Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
This article aims to introduce the cyber security assess model (CSAM), an important component in cyber security architecture framework, especially for the developing country as Vietnam. | VNU Journal of Science: Policy and Management Studies, Vol. 33, No. 2 (2017) 97-103 An Assestment Model for Cyber Security of Vietnamese Organization Le Quang Minh*, Doan Huu Hau, Nguyen Ngoc Tuan, Cu Kim Long, Nguyen Minh Phuc Information Technology Institute, Vietnam National University, Hanoi, 144 Xuan Thuy Street, Cau Giay District, Hanoi, Vietnam Received 11 April 2017 Revised 07 June 2017, Accepted 28 June 2017 Abstract: This article aims to introduce the cyber security assess model (CSAM), an important component in cyber security architecture framework, especially for the developing country as Vietnam. This architecture framework is built up with the Enterprise Architecture approach and based on the ISO 2700x and NIST SP 800-53 Rev.4. From the holistic perspective based on EGIF developed previously by UNDP group and the main TOGAF features, ITI-GAF is simplified to suit the awareness, capability and improvement readiness of the developing countries. The result of survey and applying in countries as Vietnam, Lao affirms the applicable value of ITI-GAF and the CSAM. The comprehensive, accurate and prompt assessment when applying ITI-CSAM enables the organization to identify the cybersecurity strengths and weaknesses, thereby determine the key parts need invested and its effects to the whole organization’s cybersecurity, then build up the action plan for short-term and long-term. Keywords: ITI-GAF, Cyber-security architecture framework, assessment model for cyber-security, NIST SP 800-53 Rev.4. 1. Introdution There must be some architecture to guideline the deployment of information systems while guaranteeing the security. Such an architecture must confront the increasing number of attacks in a variety of forms, tools, environment, at different levels of complexity and severity. It would be a major part of Enterprise Architecture [1-2]. However, in general it is extremely difficult to achieve consensus in Cyber Security. On the other hand, the situation of