The nature of security: A conceptual framework for integral-comprehensive modeling of IT security and cybersecurity
artículo original
View/ Open
Date
2022-06-12Author
Villalón Fonseca, Ricardo
Metadata
Show full item recordAbstract
Cybersecurity is a broadly defined concept comprising security for many different types of elements. Dealing with cybersecurity is a multidimensional problem, and the damage generated by cyberattacks can be very diverse. Reports about cybersecurity show recurrent problems, or increasing on their frequency of appearance, with no clear approach for solving them. Existing models deal with cybersecurity in several different but general ways, and results are not better. Consequently, managing cybersecurity deserves consideration of a new approach. Our approach is based on the nature of security. Security services are modeled around three basic security concepts, namely isolation, interaction, and representation. With these three concepts, a cybersecurity development starts with security objectives for overcoming the cybersecurity challenges, and also has a security representation to achieve integral and comprehensive security results. We propose an architecture-based security conceptual framework having three components, namely a system representation model kind, a security representation model kind, and a security process model kind, to accomplish the security process for a system. The security process is fully guided and supported with security objectives from the beginning to the end. The framework proposes several models, based on data structures for representing the system, the security, and the process itself. The models are scalable to represent systems of any size, from tiny to huge technology infrastructures, and with support for automation of the security process. The scope of the framework is the security of IT systems and cybersecurity, including information, software, virtual resources, hardware, IT devices, money, people, and other related physical objects being represented digitally. The framework was developed while creating a university cloud infrastructure, and consolidated while supporting the security of several national wide software and infrastructure applications for digital signature in Costa Rica. We aim to provide a new and innovative way for doing cybersecurity, by directly targeting the actual security requirements; with a simple, systemic, structured and potentially automated security process, and for achieving integral and comprehensive security solutions.
External link to the item
10.1016/j.cose.2022.102805
El documento adjunto con en este envío es una versión post-print borrador, que NO de publicarse sino mantenerse privada, hasta tanto no se paguen los derechos de publicación.
Collections
Related items
Showing items related by title, author, creator and subject.
-
Constructing an architecture-based cybersecurity solution for a system
Mora Castro, Alejandro; González Herrera, Andrés; Villalón Fonseca, Ricardo (2023-01-19)Cybersecurity can be effectively managed with an architecture-based approach, composed with three viewpoints, namely system, security and process. Using models for describing a system and its security objectives enables a ... -
Impact of long term policies based on social determinants of health: the Costa Rican experience
Morice Trejos, Ana; Robles Soto, Arodys (2011)The consolidation of Democracy and the abolition of the army in Costa Rica at the end of the 1950s, instituted in the Political Constitution, led to the decision to prioritize the investment of public resources in the ...