Abstract
The implementation of organizational transformation projects (simply project) in the contexts of complex and dynamic businesses (or other application domains), need an optimal transformation framework and a holistic RoGCSC. The RoGCSC uses measurable cybersecurity and governance security risk (secRisk) critical factors, which are mitigated and tuned, to ensure project's successful evolution and predict/block cyber (or classical) crimes/misdeeds. The actual exponential rise of cybercrimes has become a major concern for countries, enterprises, and citizens; and that obliges projects to integrate polymathic-holistic security strategies. Actual cyberspace's resilience, control, and security concepts are siloed, insufficient, chaotic, and concentrate only on platforms' infrastructural aspects. Actual concepts focus on isolated hackers, where financial predators are the ones behind major cybercrimes. Global cybercrimes are closely related to global events and phenomena, like financial greediness, insecurity, conflicts, terrorism, pandemics, and societal crisis.
TopIntroduction
Today many security Architectures (secArch) exist and unfortunately, they often inefficient. A Project supports the transformation of traditional businesses into secured Cyberbusinesses, by automating its security processes, which can face human resistances. The implementation of secOUs takes into account mainly intangible non-financial objectives, where security as the highest priority. A Project has various Enterprise’s (simply ENT) Viewpoints, like “O” for organizational, “S” for Security… In this chapter the focus is on Viewpoint “S” or ENT(S). ENT(S) is a sequence (or a set) of secRPs applied to secOUPs (secRPOUP), which goal is to disassemble ENT(S)’: Legacy OUs’ archaic structure(s), Security concept, Organizational processes, Information system’s administration, Resources/Artefacts, Applications, Working models, and Components; into dynamic reusable secCBBs which can be (re)used in standardized or In-House-Implemented (IHI) Organizational secBBs (secOBB). A secOU is a set of secOBBs and different secOUs can share common secOBBs and secCBBs. Legacy OUs’ transformation need an IHI secured Methodology, Domain, and Technology Common Artefacts Standard (secMDTCAS) that maps to refactored secBBs, secCBBs and secOBBs. In the process of refactoring Micro-Artifacts (secMA) the secRP can face difficulties, because ENT(S)’ heterogenous human profiles/cultures, system parts, secOU’s Resistances (OUR), managers/stakeholders exaggerated financial ambitions, and Project’s limited time/budgets. The author uses an adapted version of his Applied Holistic Mathematical Model (AHMM) for RoGCSC (AHMM4RoGCSC) (Trad, & Kalpić, 2020a) to support secRPOUP’s capacity in the initial phase to generate a pool of secBBs. The secBBs are based on the secBBs that are generated by the secure Automated Refine Processes (secARP) based secUP. Projects are very complex to secure and they depend on the initial Project’s phase, which is secARP/secUP. secCBBs are combined to offer reusable secOBBs, which are used to (re)build and resecure secOUs. The secARP/secUP based secRPOUP face difficulties because of various heterogenous security concepts and the AHMM4RoGCSC can check the integrity of the RoGCSC. Unfortunately, Projects are intended to deliver immediate tangible financial profits, and that is the reason for their high failure-rate, which is more than 70%; and if they succeed, they are unsecure. An IHI RoGCSC avoids financial-only locked-in strategies, products, and ensures success. It is important to define the levels of granularity and a mapping concept for the secMDTCAS, which enables the reuse of existing (or newly) refactored/refined secMAs/secBBs/secCBBs/secOBBs. As shown in Figure 1, the RoGCSC follows the secARP/secUP phase and if that step fails then a new RoGCSC has to be implemented. Otherwise, the Project can move to the next step and consider that an achievement was done. The RoGCSC chooses an initial secOU’s module to be refactored by the secARP/secUP, to prove that its feasibility and tries to convince that ENT(S) can move to secOBB and the secure Process/collaboration Models (secOPM) based secure Dynamic Organizational Models (secDOM) refactoring phase, which is this chapter’s scope.