Digital security reference model: a survey and proposal

摘要

This paper presents a survey and proposal of a digital security reference model. The proposed reference model consists of three layers: technology and engineering layer, management layer, and legal layer. The first layer focuses on technologies and engineering processes to build a secure digital system. Then, the second layer is all about management or organizational procedures. Finally, the last layer consists of compliance with existing laws and regulations. The correlation between each layer is, first, focusing on the technology and engineering layer to get anything to build an organization’s secure digital system. Then, create policies for all parties of the organizations. Last, make sure all of the technology used and procedures applied complied with the existing law. The last layer also has a role as if security breach success penetrates the two previous layers. The next is digital forensics to reveal the cyber incident and punish the criminals by the existing law. In general, this proposed reference model aims to guide organizations, companies, and governments in developing a secure digital system with a comprehensive perspective. In particular, the reference model has two use case actors, engineers, and researchers. For the engineer, this reference model guides to starting and developing a digital security system. There are five steps to creating a secure digital system using this reference model: preparation, specifications, system design, implementation, and evaluation. For the researcher, this reference model gives a comprehensive understanding. So the researcher gets a big picture of the secure digital system’s research field before starting the research. After it, the researcher determines which topic they want.