An automated method for the ontological representation of security directives
This work addresses the difficulty of interpreting security directives for compliance and ontology development, but it is incremental as it adapts existing NLP techniques to a specific domain.
The paper tackles the problem of interpreting complex juridical language in European security directives by automating the extraction of relevant information using tailored NLP techniques and ontology principles, resulting in a method that provides valid support for directive compliance and ontology development, though with some limitations requiring manual analysis.
Large documents written in juridical language are difficult to interpret, with long sentences leading to intricate and intertwined relations between the nouns. The present paper frames this problem in the context of recent European security directives. The complexity of their language is here thwarted by automating the extraction of the relevant information, namely of the parts of speech from each clause, through a specific tailoring of Natural Language Processing (NLP) techniques. These contribute, in combination with ontology development principles, to the design of our automated method for the representation of security directives as ontologies. The method is showcased on a practical problem, namely to derive an ontology representing the NIS 2 directive, which is the peak of cybersecurity prescripts at the European level. Although the NLP techniques adopted showed some limitations and had to be complemented by manual analysis, the overall results provide valid support for directive compliance in general and for ontology development in particular.