oca-ontology

The OCA Ontology project is an effort to bring semantic consistency to the full spectrum of enterprise cyber security. This effort is important for two reasons. First, each vendor and each area of the cyber security enterprise, from threat detection to orchestration and response, has their own vernacular and standards. The ontology helps to create the data fabric to improve inter-operability both between vendors and between components of the architecture. It does so by creating a common semantic meaning for all the entities that our data relates to. Second, the ontology creates this fabric in such a way that the computer begins to understand the concepts being represented in the data much the same as a human does. The ontology achieves this by creating formal, machine-readable representations that are related to each other in a logical manner. At a minimum, structure leads to much more intuitive analyst queries and analysis of cyber data. Such a framework also allows for implementation of explainable artificial intelligence and other analytic tools.

The OCA Ontology project has begun its work by first assessing existing ontology efforts and identifying opportunities for re-use and adoption. A challenge to wholesale adoption of existing efforts is the desire to create an ontology that is based on realism and inter-operable with efforts beyond the cyber domain. Therefore, the project is pursuing a path of a hybrid approach that links together existing ontology projects and introduces additional OCA specific entities and relationships as needed to represent the entire cyber security enterprise and related operations needs.