scope:

The present document provides a common interaction semantics model called ISI Measurement Architecture (IMA) based on formal approaches that are partially leaned from Set and Graph Theories, such as [i.8] and [i.16], etc. Graph Theory is the semantics background to reason by simulation, using appropriate tools. Between both, i.e. a foreground ontological specification and a background graph semantics pattern - a structure-preserving relationship should exist.

The given approach of the present document is meant among other things to support the incident reaction operation analysis performed by the staff of SOCs, in order to decide reasonably on observed security events and related measures. More specifically all stakeholders (CISOs, IT security managers, Designers, Programmers, etc.) get on hand a Common ISI Semantics Specification Language (called CSlang) which enables stakeholders to communicate in a common unique way to each other based on graph semantics. CSlang is designed to be a dialect of the Common Logics(CL) defined by the ISO/IEC SC32 Committee on Data Interchange in the international standard IS 24707 that share a uniform semantics based on Traditional First Order Logics with Equality (TFOL) according to [i.17] and [4].

The present document is structured as follows (after clauses 2 and 3 respectively dedicated to references and definition of terms, symbols and abbreviations):

• Clause 4 describes models and methods of the ISI Measurement Architecture, including the challenge of transforming ISIs into knowledge about incidents.

• Clause 5 invents advanced Common Logics (CL) concepts of the ISI Semantics Specification Language - CSlang.

 • Annex A presents the Proof of Concepts (PoC) by aligning ontology specifications to graph specifications of the two levels of Semantics Approach.

• Annex B presents mathematical basic definitions of graph manipulation theory.

• Annex C documents authors and contributors.

• Annex D documents applied bibliography of semantic.