The nature of security: A conceptual framework for integral-comprehensive modeling of IT security and cybersecurity
Villalón Fonseca, Ricardo
MetadataShow full item record
Cybersecurity is a broadly defined concept comprising security for many different types of elements. Dealing with cybersecurity is a multidimensional problem, and the damage generated by cyberattacks can be very diverse. Reports about cybersecurity show recurrent problems, or increasing on their frequency of appearance, with no clear approach for solving them. Existing models deal with cybersecurity in several different but general ways, and results are not better. Consequently, managing cybersecurity deserves consideration of a new approach. Our approach is based on the nature of security. Security services are modeled around three basic security concepts, namely isolation, interaction, and representation. With these three concepts, a cybersecurity development starts with security objectives for overcoming the cybersecurity challenges, and also has a security representation to achieve integral and comprehensive security results. We propose an architecture-based security conceptual framework having three components, namely a system representation model kind, a security representation model kind, and a security process model kind, to accomplish the security process for a system. The security process is fully guided and supported with security objectives from the beginning to the end. The framework proposes several models, based on data structures for representing the system, the security, and the process itself. The models are scalable to represent systems of any size, from tiny to huge technology infrastructures, and with support for automation of the security process. The scope of the framework is the security of IT systems and cybersecurity, including information, software, virtual resources, hardware, IT devices, money, people, and other related physical objects being represented digitally. The framework was developed while creating a university cloud infrastructure, and consolidated while supporting the security of several national wide software and infrastructure applications for digital signature in Costa Rica. We aim to provide a new and innovative way for doing cybersecurity, by directly targeting the actual security requirements; with a simple, systemic, structured and potentially automated security process, and for achieving integral and comprehensive security solutions.
External link to the item10.1016/j.cose.2022.102805
El documento adjunto con en este envío es una versión post-print borrador, que NO de publicarse sino mantenerse privada, hasta tanto no se paguen los derechos de publicación.
Showing items related by title, author, creator and subject.
Mora Castro, Alejandro; González Herrera, Andrés; Villalón Fonseca, Ricardo (2023-01-19)Cybersecurity can be effectively managed with an architecture-based approach, composed with three viewpoints, namely system, security and process. Using models for describing a system and its security objectives enables a ...
Herrera Zúñiga, José Roberto (2013)El presente documento tiene como objetivo realizar un análisis desde el punto de vista marxista de las posiciones políticas e ideológicas esgrimidas en elactual debate sobre la necesidad de declarar Estado ...