Choosing an Enterprise Cybersecurity Framework

Written By Todd Mitchell

As a business owner you want to protect your data. Your Cybersecurity should be focused on that. Not protecting your server stack and router from harm. Most big cyber solutions are based on the ITU-T X805 model. Which starts with a focus on the infrastructure, services, and application layers with a security framework based on activities performed on the network at each layer. Inside the framework are eight security dimensions. These include access control authentication, non-repudiation, confidentiality, communication, integrity, availability, and privacy. The output of this framework consists of list of vulnerabilities, security controls and assets (Gupta, Chandrashekher, Sabnis, Bastry, 2007). While this is important it does nothing to protect your data specifically.

The best method it to look at your business process and how you use and store your data abd design a cybersecurity system around that. The Donn Parker model has six essential parts including security elements very similar to the X.805 security dimensions. The other five essentials are sources, acts, safeguards, methods, and objectives (Bosworth, Kabay, & Whyne, 2014). While the controls compare to the X.805 model the focus is driven by use cases from user-based activities on all levels. This is direct contrast to the X.805 model that is more hardware and networking focused in its approach.

If an organization asked for my recommendation, I would suggest the Donn Parker approach. Most people in an organization will be able to identify user-based use cases and activities far easier than relying on IT professionals to assess network configurations of the other models. Additionally, the Parker model focuses on the possession of information and how it is used as a method to design security controls (Bosworth, Kabay, & Whyne, 2014).

References:

Bosworth, S., Kabay, M., & Whyne, E. (2014). Computer Security Handbook (6th ed., Vol 2, pp. 3.2-3.3). Hoboken: John Wiley & Sons.

Gupta, A., Chandrashekhar, U., Sabnis, S. & Bastry, F. (2007). Building secure products and solutions. Bell Labs Technical Journal (John Wiley & Sons, Inc.), 12(3), 21. doi:10.1002/bltj.20247

Todd Mitchell
Previous

Is my server room Fire Protection user friendly?
Next

What is a Cybersecurity Policy?