The Cybersecurity Ontology¶
An ontology is a formal map of the things that exist in a domain and the relationships between them.
For cybersecurity, this means defining the core objects that appear across security leadership, engineering, operations, compliance, audit, privacy, and resilience.
Purpose¶
The Cybersecurity Ontology exists to answer three questions:
- Where does this concept belong?
- What does it relate to?
- How can it be mapped across frameworks?
The six universal classes¶
| Class | Question | Examples |
|---|---|---|
| Asset | What are we protecting? | Data, identity, application, endpoint, cloud account |
| Threat | What can happen? | Phishing, ransomware, insider misuse, supply chain compromise |
| Weakness | Why can it happen? | Vulnerability, misconfiguration, missing process, poor governance |
| Safeguard | What protects it? | MFA, logging, encryption, policies, training, segmentation |
| Assurance | How do we know it works? | Evidence, audit, tests, metrics, monitoring, reviews |
| Leadership | How is it governed? | Strategy, ownership, risk appetite, budget, roadmap, reporting |
Design principle¶
Frameworks are views. The ontology is the map underneath them.
A framework may describe controls, criteria, tactics, clauses, or safeguards. The ontology describes the underlying cybersecurity object and its relationships.