are hosting and processing highly sensitive data are obligated to establish a holistic company-wide security approach. We propose a novel security concept to reduce this complexity by automatic assessment of security advisories. A central entity collects vulnerability information from various sources,
       converts it into a standardized and machine-readable format and distributes it to its subscribers. The subscribers are then able to automatically map the vulnerability information to the ontological stored infrastructure data to visualize newly-discovered software vulnerabilities. The automatic analysis of vulnerabilities decreases response times and permits precise response to new threats and vulnerabilities,
       thus decreasing the administration complexity and increasing the IT security level.},
       pages = {575-582},
       publisher = {IEEE Computer Society},
    }
    The past years have seen the rapid increase of security related incidents in the field of information technology. IT infrastructures in the commercial as well as in the governmental sector are becoming evermore heterogeneous which increases the complexity of handling and maintaining an adequate security level. Especially organizations which are hosting and processing highly sensitive data are obligated to establish a holistic company-wide security approach. We propose a novel security concept to reduce this complexity by automatic assessment of security advisories. A central entity collects vulnerability information from various sources, converts it into a standardized and machine-readable format and distributes it to its subscribers. The subscribers are then able to automatically map the vulnerability information to the ontological stored infrastructure data to visualize newly-discovered software vulnerabilities. The automatic analysis of vulnerabilities decreases response times and permits precise response to new threats and vulnerabilities, thus decreasing the administration complexity and increasing the IT security level.
  • Information Security Fortification by Ontological Mapping of the ISO IEC 27001 Standard (2007)
    • INPROCEEDINGS--
    • Stefan Fenz and Edgar R. Weippl and Andreas Ekelhart and Gernot Goluch and Bernhard Riedl
    • Proceedings of the 13th Pacific Rim International Symposium on Dependable Computing, PRDC2007
    @INPROCEEDINGS{Fenz_InformationSecurityFortification_2007,
       author = {Stefan Fenz and {Edgar R.} Weippl and Andreas Ekelhart and Gernot Goluch and Bernhard Riedl},
       title = {Information Security Fortification by Ontological Mapping of the ISO IEC 27001 Standard},
       booktitle = {Proceedings of the 13th Pacific Rim International Symposium on Dependable Computing,
       PRDC2007},
       year = {2007},
       month = {12},
       pages = {381-388},
       publisher = {IEEE Computer Society},
       note = {0-7695-3054-0},
    }
  • Semantic Potential of existing Security Advisory Standards (2008)
    • INPROCEEDINGS--
    • Stefan Fenz and Andreas Ekelhart and Edgar R. Weippl
    • Proceedings of the FIRST2008 Conference
    @INPROCEEDINGS{Fenz_SemanticPotentialof_2008,
       author = {Stefan Fenz and Andreas Ekelhart and {Edgar R.} Weippl},
       title = {Semantic Potential of existing Security Advisory Standards},
       booktitle = {Proceedings of the FIRST2008 Conference},
       year = {2008},
       month = {1},
       pdf = {https://www.sba-research.org/wp-content/uploads/publications/2008 - Fenz - Semantic Potential of Existing Security Advisory Standards.pdf},
    }
  • Verification, Validation, and Evaluation in Information Security Risk Management (2010)
    • ARTICLE--
    • Stefan Fenz and Andreas Ekelhart
    • IEEE Security and Privacy
    @ARTICLE{Fenz_Verification_Validation_and_Ev_2010,
       author = {Stefan Fenz and Andreas Ekelhart},
       title = {Verification,
       Validation,
       and Evaluation in Information Security Risk Management},
       journal = {IEEE Security and Privacy},
       year = {2010},
       month = {11},
       volume = {8},
       pages = {18-25},
       publisher = {IEEE Computer Society},
    }
  • CASSIS - Computer-based Academy for Security and Safety in Information Systems (2007)
    • INPROCEEDINGS--
    • Gernot Goluch and Andreas Ekelhart and Stefan Fenz and Stefan Jakoubi and Bernhard Riedl and Simon Tjoa
    • Proceedings of the 2nd Conference on Availability, Reliability and Security, ARES2007
    @INPROCEEDINGS{Goluch_CASSISComputerbased_2007,
       author = {Gernot Goluch and Andreas Ekelhart and Stefan Fenz and Stefan Jakoubi and Bernhard Riedl and Simon Tjoa},
