TY - JOUR
T1 - A Multi-level Reference Model and a Dedicated Method for Cyber-Security by Design
T2 - On the Example of the Electricity Sector
AU - de Kinderen, Sybren
AU - Kaczmarek-Heß, Monika
AU - Hacks, Simon
N1 - Publisher Copyright:
© The Author(s) 2024.
PY - 2024/10/28
Y1 - 2024/10/28
N2 - The increased reliance of organizations on information technology inherently increases their vulnerability to cyber-security attacks. As a response, a host of cyber-security approaches exists. While useful, these approaches exhibit shortcomings such as an inclination to be fragmented, not accounting for up-to-date organizational data, focusing on singular vulnerabilities only, and being reactive, i.e., focusing on patching up vulnerabilities in current systems. The paper presents and evaluates a modeling method aiming to address those shortcomings and to support security by design with a focus on the electricity sector. The proposed modeling method encompasses a multi-level reference model reconstructing and integrating existing initiatives and supporting top-down and bottom-up analyses. Compared to earlier work, the paper contributes (1) a process model for cyber-security by design, which proactively considers security as a first-class citizen during the design process, (2) a complete coverage of the multi-level model, in terms of three views complementing the introduced process model, (3) an elaborated evaluation, in terms of reporting on an additional design science cycle.
AB - The increased reliance of organizations on information technology inherently increases their vulnerability to cyber-security attacks. As a response, a host of cyber-security approaches exists. While useful, these approaches exhibit shortcomings such as an inclination to be fragmented, not accounting for up-to-date organizational data, focusing on singular vulnerabilities only, and being reactive, i.e., focusing on patching up vulnerabilities in current systems. The paper presents and evaluates a modeling method aiming to address those shortcomings and to support security by design with a focus on the electricity sector. The proposed modeling method encompasses a multi-level reference model reconstructing and integrating existing initiatives and supporting top-down and bottom-up analyses. Compared to earlier work, the paper contributes (1) a process model for cyber-security by design, which proactively considers security as a first-class citizen during the design process, (2) a complete coverage of the multi-level model, in terms of three views complementing the introduced process model, (3) an elaborated evaluation, in terms of reporting on an additional design science cycle.
KW - Cyber-security by design
KW - Modeling method
KW - Multi-level modeling
KW - Security analysis
KW - Security reference framework
UR - http://www.scopus.com/inward/record.url?scp=85207771557&partnerID=8YFLogxK
U2 - 10.1007/s12599-024-00899-y
DO - 10.1007/s12599-024-00899-y
M3 - Article
AN - SCOPUS:85207771557
SN - 2363-7005
VL - XX
JO - Business and Information Systems Engineering
JF - Business and Information Systems Engineering
IS - X
ER -