With　the　fast　growth　of　system　complexity,　it　is　increasingly　difficult　to　comprehensively　analyze　security　of　such　large-scale　systems,　which　is　a　knowledge-intensive　task.　Although　there　are　various　available　security　knowledge　sources,　they　are　not　well-connected　with　each　other　due　to　their　heterogeneity　and　unstructured　descriptions.　In　this　paper,　we　propose　a　systematic　approach　to　construct　a　comprehensive　and　reusable　knowledge　graph　in　the　field　of　information　security.　Specifically,　we　first　investigate　heterogeneous　security　knowledge　sources　and　establish　a　detailed　ontology　of　information　security,　integrating　various　security　conceptual　models.　Then,　we　train　a　security　entity　identifier　based　on　active　learning　to　extract　security　knowledge　from　unstructured　descriptions.　Such　extracted　knowledge　is　then　fused　to　establish　a　comprehensive　and　reusable　security　knowledge　graph　based　on　the　unified　ontology.　Finally,　we　illustrate　the　utility　of　our　established　knowledge　graph　with　a　set　of　exemplary　queries　and　reasoning　rules　in　the　context　of　a　real　security　scenario.