Project Cyber Security Hub: Cyberthreat incidence response ontology

Project Information

  • Partner: South African Cyber Security Hub
  • Students: Jacqui Muller (NWU), Donald Ntjana (WITS), Thembela Daphula (SPU)
  • Project Lead: Nyalleng Moorosi
  • Project Mentors: Tyrone Naidoo
  • Year: 2017/2018

Project Description

The aim of this project is to create a full incident response ontology for the cyber security hub. The South African cybersecurity hub under the Department of Telecommunications and Postal Services (DTPS) is in the process of designing a communications system for all sector Cyber Incident Response Teams (CIRTs). This communication system should be as simple as possible but should store as much information as possible. We have suggested to the cyberhub that the adoption of an ontology as a management structure will be most suited. The phases of this project include data object creation, data collection, data exploration, data population and data mining from an incident ontology. We have decided to look at three different type of threats within Nefarious attack just to provide a proof of concept before expanding to other types of attacks. We have decided to look at Malicious activity, information leakage and denial of service.