An assessment model for cyber security of Vietnamese organization

Abstract

This article aims to introduce the cyber security assess model (CSAM), an important component in cyber security architecture framework, especially for the developing country as Vietnam. This architecture framework is built up with the Enterprise Architecture approach and based on the ISO 2700x and NIST SP 800-53 Rev.4. From the holistic perspective based on EGIF developed previously by UNDP group and the main TOGAF features, ITI-GAF is simplified to suit the awareness, capability and improvement readiness of the developing countries. The result of survey and applying in countries as Vietnam, Lao affirms the applicable value of ITI-GAF and the CSAM. The comprehensive, accurate and prompt assessment when applying ITI-CSAM enables the organization to identify the cybersecurity strengths and weaknesses, thereby determine the key parts need invested and its effects to the whole organization’s cybersecurity, then build up the action plan for short-term and long-term.