loading page

An asset-focused systematic framework to manage cybersecurity from tactical and operational levels
  • +1
  • Manuel Domínguez-Dorado ,
  • Javier Carmona-Murilo ,
  • David Cortés-Polo ,
  • Francisco J. Rodríguez-Pérez
Manuel Domínguez-Dorado
Public Business Entity Red.es, Public Business Entity Red.es

Corresponding Author:[email protected]

Author Profile
Javier Carmona-Murilo
Author Profile
David Cortés-Polo
Author Profile
Francisco J. Rodríguez-Pérez
Author Profile

Abstract

The standards and reference models commonly used to administrate cybersecurity are not suitable to manage it at tactical and operational levels. They are sometimes very generic, other times they are focused on information security but not on cybersecurity, and on rare occasions\textcolor{blue}{,} they detail specific methodological and procedural aspects for lower levels. This causes difficulty in keeping cybersecurity adapted to the highly dynamic cyber context with the required holism and strategic alignment. Our proposal defines a process, CyberTOM, to manage cybersecurity from tactical and operational levels, as well as a set of techniques, knowledge bases, and concepts to support it and contribute to its practical application, focusing on the business asset and on maintaining both the holistic vision and strategic alignment. Likewise, our solution provides mechanisms to assess cybersecurity at different levels, being an independent complement of the standard used for higher levels.
2022Published in IEEE Access volume 10 on pages 122454-122485. 10.1109/ACCESS.2022.3223440