Cybersecurity is a broadly defined concept comprising security for many different types of elements. Dealing with cybersecurity is a multidimensional problem, and the damage generated by cyberattacks can be very diverse. Reports about cybersecurity show recurrent problems, or increasing on their frequency of appearance, with no clear approach for solving them. Existing models deal with cybersecurity in several different but general ways, and results are not better. Consequently, managing cybersecurity deserves consideration of a new approach. Our approach is based on the nature of security. Security services are modeled around three basic security concepts, namely isolation, interaction, and representation. With these three concepts, a cybersecurity development starts with security objectives for overcoming the cybersecurity challenges, and also has a security representation to achieve integral and comprehensive security results. We propose an architecture-based security conceptual framework having three components, namely a system representation model kind, a security representation model kind, and a security process model kind, to accomplish the security process for a system. The security process is fully guided and supported with security objectives from the beginning to the end. The framework proposes several models, based on data structures for representing the system, the security, and the process itself. The models are scalable to represent systems of any size, from tiny to huge technology infrastructures, and with support for automation of the security process. The scope of the framework is the security of IT systems and cybersecurity, including information, software, virtual resources, hardware, IT devices, money, people, and other related physical objects being represented digitally. The framework was developed while creating a university cloud infrastructure, and consolidated while supporting the security of several national wide software and infrastructure applications for digital signature in Costa Rica. We aim to provide a new and innovative way for doing cybersecurity, by directly targeting the actual security requirements; with a simple, systemic, structured and potentially automated security process, and for achieving integral and comprehensive security solutions.
Read full abstract