International Journal of Wireless and Microwave Technologies (IJWMT)
IJWMT Vol. 13, No. 1, 8 Feb. 2023
Cover page and Table of Contents: PDF (size: 572KB)
Methodologies, Requirements and Challenges of Cybersecurity Frameworks: A Review
Full Text (PDF, 572KB), PP.1-13
Views: 0 Downloads: 0
Author(s)
Index Terms
Cloud computing, Cybersecurity framework, ISO-CSF, NIST-CSF.
Abstract
As a result of the emergence of new business paradigms and the development of the digital economy, the interaction between operations, services, things, and software through numerous fields and communities may now be processed through value chains networks. Despite the integration of all data networks, computing models, and distributed software that offers a broader cloud computing, the security solution is have a serious important impact and missing or weak, and more work is needed to strengthen security requirements such as mutual entity trustworthiness, Access controls and identity management, as well as data protection, are all aspects of detecting and preventing attacks or threats. Various international organizations, academic universities and institutions, and organizations have been working diligently to establish cybersecurity frameworks (CSF) in order to combat cybersecurity threats by (CSFs). This paper describes CSFs from the perspectives of standard organizations such as ISO CSF and NIST CSF, as well as several proposed frameworks from researchers, and discusses briefly their characteristics and features. The common ideas described in this study could be helpful for creating a CSF model in general.
Cite This Paper
Alaa Dhahi Khaleefah, Haider M. Al-Mashhadi, "Methodologies, Requirements and Challenges of Cybersecurity Frameworks: A Review", International Journal of Wireless and Microwave Technologies(IJWMT), Vol.13, No.1, pp. 1-13, 2023. DOI:10.5815/ijwmt.2023.01.01
Reference
[1]Scott-Hayward, S., Natarajan, S., Sezer, S. "A survey of security in software defined networks," IEEE Commun. Surv. Tutor. 18(1), 623–654 (2016).
[2]Schnepf, N., Badonnel, R., Lahmadi, A., Merz, S. "Automated verification of security chains in software- defined networks with synaptic," In: 2017 IEEE Conference on Network Softwarization (Net-Soft), pp. 1–9 (2017).
[3]Hares, S., Lopez, D., Zarny, M., Jacquenet, C., Kumar, R., Jeong, J. "Interface to network security functions (I2NSF): Problem statement and use cases," IETF RFC 8192 (2017). https:// www. rfc- editor. org/ rfc/ pdfrfc/ rfc81 92. txt. Pdf.
[4]Pék, G., Buttyan, L., Bencsath, B. “A survey of security issues in hardware virtualization. ACM Comput. Surv. 45(3), 40:2-40:34 (2013). https:// doi. org/ 10. 1145/ 24807 41. 24807 57
[5]Rapuzzi, R., Repetto, M. “Building situational awareness for network threats in fog/edge computing, emerging paradigms beyond the security perimeter model,” Fut. Gener. Comput. Syst. 85, 235–249 (2018). https:// doi. org/ 10. 1016/j. future. 2018. 04. 007
[6]Hu, V., Ferraiolo, D., Kuhn, R., Schnitzer, A., Sandlin, K., Miller, R., Scarfone, K. “Guide to Attribute Based Access Control (ABAC) Definition and Considerations,” Nist special publication 800-162, NIST (2014)
[7]Indu, I., Rubesh Anand, P., Bhaskar, V. " Identity and access management in cloud environment: Mechanisms and challenges," Eng. Sci. Technol. Int. J. 21(4), 574–588 (2018)
[8]Lang, B., Wang, J., Liu, Y. "Achieving flexible and self-contained data protection in cloud computing," IEEE Access 5, 1510–1523 (2017)
[9]Li, R., Shen, C., He, H., Gu, X., Xu, Z., Xu, C. “A lightweight secure data sharing scheme for mobile cloud computing. IEEE Trans. Cloud Comput,” 6(2), 344–357 (2018)
[10]Lynch, L. “Inside the identity management game,” IEEE Internet Comput. 15(5), 78–82 (2011).
