Ontology-based information security compliance determination and control selection on the example of ISO 27002 | Synapse