Show simple item record

dc.creatorVillalón Fonseca, Ricardo
dc.date.accessioned2022-06-23T20:11:28Z
dc.date.available2022-06-23T20:11:28Z
dc.date.issued2022-06-12
dc.identifier.citationhttps://doi.org/10.1016/j.cose.2022.102805es_ES
dc.identifier.issn1872-6208
dc.identifier.urihttps://hdl.handle.net/10669/86776
dc.descriptionEl documento adjunto con en este envío es una versión post-print borrador, que NO de publicarse sino mantenerse privada, hasta tanto no se paguen los derechos de publicación.es_ES
dc.description.abstractCybersecurity is a broadly defined concept comprising security for many different types of elements. Dealing with cybersecurity is a multidimensional problem, and the damage generated by cyberattacks can be very diverse. Reports about cybersecurity show recurrent problems, or increasing on their frequency of appearance, with no clear approach for solving them. Existing models deal with cybersecurity in several different but general ways, and results are not better. Consequently, managing cybersecurity deserves consideration of a new approach. Our approach is based on the nature of security. Security services are modeled around three basic security concepts, namely isolation, interaction, and representation. With these three concepts, a cybersecurity development starts with security objectives for overcoming the cybersecurity challenges, and also has a security representation to achieve integral and comprehensive security results. We propose an architecture-based security conceptual framework having three components, namely a system representation model kind, a security representation model kind, and a security process model kind, to accomplish the security process for a system. The security process is fully guided and supported with security objectives from the beginning to the end. The framework proposes several models, based on data structures for representing the system, the security, and the process itself. The models are scalable to represent systems of any size, from tiny to huge technology infrastructures, and with support for automation of the security process. The scope of the framework is the security of IT systems and cybersecurity, including information, software, virtual resources, hardware, IT devices, money, people, and other related physical objects being represented digitally. The framework was developed while creating a university cloud infrastructure, and consolidated while supporting the security of several national wide software and infrastructure applications for digital signature in Costa Rica. We aim to provide a new and innovative way for doing cybersecurity, by directly targeting the actual security requirements; with a simple, systemic, structured and potentially automated security process, and for achieving integral and comprehensive security solutions.es_ES
dc.description.sponsorshipUniversidad de Costa Rica/[834-B9-095]/UCR/Costa Ricaes_ES
dc.language.isoenges_ES
dc.sourceComputers & Securityes_ES
dc.subjectInformation securityes_ES
dc.subjectSecurity frameworkes_ES
dc.subjectSecurity architecturees_ES
dc.subjectCybersecurity architecturees_ES
dc.subjectSecurity modeles_ES
dc.subjectSecurity relationshipes_ES
dc.subjectSecurity chaines_ES
dc.subjectRisk managementes_ES
dc.titleThe nature of security: A conceptual framework for integral-comprehensive modeling of IT security and cybersecurityes_ES
dc.typeartículo originales_ES
dc.identifier.doi10.1016/j.cose.2022.102805
dc.description.procedenceUCR::Vicerrectoría de Investigación::Unidades de Investigación::Ingeniería::Centro de Investigaciones en Tecnologías de Información y Comunicación (CITIC)es_ES
dc.description.procedenceUCR::Vicerrectoría de Docencia::Ingeniería::Facultad de Ingeniería::Escuela de Ciencias de la Computación e Informáticaes_ES


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record