Architecting Cyber Defense: A Survey of the Leading Cyber Reference Architectures and Frameworks

Savold, Risa; Dagher, Natalie; Frazier, P.D.; McCallam, Dennis H.

doi:10.1109/cscloud.2017.37

Cited by 13 publications

(7 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The Framework of Evaluation of Reference Architectures (FERA) exploits the opinions of experts in SA and reference architectures. There is a need for a precise understanding of the requirements to create the checklist [ 71 , 72 ].…”

Section: Software Architecture Evaluationmentioning

confidence: 99%

Lightweight Software Architecture Evaluation for Industry: A Comprehensive Review

Sahlabadi

Muniyandi

Shukur

et al. 2022

Sensors

View full text Add to dashboard Cite

Processes for evaluating software architecture (SA) help to investigate problems and potential risks in SA. It is derived from many studies that proposed a plethora of systematic SA evaluation methods, while industrial practitioners currently refrain from applying them since they are heavyweight. Nowadays, heterogeneous software architectures are organized based on the new infrastructure. Hardware and associated software allow different systems, such as embedded, sensor-based, modern AI, and cloud-based systems, to cooperate efficiently. It brings more complexities to SA evaluation. Alternatively, lightweight architectural evaluation methods have been proposed to satisfy the practitioner’s concerns, but practitioners still do not adopt these methods. This study employs a systematic literature review with a text analysis of SA’s definitions to propose a comparison framework for SA. It identifies lightweight features and factors to improve the architectural evaluation methods among industrial practitioners. The features are determined based on the practitioner’s concerns by analyzing the architecture’s definitions from stakeholders and reviewing architectural evaluation methods. The lightweight factors are acquired by studying the five most commonly used lightweight methods and the Architecture-based Tradeoff Analysis Method (ATAM), the most well-known heavyweight method. Subsequently, the research addresses these features and factors.

show abstract

Section: Software Architecture Evaluationmentioning

confidence: 99%

Lightweight Software Architecture Evaluation for Industry: A Comprehensive Review

Sahlabadi

Muniyandi

Shukur

et al. 2022

Sensors

View full text Add to dashboard Cite

show abstract

“…DiD is defined by NIST as an "Information security strategy integrating people, technology, and operations capabilities to establish variable barriers across multiple layers and dimensions of the organization" [18]. A survey of cyber reference architectures and frameworks conducted by Savold et al [19] highlighted that DiD as a security design pattern that is observed in several security frameworks such as the Cisco SAFE [20], Oracle Reference Architectures [21], and Northrop Grumman Fan. [22].…”

Section: Maritime Cyber Risk Managementmentioning

confidence: 99%

Cyber risk management for autonomous passenger ships using threat-informed defense-in-depth

Amro

Gkioulos

2022

Int. J. Inf. Secur.

View full text Add to dashboard Cite

Recent innovations in the smart city domain have led to the proposition of a new mode of transportation utilizing Autonomous Passenger Ships (APS) or ferries in inland waterways. The novelty of the APS concept influenced the cyber risk paradigm and led to different considerations regarding attack objectives, techniques as well as risk management approaches. The main factor that has led to this is the autoremote operational mode, which refers to autonomous operations and remote supervision and control in case of emergency. The autoremote operational mode influences the risk of cyber attacks due to the increased connectivity and reliance on technology for automating navigational functions. On the other hand, the presence of passengers without crew members imposes a safety risk factor in cyber attacks. In this paper, we propose a new cyber risk management approach for managing the cyber risks against cyber physical systems in general and Autonomous Passenger Ships in particular. Our proposed approach aims to improve the Defense-in-Depth risk management strategy with additional components from the Threat-Informed Defense strategy allowing for more evolved cyber risk management capabilities. Moreover, we have utilized the proposed cyber risk management approach for the proposition of a cybersecurity architecture for managing the cyber risks against an APS use case named milliAmpere2. Additionally, we present our results after conducting a Systematic Literature Review (SLR) in cybersecurity evaluation in the maritime domain. Then, the findings of the SLR were utilized for a suitable evaluation of the proposed risk management approach. Our findings suggest that our proposed risk management approach named Threat-Informed Defense-in-Depth is capable of enriching several risk management activities across different stages in the system development life cycle. Additionally, a comprehensive evaluation of the cybersecurity posture of milliAmpere2 has been conducted using several approaches including risk evaluation, simulation, checklist, and adversary emulation. Our evaluation has uncovered several limitations in the current cybersecurity posture and proposed actions for improvement.

show abstract

“…[26] Development an establishment of ISMS [27] Awareness measures [28], [29], [30], [31], [32], [33] Lack of skilled workers in public sector and effects [34], [35] Physical Security and Security Assessment [36], [37], [38], [39], [40] Legal framework parameters in cybersecurity domain [41], [42] Maturity models [43], [44] Most papers deal with the safeguarding of the technical components or tackle the analysis of cyber-attacks and pos-sible preventive measures. It is striking that a large number of papers put the staff in the focus and examine how their awareness for cybersecurity can be increased.…”

Section: Thematic Areamentioning

confidence: 99%

Information security management in German local government

Moses¹,

Sandkuhl²,

Kemmerich³

2022

Communication Papers of the 17th Conference on Computer Science and Intelligence Systems

View full text Add to dashboard Cite

4The growing importance of information security in organizations is undisputed. This is particularly true of local governments, because modern administrative action is no longer conceivable today without electronic communication media and IT procedures. The complexity of information technology, the increasing degree of networking (also with citizens) and the dependence of the administration on ITsupported procedures has led to the fact that the security of information technology and associated processes must be given a higher priority and a corresponding cybersecurity strategy must be substantiated. Existing approaches either fall short or cannot be applied to the context of local government without revision and adaptation. In this article, case studies of implementations of IT security projects in local government are examined. Specific focus is on the differences between information security management system (ISMS) implementations of different hierarchical levels of governmental organizations. The results show current challenges in increasing the resilience of the local government.

show abstract

Architecting Cyber Defense: A Survey of the Leading Cyber Reference Architectures and Frameworks

Cited by 13 publications

References 7 publications

Lightweight Software Architecture Evaluation for Industry: A Comprehensive Review

Lightweight Software Architecture Evaluation for Industry: A Comprehensive Review

Cyber risk management for autonomous passenger ships using threat-informed defense-in-depth

Information security management in German local government

Contact Info

Product

Resources

About