Constructing an architecture-based cybersecurity solution for a system

 

Guardado en:
Detalles Bibliográficos
Autores: Mora Castro, Alejandro, González Herrera, Andrés, Villalón Fonseca, Ricardo
Formato: artículo original
Fecha de Publicación:2023
Descripción:Cybersecurity can be effectively managed with an architecture-based approach, composed with three viewpoints, namely system, security and process. Using models for describing a system and its security objectives enables a systemic and exhaustive risk management process. The architecture approach produces an integral set of security policies and controls that can be fully maintained during the entire system life-cycle. Furthermore, architecture models support automation and high scalability, thus providing an innovative way for constructing and maintaining the cybersecurity for very large systems or even for system of systems. This work describes details, technical aspects, and examples for the risk management process of the architecture, including the establishment of the system representation, the security goals, going through risk identification and analysis, up to the policies and control definition. Some highlighting points of the methodology follow. • System representation is simple because it focuses only on aspects relevant to security purposes. • Security objectives behave as an end-to-end guidance of the security, for the whole system and also during its life-cycle. • Risk management can be done with existing methods and standards, but additionally supported with the comprehensive capability provided by the system representation and the security objectives.
País:Kérwá
Institución:Universidad de Costa Rica
Repositorio:Kérwá
Lenguaje:Inglés
OAI Identifier:oai:kerwa.ucr.ac.cr:10669/88126
Acceso en línea:https://hdl.handle.net/10669/88126
https://doi.org/10.1016/j.mex.2023.102010
Palabra clave:Information security architecture
Cybersecurity architecture
Information security methodology
Cybersecurity methodology
Risk management