SAM-CyFra: A System for the Automated Management of Cybersecurity Frameworks

Given the expanding threat landscape, protecting critical infrastructures and sensitive information has become a top priority. Organizations are increasingly emphasizing security risk assessments to safeguard their assets and maintain compliance with evolving standards and regulations. As a result, various cybersecurity frameworks have been developed to assist organizations assess and strengthen their security practices, promoting a proactive and strategic approach to risk management. However, cybersecurity frameworks present significant challenges in terms of complexity, scalability, and adaptability. On the one hand, they generally rely on manual assessment processes, with all limitations of manual evaluations. On the other hand, they are characterized by a heterogeneous nature that works at different levels of granularity, thus resulting in a complex landscape for companies. To address these challenges, this work proposes SAM-CyFra, a system designed to automate and streamline the management of cybersecurity frameworks. SAM-CyFra organizes security into three layers, providing a simplified and modular approach that enhances adaptability to each organization’s specific needs. Some preliminary results are presented with a focus on U-space environments.