Proposing a DESM-based analytical framework for the enterprise cyber defender

Abstract

This paper proposes an analytical framework for the next generation of cybersecurity architecture and strategy to assist the enterprise cyber defender. We built an enterprise system model for practitioner use by leveraging representative enterprises as critical infrastructure operators to achieve a learning objective. The learning objective is to assist the cyber defender with developing the enterprise cybersecurity architecture and strategy via the framework. The focus is to investigate an awareness, education, and training (AET) approach aimed at human factors concerning the role of the enterprise cybersecurity architect, where one architectural perspective is concerned with the successful operation of the enterprise. In contrast, the other is focused on the operation not failing. The goal is to identify the cybersecurity practitioner’s progress outcomes via a process prescribed by the Descriptive Enterprise System Model (DESM) as an adapted analytical framework for cybersecurity architect utilization (Clark et al., 2023). The objective is to 1st utilize the framework’s three-tiered structure and 2nd that the process targets resolving Crume’s three key factors for cybersecurity architecture roles and tools: (1) understanding how the system operates, (2) what is the potential for failure, and (3) what is the threshold to circumvent failure (Crume, 2023)?

Keywords: Enterprise risk management cybersecurity awareness & training, model-based system engineering (MBSE)

DOI: 10.54941/ahfe1004761