Building problem domain ontology from security requirements in regulatory documents.