Yuning Jiang , Manfred A. Jeusfeld , Michael Mosaad , Nay Oo
{"title":"用于关键基础设施网络安全分析的企业架构建模 - 系统文献综述","authors":"Yuning Jiang , Manfred A. Jeusfeld , Michael Mosaad , Nay Oo","doi":"10.1016/j.ijcip.2024.100700","DOIUrl":null,"url":null,"abstract":"<div><p>As digital landscapes become increasingly complex, safeguarding sensitive information and systems against cyber threats has become a paramount concern for organizations. This paper provides a comprehensive review of how enterprise architecture modeling is used in the context of cybersecurity assessment, particularly focusing on critical infrastructures. The use of enterprise architecture models for cybersecurity is motivated by the main purpose of enterprise architecture, namely to represent and manage business and IT assets and their interdependence. While enterprise architecture modeling originally served to assess Business/IT alignment, they are increasingly used to assess the cybersecurity of the enterprise. The research questions explored include the types of enterprise architecture models used for cybersecurity assessment, how security aspects are incorporated into these models, the theoretical frameworks and reference theories applied, the research methods used for evaluation, and the strengths and limitations of these models in supporting cybersecurity assessment. This review encompasses research papers published before 2024, focusing on high-quality research from peer-reviewed journals and reputable conferences, thereby providing a structured and comprehensive overview of the current state of research in this domain.</p></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"46 ","pages":"Article 100700"},"PeriodicalIF":4.1000,"publicationDate":"2024-07-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Enterprise architecture modeling for cybersecurity analysis in critical infrastructures — A systematic literature review\",\"authors\":\"Yuning Jiang , Manfred A. Jeusfeld , Michael Mosaad , Nay Oo\",\"doi\":\"10.1016/j.ijcip.2024.100700\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p>As digital landscapes become increasingly complex, safeguarding sensitive information and systems against cyber threats has become a paramount concern for organizations. This paper provides a comprehensive review of how enterprise architecture modeling is used in the context of cybersecurity assessment, particularly focusing on critical infrastructures. The use of enterprise architecture models for cybersecurity is motivated by the main purpose of enterprise architecture, namely to represent and manage business and IT assets and their interdependence. While enterprise architecture modeling originally served to assess Business/IT alignment, they are increasingly used to assess the cybersecurity of the enterprise. The research questions explored include the types of enterprise architecture models used for cybersecurity assessment, how security aspects are incorporated into these models, the theoretical frameworks and reference theories applied, the research methods used for evaluation, and the strengths and limitations of these models in supporting cybersecurity assessment. This review encompasses research papers published before 2024, focusing on high-quality research from peer-reviewed journals and reputable conferences, thereby providing a structured and comprehensive overview of the current state of research in this domain.</p></div>\",\"PeriodicalId\":49057,\"journal\":{\"name\":\"International Journal of Critical Infrastructure Protection\",\"volume\":\"46 \",\"pages\":\"Article 100700\"},\"PeriodicalIF\":4.1000,\"publicationDate\":\"2024-07-14\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Critical Infrastructure Protection\",\"FirstCategoryId\":\"5\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S1874548224000416\",\"RegionNum\":3,\"RegionCategory\":\"工程技术\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Critical Infrastructure Protection","FirstCategoryId":"5","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1874548224000416","RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
摘要
随着数字环境变得日益复杂,保护敏感信息和系统免受网络威胁已成为企业最关心的问题。本文全面回顾了企业架构建模在网络安全评估中的应用,尤其侧重于关键基础设施。将企业架构模型用于网络安全的动机是企业架构的主要目的,即表示和管理业务与 IT 资产及其相互依存关系。企业架构建模最初用于评估业务/IT 的一致性,但现在越来越多地用于评估企业的网络安全。探讨的研究问题包括用于网络安全评估的企业架构模型类型、如何将安全方面纳入这些模型、应用的理论框架和参考理论、用于评估的研究方法,以及这些模型在支持网络安全评估方面的优势和局限性。本综述涵盖 2024 年之前发表的研究论文,重点关注同行评审期刊和知名会议上的高质量研究,从而对该领域的研究现状提供一个结构化的全面概述。
Enterprise architecture modeling for cybersecurity analysis in critical infrastructures — A systematic literature review
As digital landscapes become increasingly complex, safeguarding sensitive information and systems against cyber threats has become a paramount concern for organizations. This paper provides a comprehensive review of how enterprise architecture modeling is used in the context of cybersecurity assessment, particularly focusing on critical infrastructures. The use of enterprise architecture models for cybersecurity is motivated by the main purpose of enterprise architecture, namely to represent and manage business and IT assets and their interdependence. While enterprise architecture modeling originally served to assess Business/IT alignment, they are increasingly used to assess the cybersecurity of the enterprise. The research questions explored include the types of enterprise architecture models used for cybersecurity assessment, how security aspects are incorporated into these models, the theoretical frameworks and reference theories applied, the research methods used for evaluation, and the strengths and limitations of these models in supporting cybersecurity assessment. This review encompasses research papers published before 2024, focusing on high-quality research from peer-reviewed journals and reputable conferences, thereby providing a structured and comprehensive overview of the current state of research in this domain.
期刊介绍:
The International Journal of Critical Infrastructure Protection (IJCIP) was launched in 2008, with the primary aim of publishing scholarly papers of the highest quality in all areas of critical infrastructure protection. Of particular interest are articles that weave science, technology, law and policy to craft sophisticated yet practical solutions for securing assets in the various critical infrastructure sectors. These critical infrastructure sectors include: information technology, telecommunications, energy, banking and finance, transportation systems, chemicals, critical manufacturing, agriculture and food, defense industrial base, public health and health care, national monuments and icons, drinking water and water treatment systems, commercial facilities, dams, emergency services, nuclear reactors, materials and waste, postal and shipping, and government facilities. Protecting and ensuring the continuity of operation of critical infrastructure assets are vital to national security, public health and safety, economic vitality, and societal wellbeing.
The scope of the journal includes, but is not limited to:
1. Analysis of security challenges that are unique or common to the various infrastructure sectors.
2. Identification of core security principles and techniques that can be applied to critical infrastructure protection.
3. Elucidation of the dependencies and interdependencies existing between infrastructure sectors and techniques for mitigating the devastating effects of cascading failures.
4. Creation of sophisticated, yet practical, solutions, for critical infrastructure protection that involve mathematical, scientific and engineering techniques, economic and social science methods, and/or legal and public policy constructs.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
