Cybersecurity, which notoriously concerns both human and technological aspects, is becoming more and more regulated by a number of textual documents spanning several pages, such as the European GDPR Regulation and the NIS Directive. This paper introduces an approach that leverages techniques of semantic representation and reasoning, hence an ontological approach, towards the compliance check with the security measures that textual documents prescribe. We choose the ontology instrument to achieve two fundamental objectives: domain modelling and resource interrogation. The formalisation of entities and relations from the directive, and the consequent improved structuring with respect to sheer prose is dramatically helpful for any organisation through the hard task of compliance verification. The semantic approach is demonstrated with two articles of the new European NIS 2 directive.

翻译：网络安全（众所周知涉及人类与技术两方面）正受到越来越多长达数页的文本文件（如欧洲GDPR法规和NIS指令）的监管。本文介绍了一种利用语义表示与推理技术的方法，即基于本体的方法，用于检查文本文件所规定的安全措施的合规性。我们选择本体工具以实现两个基本目标：领域建模和资源查询。对指令中的实体与关系进行形式化，并由此相对于纯文本进行结构化改进，对任何组织完成合规验证这一艰巨任务具有显著帮助。该语义方法通过新的欧洲NIS 2指令中的两个条款进行演示。