[11]Ramesh, D., Priya, R. “Multi-authority scheme based cp-abe with attribute revocation for cloud data storage,” In 2016 International Conference on Microelectronics, Computing and Communications (MicroCom), pp. 1–4 (2016).
[12]Sciancalepore, S., Piro, G., Caldarola, D., Boggia, G., Bianchi, G. “On the design of a decentralized and multi-authority access control scheme in federated and cloud-assisted Cyber-Physical Systems,” IEEE Internet Things J. 5(6), 5190–5204 (2018). https://doi.org/10.1109/JIOT.2018.2864300
[13]Shehab, M., Marouf, S. “Recommendation models for open authorization,” IEEE Trans. Dependable Secure Comput. 9(4), 583–596 (2012).
[14]Vapen, A., Carlsson, N., Mahanti, A., Shahmehri, N. “A look at the third-party identity management landscape,” IEEE Internet Comput. 20(2), 18–25 (2016).
[15]Wei, J., Liu, W., Hu, X. “Secure and efficient attribute-based access control for multiauthority cloud storage,” IEEE Syst. J. 12(2), 1731–1742 (2018).
[16]Xue, K., Chen, W., Li, W., Hong, J., Hong, P. “Combining data owner-side and cloud-side access control for encrypted cloud storage,” IEEE Trans. Inf. Forensics Secur. 13(8), 2062–2074 (2018).
[17]Yang, K., Jia, X., Ren, K., Zhang, B. “DAC-MACS: Effective data access control for multi-authority cloud storage systems,” In: Proceedings IEEE INFOCOM, pp. 2895–2903 (2013).
[18]Yang, K., Liu, Z., Jia, X., Shen, X.S. “Time-domain attribute-based access control for cloud-based video content sharing: a cryptographic approach,” IEEE Trans. Multimedia 18(5), 940–950 (2016).
[19]Zhu, Y., Huang, D., Hu, C.J., Wang, X. “From RBAC to ABAC: constructing flexible data access control for cloud storage services,” IEEE Trans. Serv. Comput. 8(4), 601–616 (2015).
[20]Amirah Alomari, Shamala K. Subramaniam, Normalia Samian, Rohaya Latip and Zuriati Zukarnain, “Resource Management in SDN-Based Cloud and SDN-Based Fog Computing: Taxonomy Study,” Symmetry 2021, 13, 734. https://doi.org/10.3390/sym13050734
[21]Jungmin Son, Amir Vahid Dastjerdi, Rodrigo N. Calheiros, Xiaohui Ji, Young Yoon, Rajkumar Buyya, “CloudSimSDN: Modeling and Simulation of Software-Defined Cloud Data Centers,” 2015 15th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing.
[22]Repetto, M., Carrega, A., Rapuzzi, R. “An architecture to manage security operations for digital service chains,” Fut. Gener. Comput. Syst. 115, 251–266 (2021)
[23]Khan, A.A., Khan, M., Ahmed, W. “Improved scheduling of virtual machines on cloud with multitenancy and resource heterogeneity,” In: 2016 International Conference on Automatic Control and Dynamic Optimization Techniques (ICACDOT), pp. 815–819 (2016).
[24]Network functions virtualisation (nfv) “terminology for main concepts in nfv,” ETSI GS NFV 003 (2018). https://www.etsi.org/deliver/etsi_gs/NFV/001_099/003/01.04.01_60/gs_nfv003v010401p. pdf. V1.4.1
[25]Matteo Repetto1, Domenico Striccoli, Giuseppe Piro, Alessandro Carrega, Gennaro Boggia, Raffaele Bolla, “An Autonomous Cybersecurity Framework for Next generation Digital Service Chains,” Journal of Network and Systems Management, (2021) 29:37, https://doi.org/10.1007/s10922-021-09607-7.
