A methodology for ontology-based interoperability of dynamic risk assessment frameworks in IoT environments

Proper cyber risk management is essential for organizations to make informed decisions and avoid potential financial losses, reputational damage, operational disruptions and other negative impacts. To this end, different institutions have defined risk analysis and risk management methodologies to address the problem and monitor cyber security in organizations. In this aspect, ontologies provide a very powerful tool for interoperability in risk management, given the heterogeneity of input information considered in the different steps of each framework and the ability they provide to perform logical reasoning in order to infer new knowledge. Throughout this study we analyze the different properties of some of the methodologies with the highest adoption rate, proposing an interoperable framework based on an ontology that allows compatibility between different systems, with a dynamic, flexible and efficient operation.