we assume that
organizations having completed the certification process
accordingly have addressed all concepts incorporated in said
standard. Therefore, the chosen standard represents actual
security practice in organizations that are certified based on its
specifications. In the next section we will discuss information
security ontologies, which served as a reference to evaluate our
derived metamodel regarding completeness and in general are
often used synonymous to metamodels.