[26]Bouten, N., Mijumbi, R., Serrat, J., Famaey, J., Latrè, S., De Turck, F. “Semantically enhanced mapping algorithm for affinity-constrained service function chain requests,” IEEE Trans. Netw. Serv. Manage. 14(2), 317–331 (2017). https://doi.org/10.1109/TNSM.2017.2681025.
[27]Ghaznavi, M., Shahriar, N., Kamali, S., Ahmed, R., Boutaba, R. “Distributed service function chaining,” IEEE J. Sel. Areas Commun. 35(11), 2479–2489 (2017). https://doi.org/10.1109/JSAC.2017. 2760178
[28]“Network functions virtualisation; management and orchestration,” ETSI GS NFV-MAN 001 (2014). http://www.etsi.org/deliver/etsi_gs/NFV-MAN/001_099/001/01.01.01_60/gs_NFV-MAN001v010101p.pdf. V1.1.1
[29]Mamdouh Alenezi, Khaled Almustafa, Khalim Amjad Meerja, “Cloud based SDN and NFV architectures for IoT infrastructure,” Egyptian Informatics Journal 20(1), 2018.
[30]ISO/IEC 27032:2012(E) information technology e security techniques e guidelines for Cyber Security, Geneva, Switzerland: ISO/IEC, 2012.
[31]Hasrouny H, Samhat AE, Bassil C, Laouiti A. “VANet security challenges and solutions: a survey,” Vehicular Commun 7:7–20, 2017.
[32]Public Safety Canada, “National Cyber Security Strategy: Canada’s vision for security and prosperity in the digital age,” (2018). [Online]. https://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/ntnl-cbr-scrt-strtg/ntnl-cbr-scrt-strtg-en.pdf
[33]Von Solms B, von Solms R “Cyber Security and information security—What goes where?, ” Inform Comput Security 26(1):2–9, 2018.
[34]International Telecommunications Union (ITU). “Overview of Cybersecurity: Recommendation ITU-T X.1205, Geneva: International Telecommunication Union (ITU)”. 2009. https://www.itu.int/rec/T-REC-X.1205-200804-I/en
[35]Bahuguna A, Bisht RK, Pande J. “Roadmap amid chaos: cyber security management for organizations,” In: Proceedings of the ninth international conference on computing communication and networking technologies (ICCCNT), pp 1–6, 2018
[36]Disterer G. “ISO/IEC 27000, 27001 and 27002 for information security management,” J Inform Security 4(2):92–100, 2013
[37]Humphreys E. “Information security management system standards,” Datenschutz und Datensicherheit 35(1):7–11, 2011
[38]ISO/IEC. 27001:2013, “International standard ISO/IEC Information technology—Security techniques—Information security management systems—Requirements”, vol. 2013, 2013.
[39]ISO/IEC. 27017:2015, “Information technology—Security techniques—Code of practice for information security controls based on ISO/IEC 27002 for cloud services”, 2015
[40]ISO/IEC. 27000:2018, “Information technology—Security techniques—Information security management systems—Overview and vocabulary”, 2018.
[41]ISO/IEC. 27002:2013, “Information technology—Security techniques—Code of practice for Information security controls”, 2013.
[42]NIST, “Framework for Improving Critical Infrastructure Cybersecurity”. Version 1.0. 2014. [Online]. Available at https://www.nist.gov/document-3766
[43]NIST, “Glossary of Key Information Security Terms”. NISTIR 7298 Rev.3. 2019. https://doi.org/10.6028/NIST.IR.7298r3
[44]Krumay B, Bernroider EWN, Walser R. “Evaluation of cybersecurity management controls and metrics of critical infrastructures: a literature review considering the NIST Cybersecurity Framework,” In: Gruschka N. (ed) NordSec. Lecture Notes in Computer Science, vol 11252, pp 369–384, 2018.
[45]NIST, “Framework for improving critical infrastructure cybersecurity”, Version1.1, 2018. [Online]. https://doi.org/10.6028/NIST. CSWP.04162018
[46]Mbanaso UM, Abrahams L, Apene OZ, “Conceptual design of a cybersecurity resilience maturity measurement (CRMM) framework,” African J Inform Commun 23:1–26, 2019.
