Using an ontology as a model for the implementation of the National Cybersecurity Policy Framework for South Africa

Abstract

Many developing countries are particularly vulnerable to cyber security threats due to an enormous growth in Internet connectivity rates over the past decade. The South African government approved a draft version of its National Cybersecurity Policy Framework in March 2012. Although implementation of this policy has been initiated in a few isolated instances, a holistic approach is lacking. Due to the cybersecurity environment not being clearly bounded and defined, it is very difficult to put forward a National Cybersecurity Policy Framework that is easy to understand and implement. In this paper, the authors motivate that an ontology can assist in defining a model that describes the relationships between different stakeholders and cybersecurity components that are relevant in the policy implementation. An ontology is a technology that enables an encoded, shareable vocabulary and domain model and it has powerful automated reasoning abilities. This methodology can contribute to a more holistic approach for the implementation of the South African National Cybersecurity policy. The Extended Cyber Security Toolkit (XCyberST) (Jansen van Vuuren, Leenen, Phahlamohlaka, & Zaaiman 2013) as the basis for mapping cybersecurity entities to functions, was the initial attempt to model the national cybersecurity policy environment in South Africa. The authors proposed the use of an ontological model for the cybersecurity policy implementation in a previous paper (Grobler, van Vuuren, & Leenen 2012), and this model is now presented. The model is partially based on information in the XCyberST and implemented in Protégé, an ontology editor. Although this model has been developed for the South African cybersecurity environment, it can easily be adapted to be used in other countries.