University of Leicester
Browse

Development of an asset specification ontology for SME compliance process automation

Download (3.22 MB)
thesis
posted on 2025-05-09, 10:40 authored by Dhanil Capil Duvarcadas

This project is sponsored by rradar, a law and legal-tech firm, to create a classification of assets that can be used to automate compliance against specifications. To achieve this, a method is devised to deconstruct a specification, particularly IASME Cyber Essentials Evandine, so that assets can be extracted and then modelled using an ontology. This ontology represents assets such as devices, documents, and their relationships and attributes. Once the ontology is populated, queries could be made to automate checking for compliance. To address the limitations of existing tools and tailor to rradar’s needs, a prototype ontology editor was developed. Novel features in the editor include adding certainty factors to assertions in the instances, and the ability to tag assets and revert changes. The ontology model can successfully represent assets from the IASME Cyber Essentials Evandine, including devices, software accounts, locations, and employees. Furthermore, the ontology editor produced by this project can edit the ontology model by adding more classes, relationships and attributes and infer based on the assertions, which will be useful once future versions of the model are developed. This project concludes that the model created is a good foundation for checking for compliance against IASME Cyber Essentials Evandine. Although the model does have some limitations on what it represents, mainly limited to assets in IASME Cyber Essentials Evandine specification, in the future, it can be further expanded to cover more specifications and legislations. Furthermore, with the model instantiated, machine learning and artificial intelligence could be used in the future to create risk registers or provide accurate insurance quotes for businesses. The methodology for the deconstruction can be used for other specifications. However, depending on the domain, it might need some refinements as it was only tested using the IASME Cyber Essentials Evandine specification.

History

Supervisor(s)

Paul King; Yi Hong

Date of award

2025-02-25

Author affiliation

School of Computing and Mathematical Sciences

Awarding institution

University of Leicester

Qualification level

  • Masters

Qualification name

  • Mphil

Language

en

Usage metrics

    University of Leicester Theses

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC