Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

An Ontological Approach to Compliance Verification of the NIS 2 Directive

Gianpietro Castiglione, Daniele Francesco Santamaria, Giampaolo Bella

TL;DR

An approach that leverages techniques of semantic representation and reasoning, hence an ontological approach, towards the compliance check with the security measures that textual documents prescribe, and is demonstrated with two articles of the new European NIS 2 directive.

Abstract

Cybersecurity, which notoriously concerns both human and technological aspects, is becoming more and more regulated by a number of textual documents spanning several pages, such as the European GDPR Regulation and the NIS Directive. This paper introduces an approach that leverages techniques of semantic representation and reasoning, hence an ontological approach, towards the compliance check with the security measures that textual documents prescribe. We choose the ontology instrument to achieve two fundamental objectives: domain modelling and resource interrogation. The formalisation of entities and relations from the directive, and the consequent improved structuring with respect to sheer prose is dramatically helpful for any organisation through the hard task of compliance verification. The semantic approach is demonstrated with two articles of the new European NIS 2 directive.

An Ontological Approach to Compliance Verification of the NIS 2 Directive

TL;DR

An approach that leverages techniques of semantic representation and reasoning, hence an ontological approach, towards the compliance check with the security measures that textual documents prescribe, and is demonstrated with two articles of the new European NIS 2 directive.

Abstract

Cybersecurity, which notoriously concerns both human and technological aspects, is becoming more and more regulated by a number of textual documents spanning several pages, such as the European GDPR Regulation and the NIS Directive. This paper introduces an approach that leverages techniques of semantic representation and reasoning, hence an ontological approach, towards the compliance check with the security measures that textual documents prescribe. We choose the ontology instrument to achieve two fundamental objectives: domain modelling and resource interrogation. The formalisation of entities and relations from the directive, and the consequent improved structuring with respect to sheer prose is dramatically helpful for any organisation through the hard task of compliance verification. The semantic approach is demonstrated with two articles of the new European NIS 2 directive.
Paper Structure (15 sections, 6 figures)

This paper contains 15 sections, 6 figures.

Table of Contents

  1. Introduction
  2. Paper summary
  3. Related work
  4. Description of the NIS 2 directive
  5. Relational modelling of the NIS 2 directive
  6. Left sub-model
  7. Right sub-model
  8. Interpreting the NIS 2 directive
  9. Interpreting the NIS 2 entities
  10. Interpreting the NIS 2 actors and actions
  11. Interpreting the NIS 2 objects and complex sentences
  12. Designing an ontology for the NIS 2 directive
  13. Representation of entities and articles
  14. Verification of compliance and check of measures
  15. Conclusions and future works

Figures (6)

  • Figure 1: Relational model of entities of the NIS 2 directive
  • Figure 2: A fragment of the NIS 2 Ontology hierarchy.
  • Figure 3: MemberState entity specialisation
  • Figure 4: Example of representing the Member State
  • Figure 5: Definition of Article 7 in NIS Ontology
  • ...and 1 more figures