Security Genome

Building the Parameterized Ontology  
Foundation of Security


"Mass Interoperability"

Security Assets Deliver them ...
"Implemented by"
Standards Recommend them ...
"You should fulfill"


Beyond Control

Regulators Demand them ...
You shall fulfill"
Business Assets are Protected by them
"Protected by"

What if a security control could be expressed in a DNA-like structure; readable, unambiguous, unique, repeatable, measurable and general or precise?

What if these structures could be associated with the security assets that deliver them; the business assets that receive and are protected by them and to the regulatory and standard controls they fulfill?

What if these structures could be assembled into a neural representation of the state of every asset, and their relationships to each other? 

Could the fundamental approach to security controls life-cycle management change, could the cost of demonstrating compliance be eliminated?

Participate in the experiment!

What is a Security Control Expression

As a baseline, a traditional Security Control is a worded statement defining some form of security to be delivered to some form of a business asset.  e.g., “Encrypt Data Laptop”

A Security Control Expression is a structured linguistic sequence of concatenation graphs defining the delivery of security by a Security Asset performing one or more Security Techniques and protection received by a Business Asset performing a business function using business data.

Drawing from a predefined ontology library these graphs called “Parameters” feed each term in the Expression sequence defining a unique and unambiguous relationship that can be general or highly specific.

The Security Genome Project was launched on April 1, 2018. It is currently on hold pending resources and sponsors. The project is the brainchild of Jacques Francoeur who set out to address one of the security's core challenges - defining, interpreting, assessing, interrelating and reporting enterprise security controls, physical and logical.


The initial foundation of SGP has been completed and needs to be proven and evolved.
A security control syntax language was developed called Security Control Expressions (SCE) that render worded control expressions unique and unambiguous; general and precise on-demand.


A method was then developed to associate these expressions to their sources, destinations and build a neural network model that can be visualized and measured.


The Security Control Expression Engine is born - What next?

The objective is to bring together the best minds, build the language taxonomy and
Security Control Expression libraries and share them with the world
- providers, standard's organizations and regulators.  Then what?


Drastically reduce the cost of knowing your state-of-security and demonstrating your state-of-compliance to any regulation or standard, instantly.


The SGP is a not-for-profit, by invitation, community-based initiative adopting Security Control Expressions as a universal security control syntax language and developing a security ontology foundation for the common good of society.