Abstract
Cybersecurity can be effectively managed with an architecture-based approach, composed with three viewpoints, namely system, security and process. Using models for describing a system and its security objectives enables a systemic and exhaustive risk management process. The architecture approach produces an integral set of security policies and controls that can be fully maintained during the entire system life-cycle. Furthermore, architecture models support automation and high scalability, thus providing an innovative way for constructing and maintaining the cybersecurity for very large systems or even for system of systems.This work describes details, technical aspects, and examples for the risk management process of the architecture, including the establishment of the system representation, the security goals, going through risk identification and analysis, up to the policies and control definition. Some highlighting points of the methodology follow.•System representation is simple because it focuses only on aspects relevant to security purposes.•Security objectives behave as an end-to-end guidance of the security, for the whole system and also during its life-cycle.•Risk management can be done with existing methods and standards, but additionally supported with the comprehensive capability provided by the system representation and the security objectives.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