[47]Chang V, Kuo YH, Ramachandran M. “A Cloud computing adoption framework: a security framework for business clouds,” Future Generation Comput Syst 57:24–41, 2016.
[48]Chang V, Ramachandran M, Yao Y. Chung-Sheng Li, “A resiliency framework for an enterprise cloud,” Int J Inf Manage 36(1):155–166, 2016
[49]Wendler R. “The maturity of maturity model research: a systematic mapping study,” Inf Softw Technol 54(12):1317–1339, 2012
[50]Almuhammadi S, Majeed A. “Information Security maturity model for NIST cyber security framework,” Comput Sci Inform Technol 51:51–62, 2017.
[51]Le NT, Hoang DB, “Capability maturity model and metrics framework for cyber cloud security,” Scalable Comput 4:277–290, 2017.
[52]Abdel-Basset M, Mohamed M, Chang V. “NMCDA: a framework for evaluating cloud computing services,” Future Generation Comput Syst 86:12–29, 2018.
[53]Najat Tissir, Said El Kafhali, Noureddine Aboutabit, “Cybersecurity management in cloud computing: semantic literature review and conceptual framework proposal”, Journal of Reliable Intelligent Environments, springer, October 2020. https://doi.org/10.1007/s40860-020-00115-0
[54]Abdlhamed, M., Kifayat, K., Shi, Q., Hurst, W. “Intrusion Prediction Systems,” Springer, New York, 2017.
[55]Ahmad, F., Franqueira, V.N.L., Adnane, A. “TEAM: a trust evaluation and management framework in context-enabled vehicular ad-hoc networks,” IEEE Access 6, 28643–28660, 2018.
[56]Ding, D., Han, Q., Wang, Z., Ge, X. “A survey on model-based distributed control and filtering for industrial cyber-physical systems,” IEEE Trans. Ind. Inf. 15(5), 2483–2499, 2019.
[57]Huang, K., Zhou, C., Tian, Y., Yang, S., Qin, Y. “Assessing the physical impact of cyberattacks on industrial cyber-physical systems,” IEEE Trans. Ind. Electron. 65(10), 8153–8162, 2018.
[58]Haider M. Al-Mashhadi, Ala'a A. Khalf, “Hybrid Homomorphic Cryptosystem for Secure Transfer of Color Image on Public Cloud,” IJCSNS International Journal of Computer Science and Network Security, VOL.18 No.3, March 2018
[59]Haider M. Al-Mashhadi and Mohammed H. Alabiech, " Symmetric ECC with Variable Key using Chaotic Map," International Journal of Computer Science Issues, vol. 14, no. 6, pp. 24-28, 2017.
[60]Lin, J., Yu, W., Zhang, N., Yang, X., Zhang, H., Zhao, W. “A survey on internet of things: architecture, enabling technologies, security and privacy, and applications,” IEEE Internet Things J. 4(5), 1125–1142, 2017.
[61]Lin, H., Yan, Z., Chen, Y., Zhang, L. “A survey on network security-related data collection technologies,” IEEE Access 6, 18345–18365, 2018.
[62]Nespoli, P., Papamartzivanos, D., Marmol, F.G., Kambourakis, G. “Optimal countermeasures selection against cyber-attacks: a comprehensive survey on reaction frameworks,” IEEE Commun. Surv. Tutor. 20(2), 1361–1396, 2018.
[63]Vinayakumar, R., Alazab, M., Soman, K.P., Poornachandran, P., Al-Nemrat, A., Venkatraman, S. “Deep learning approach for intelligent intrusion detection system,” IEEE Access 7, 41525–41550, 2019.
[64]Vinayakumar, R., Alazab, M., Soman, K.P., Poornachandran, P., Venkatraman, S. “Robust intelligent malware detection using deep learning,” IEEE Access 7, 46717–46738, 2019