An Approach to Organizational Cybersecurity

• Published in: Enterprise Security Vol. 10131; pp. 203 - 222
• Main Authors: Romero-Mariona, Jose, Hallman, Roger, Kline, Megan, Palavicini, Geancarlo, Bryan, Josiah, Miguel, John San, Kerr, Lawrence, Major, Maxine, Alvarez, Jorge
• Format: Book Chapter
• Language: English
• Published: Switzerland Springer International Publishing AG 2017; Springer International Publishing
• Series: Lecture Notes in Computer Science
• Subjects: Critical Infrastructure; Enterprise System; Industrial Control System; Security Technology; Software Define Networking
• ISBN: 3319543792; 9783319543796
• ISSN: 0302-9743; 1611-3349
• DOI: 10.1007/978-3-319-54380-2_9

Large organizations must plan for Cybersecurity throughout their entire network, taking into account network granularity and outside subcontractors. The United States Department of Defense (DoD) has large networked systems that span the globe, crossing multiple intra-organizational systems. This larger network includes Information Systems typical of enterprise networks, SCADA Systems monitoring critical infrastructure, newer Cyber-physical systems, and mobile networks. With increased connectivity within the DoD and to external organizations, Cybersecurity is seen as a critical organizational need. There is not currently a standard evaluation process to gauge whether various Cybersecurity technologies adequately meet the needs of either the DoD at large or the context of lower-tier organizations. We introduce the DoD-Centric and Independent Technology Evaluation Capability (DITEC), an enterprise-ready evaluation tool that offers a repeatable evaluation process, the ability to take prior product evaluations into account during the acquisition process, and tools to assist security non-experts in understanding which technologies meet their specific needs. This work describes DITEC and the Cyber-SCADA Evaluation Capability (C-SEC), an implementation of DITEC in a Cyber-Physical context.