Development of an asset specification ontology for SME compliance process automation

This project is sponsored by rradar, a law and legal-tech firm, to create a classification of assets that can be used to automate compliance against specifications. To achieve this, a method is devised to deconstruct a specification, particularly IASME Cyber Essentials Evandine, so that assets can be extracted and then modelled using an ontology. This ontology represents assets such as devices, documents, and their relationships and attributes. Once the ontology is populated, queries could be made to automate checking for compliance. To address the limitations of existing tools and tailor to rradar’s needs, a prototype ontology editor was developed. Novel features in the editor include adding certainty factors to assertions in the instances, and the ability to tag assets and revert changes. The ontology model can successfully represent assets from the IASME Cyber Essentials Evandine, including devices, software accounts, locations, and employees. Furthermore, the ontology editor produced by this project can edit the ontology model by adding more classes, relationships and attributes and infer based on the assertions, which will be useful once future versions of the model are developed. This project concludes that the model created is a good foundation for checking for compliance against IASME Cyber Essentials Evandine. Although the model does have some limitations on what it represents, mainly limited to assets in IASME Cyber Essentials Evandine specification, in the future, it can be further expanded to cover more specifications and legislations. Furthermore, with the model instantiated, machine learning and artificial intelligence could be used in the future to create risk registers or provide accurate insurance quotes for businesses. The methodology for the deconstruction can be used for other specifications. However, depending on the domain, it might need some refinements as it was only tested using the IASME Cyber Essentials Evandine specification.