       title = {CASSIS - Computer-based Academy for Security and Safety in Information Systems},
       booktitle = {Proceedings of the 2nd Conference on Availability,
       Reliability and Security,
       ARES2007},
       year = {2007},
       month = {4},
       pdf = {https://www.sba-research.org/wp-content/uploads/publications/2007 - Goluch - CASSIS.pdf},
       pages = {730--740},
       publisher = {IEEE Computer Society},
    }
  • Integration of an Ontological Information Security Concept in Risk Aware Business Process Management (2008)
    • INPROCEEDINGS--
    • Stefan Fenz and Andreas Ekelhart and Gernot Goluch and Simon Tjoa and Stefan Jakoubi and Thomas Mueck
    • Proceedings of the 41st Hawaii International Conference on System Sciences, HICSS2008
    @INPROCEEDINGS{Goluch_IntegrationofOntological_2008,
       author = {Stefan Fenz and Andreas Ekelhart and Gernot Goluch and Simon Tjoa and Stefan Jakoubi and Thomas Mueck},
       title = {Integration of an Ontological Information Security Concept in Risk Aware Business Process Management},
       booktitle = {Proceedings of the 41st Hawaii International Conference on System Sciences,
       HICSS2008},
       year = {2008},
       month = {1},
       pages = {377-385},
       publisher = {IEEE Computer Society},
       note = {978-0-7695-3075-8},
    }
  • Evolving Secure Information Systems through Attack Simulation (2014)
    • INPROCEEDINGS-true
    • Elmar Kiesling and Andreas Ekelhart and Bernhard Grill and Christian Stummer and Christine Strauss
    • 47th Hawaii International Conference on System Science
    @INPROCEEDINGS{Kiesling2014Evolving,
       author = {Elmar Kiesling and Andreas Ekelhart and Bernhard Grill and Christian Stummer and Christine Strauss},
       authorhotlist = {true},
       title = {Evolving Secure Information Systems through Attack Simulation},
       booktitle = {47th Hawaii International Conference on System Science},
       year = {2014},
       month = {1},
       pdf = {https://www.sba-research.org/wp-content/uploads/publications/HICSS46_Submission_final.pdf},
    }
  • Multi-objective evolutionary optimization of computation-intensive simulations - The case of security control selection (2015)
    • INPROCEEDINGS--
    • Bernhard Grill and Andreas Ekelhart and Elmar Kiesling and Christine Strauss and Christian Stummer
    • Proceedings of the 11th Metaheuristics International Conference (MIC)
    @INPROCEEDINGS{Kiesling2015Multiobjective,
       author = {Bernhard Grill and Andreas Ekelhart and Elmar Kiesling and Christine Strauss and Christian Stummer},
       title = {Multi-objective evolutionary optimization of computation-intensive simulations - The case of security control selection},
       booktitle = {Proceedings of the 11th Metaheuristics International Conference (MIC)},
       year = {2015},
       month = {6},
       pdf = {https://www.sba-research.org/wp-content/uploads/publications/optimizing_metaheuristics_mic_final.pdf},
    }
  • Selecting security control portfolios: a multi-objective simulation-optimization approach (2016)
    • ARTICLE-true
    • Elmar Kiesling and Andreas Ekelhart and Bernhard Grill and Christine Strauss and Christian Stummer
    • EURO Journal on Decision Processes
    @ARTICLE{Kiesling2016Selecting,
       author = {Elmar Kiesling and Andreas Ekelhart and Bernhard Grill and Christine Strauss and Christian Stummer},
       authorhotlist = {true},
       title = {Selecting security control portfolios: a multi-objective simulation-optimization approach},
       journal = {EURO Journal on Decision Processes},
       year = {2016},
       month = {6},
       pdf = {http://link.springer.com/article/10.1007/s40070-016-0055-7},
    }
  • Simulation-based optimization of information security controls: An adversary-centric approach (2013)
    • INPROCEEDINGS--
    • Elmar Kiesling and Andreas Ekelhart and Bernhard Grill and Christine Strauss and Christian Stummer
    • Proceedings of the Winter Simulation Conference 2013
    @INPROCEEDINGS{Kiesling_Simulation_based_optimization__2013,
       author = {Elmar Kiesling and Andreas Ekelhart and Bernhard Grill and Christine Strauss and Christian Stummer},
       title = {Simulation-based optimization of information security controls: An adversary-centric approach},
       booktitle = {Proceedings of the Winter Simulation Conference 2013},
       year = {2013},
       month = {7},
       pdf = {https://www.sba-research.org/wp-content/uploads/publications/WSC_2013_Moses3 - final.pdf},
       publisher = {R. Pasupathy and S.-H. Kim and A. Tolk and R. Hill and M.E. Kuhl},
    }
  • An Evaluation of Technologies for the Pseudonymization of Medical Data (2009)
    • INPROCEEDINGS-true
    • Andreas Ekelhart and Mathias Kolb
    • Proceedings of the ACM Symposium on Applied Computing
    @INPROCEEDINGS{Neubauer_EvaluationofTechnologies_2009a,
       author = {Andreas Ekelhart and Mathias Kolb},
       authorhotlist = {true},
       title = {An Evaluation of Technologies for the Pseudonymization of Medical Data},
       booktitle = {Proceedings of the ACM Symposium on Applied Computing},
       year = {2009},
       month = {1},
    }
  • Interactive Selection of ISO 27001 Controls under Multiple Objectives (2008)
    • INPROCEEDINGS--
    • Thomas Neubauer and Andreas Ekelhart and Stefan Fenz
    • Proceedings of the Ifip Tc 11 23rd International Information Security Conference, IFIPSec 2008
    @INPROCEEDINGS{Neubauer_InteractiveSelectionof_2008,
       author = {Thomas Neubauer and Andreas Ekelhart and Stefan Fenz},
       title = {Interactive Selection of ISO 27001 Controls under Multiple Objectives},
       booktitle = {Proceedings of the Ifip Tc 11 23rd International Information Security Conference,
       IFIPSec 2008},
       year = {2008},
       month = {7},
       pdf = {https://www.sba-research.org/wp-content/uploads/publications/2008 - Neubauer - Interactive Selection of ISO 27001 Controls under Multiple Objectives.pdf},
       volume = {278_2008},
       pages = {477--492},
       publisher = {Springer},
    }
  • Security Ontologies: How to Improve Understanding of Complex Relationships (2007)
    • INPROCEEDINGS--
    • Edgar R. Weippl and Stefan Fenz and Andreas Ekelhart
    • Proceedings of the World Conference on Educational Multimedia, Hypermedia and Telecommunications 2007
    @INPROCEEDINGS{Weippl_SecurityOntologiesHow_2007,
       author = {{Edgar R.} Weippl and Stefan Fenz and Andreas Ekelhart},
       title = {Security Ontologies: How to Improve Understanding of Complex Relationships},
       booktitle = {Proceedings of the World Conference on Educational Multimedia,
       Hypermedia and Telecommunications 2007},
       year = {2007},
       month = {6},
       pdf = {https://www.sba-research.org/wp-content/uploads/publications/2007 - Weippl - Security Ontologies How to Improve Understanding of Complex Relationships.pdf},
       pages = {404--407},
       publisher = {AACE},
    }
  • The Semantic Desktop: A Semantic Personal Information Management System based on RDF and Topic Maps (2005)
    • INPROCEEDINGS--
    • A Min Tjoa and Stefan Fenz and Edgar R. Weippl and Markus Klemen and Andreas Ekelhart
    • Proceedings of the ODBIS Workshop, 31st International Conference on Very Large Data Bases (VLDB) 2005
    @INPROCEEDINGS{Weippl_SemanticDesktopSemantic_2005,
       author = {{A Min} Tjoa and Stefan Fenz and {Edgar R.} Weippl and Markus Klemen and Andreas Ekelhart},
       title = {The Semantic Desktop: A Semantic Personal Information Management System based on RDF and Topic Maps},
       booktitle = {Proceedings of the ODBIS Workshop,
       31st International Conference on Very Large Data Bases (VLDB) 2005},
       year = {2005},
       month = {10},
       number = {4623},
       pages = {135-151},
    }
  • Multi objective decision support for IT security control selection (2013)
    • INPROCEEDINGS--
    • Elmar Kiesling and Andreas Ekelhart and Bernhard Grill and Christine Strauss and Christian Stummer
    • 26th European Conference on Operational Research (EURO 2013)
    @INPROCEEDINGS{_Multi_objective_decision_suppo_2013,
       author = {Elmar Kiesling and Andreas Ekelhart and Bernhard Grill and Christine Strauss and Christian Stummer},
       title = {Multi objective decision support for IT security control selection},
       booktitle = {26th European Conference on Operational Research (EURO 2013)},
       year = {2013},
       month = {7},
    }
  • Simulation based optimization of IT security controls: Initial experiences with metaheuristic solution procedures (2013)
    • INPROCEEDINGS--
    • Elmar Kiesling and Andreas Ekelhart and Bernhard Grill and Christine Strauss and Christian Stummer
    • 14th EU ME Workshop
    @INPROCEEDINGS{_Simulation_based_optimization__2013,
       author = {Elmar Kiesling and Andreas Ekelhart and Bernhard Grill and Christine Strauss and Christian Stummer},
       title = {Simulation based optimization of IT security controls: Initial experiences with metaheuristic solution procedures},
       booktitle = {14th EU ME Workshop},
       year = {2013},
       month = {3},
       pdf = {https://www.sba-research.org/wp-content/uploads/publications/EU-ME Extended Abstract.pdf},
    }

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close