Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
Reducing complexity in cyber security architecture: A practical model for security classifications
Cyber Security: A Peer-Reviewed Journal,
7
(2),
110-119
(2023)
Abstract
Building and running cyber security in both worlds, modern cloud security in combination with legacy on premises, introduces extra complexity. Some of the well-known security patterns and models are not applicable in cloud systems, while modern security models like zero trust (ZT) barely fit into legacy systems. Security technologies and tools are the subject of constant enhancements and adaptions to their environment. They can make security decisions on a very fine-grained basis. The corresponding rule sets and policies are becoming more and more decentralised, detailed and complex. Introducing modern security models such as ZT or micro-perimeter enforces the effect. The overall situation makes it hard for the responsible person to control the cyber security situation and the staff operating cyber security systems and technologies. Both are overwhelmed by the mass of fine-grained, fragmented and distributed security workloads. This paper introduces a practical model for security classifications in cyber security environments. The main goal of the model is to reduce complexity and keep cyber environments manageable. The model delivers not only a cyber risk classification regarding a single business application but works as an integrated view over risks for complete cyber environments.
Keywords: cyber security classification; complexity reduction; cloud; legacy systems; OT systems
The full article is available to subscribers to the journal.
Author's Biography
Eleni Richter was previously a programmer and administrator at the Internet start-up web.de. Eleni has spent more than 20 years in different positions at Energie Baden-Württemberg AG (EnBW AG), including IT security manager, IT consultant, IT system designer, project manager and architect. This wide knowledge base led to her current position, where she is responsible for design and architecture of a next-generation identity management system at EnBW AG, one of the four largest energy suppliers of Germany. She regularly speaks at technology conferences and her passion about creating cyber architectures and discussing ideas with others is also reflected in her activity as part-time lecturer in Identity and Access Management and Cyber Security Architecture at Lucerne University of Applied Sciences and Arts (HSLU), Switzerland. She holds a Master of Engineering from the University of Karlsruhe (TH), Germany.
