Using ontological design for semi-automatic analysis of enterprise’s security policy documents

Information technologies are actively involved in every activity that requires obser-vation of certain rules to ensure secure access to data information systems and their safety. Such rules are combined in a security policy, which is often full of contradictions and ambiguities. To overcome these troubles author proposes usage an ontological model of security policy. This allows tracking the entire structure of the organization to monitor the distribution of employees’ rights to access corporate information, and keep track of how employees can work on the components of the organization. This approach will be useful for companies that have a large staff. Another advantage of ontological model is that it can expand the structure by adding staff and their responsibilities.