The nature of security: A conceptual framework for integral-comprehensive modeling of IT security and cybersecurity
Villalón Fonseca, Ricardo
MetadataShow full item record
Cybersecurity is a broadly defined concept comprising security for many different types of elements. Dealing with cybersecurity is a multidimensional problem, and the damage generated by cyberattacks can be very diverse. Reports about cybersecurity show recurrent problems, or increasing on their frequency of appearance, with no clear approach for solving them. Existing models deal with cybersecurity in several different but general ways, and results are not better. Consequently, managing cybersecurity deserves consideration of a new approach. Our approach is based on the nature of security. Security services are modeled around three basic security concepts, namely isolation, interaction, and representation. With these three concepts, a cybersecurity development starts with security objectives for overcoming the cybersecurity challenges, and also has a security representation to achieve integral and comprehensive security results. We propose an architecture-based security conceptual framework having three components, namely a system representation model kind, a security representation model kind, and a security process model kind, to accomplish the security process for a system. The security process is fully guided and supported with security objectives from the beginning to the end. The framework proposes several models, based on data structures for representing the system, the security, and the process itself. The models are scalable to represent systems of any size, from tiny to huge technology infrastructures, and with support for automation of the security process. The scope of the framework is the security of IT systems and cybersecurity, including information, software, virtual resources, hardware, IT devices, money, people, and other related physical objects being represented digitally. The framework was developed while creating a university cloud infrastructure, and consolidated while supporting the security of several national wide software and infrastructure applications for digital signature in Costa Rica. We aim to provide a new and innovative way for doing cybersecurity, by directly targeting the actual security requirements; with a simple, systemic, structured and potentially automated security process, and for achieving integral and comprehensive security solutions.
External link to the item10.1016/j.cose.2022.102805
El documento adjunto con en este envío es una versión post-print borrador, que NO de publicarse sino mantenerse privada, hasta tanto no se paguen los derechos de publicación.
Showing items related by title, author, creator and subject.
Fonseca, Karen; García León, Mariana (2014-05-31)Resumen¿Qué pasaría si...? Este foto-ensayo trata de un elemento urbano muy común, pero aterrador en las ciudades de Costa Rica: las pequeñas casetas de guardas de seguridad privada que se establecen en la mayoría de los ...
Identifying the implied: Findings from three differentiated replications on the use of security requirements templates Riaz, Maria; King, Jason; Slankas, John; Williams, Laurie; Massacci, Fabio; Quesada López, Christian Ulises; Jenkins Coronas, Marcelo (2017)Identifying security requirements early on can lay the foundation for secure software development. Security requirements are often implied by existing functional requirements but are mostly left unspecified. The Security ...