DISTINCTION BETWEEN THE ELECTRONIC COMMUNICATION SYSTEM OF THE NETWORK AND THE ELECTRONIC INFORMATION SYSTEM IN THE CONTEXT OF ENSURING CYBERSECURITY OF ORGANIZATIONS
DOI:
https://doi.org/10.28925/2663-4023.2025.31.1030Keywords:
cybersecurity, electronic communication network, electronic information system, network segmentation, Zero Trust, service isolation, access management.Abstract
In the current environment of digital transformation of organizations, the complexity and interdependence between electronic communication networks (ECN) and electronic information systems (ES) is increasing, which raises the risks of cyberattacks and breaches of confidentiality, integrity, and availability of data. Insufficient separation between these two levels of IT infrastructure creates conditions for the spread of threats within a single information space, particularly during attacks such as lateral movement or privilege escalation. The article proposes a methodology for multi-level separation of ECN and EIS as a key direction for improving the cyber resilience of organizations. The model is based on the principles of network segmentation, isolation of information domains, role-based access control (RBAC), and the concept of zero trust architecture. Analytical modeling of the impact of segmentation on security indicators, the probability of compromise of critical nodes, the average time to incident, and the attack surface was performed. The simulation results showed that the implementation of the segmentation model reduces the number of compromised nodes by 25-30%, reduces the probability of compromising critical areas by more than 20%, and increases the average time to compromise by almost 50%. The developed methodology can be used as a basis for forming information security policies in government and corporate structures, as well as for building integrated protection systems based on the principles of flexible segmentation and trust management.
Downloads
References
Kotha, N. R. (2020). Network segmentation as a defense mechanism for securing enterprise networks. Turkish Journal of Computer and Mathematics Education (TURCOMAT), 11(3), 3023–3030. https://doi.org/10.61841/turcomat.v11i3.14942
Bondhala, S. (2025). Modern defense paradigms: Zero Trust architecture, network segmentation, and micro-segmentation. International Journal of Scientific Research in Computer Science, Engineering and Information Technology. https://doi.org/10.32628/CSEIT25112714
Shastri, M. (2025). Understanding Zero-Trust architecture for developing comprehensive cybersecurity protocols. International Journal of Advanced Research in Cyber Security, 3(1), 1–4.
Santoso, E. (2022). Comparative analysis of network segmentation strategies to counter targeted attacks in global e-commerce cloud infrastructures. Journal of Advances in Cybersecurity Science, Threat Intelligence, and Countermeasures, 6(12), 1–6.
Tankard, C. (2011). Advanced persistent threats and how to monitor and deter them. Network Security, 2011(8), 16–19. https://doi.org/10.1016/S1353-4858(11)70086-1
Kaur, P., & Singh, M. (2022). Network segmentation and micro-segmentation in enterprise security architecture. International Journal of Computer Applications, 183(47), 22–28. https://doi.org/10.5120/ijca2022922120
IBM Security. (2023). Cost of a data breach report 2023. IBM Corporation. https://www.ibm.com/reports/data-breach
National Institute of Standards and Technology. (2020). NIST Special Publication 800-207: Zero Trust architecture. https://doi.org/10.6028/NIST.SP.800-207
Bishop, M. (2018). Introduction to computer security. Addison-Wesley. ISBN 978-0-321-24744-2
Kurose, J., & Ross, K. (2021). Computer networking: A top-down approach (8th ed.). Pearson.
International Organization for Standardization. (2018). ISO/IEC 27000:2018 — Information security management systems — Overview and vocabulary. Geneva.
Tankard, C. (2011). Advanced persistent threats and how to monitor and deter them. Network Security, 2011(8), 16–19. https://doi.org/10.1016/S1353-4858(11)70086-1
Byres, E., & Lowe, J. (2004). The myths and facts behind cyber security risks for industrial control systems. In VDE Kongress. Berlin.
Scott-Hayward, S., O’Callaghan, G., & Sezer, S. (2013). SDN security: A survey. In 2013 IEEE SDN for Future Networks and Services (SDN4FNS) (pp. 1–7). https://doi.org/10.1109/SDN4FNS.2013.6702553
National Institute of Standards and Technology. (2020). NIST Special Publication 800-207: Zero Trust architecture. https://doi.org/10.6028/NIST.SP.800-207
Mell, P., & Grance, T. (2011). The NIST definition of cloud computing (NIST SP 800-145). https://doi.org/10.6028/NIST.SP.800-145
International Organization for Standardization. (2015). ISO/IEC 27033-1:2015 — Network security — Part 1: Overview and concepts. Geneva.
Sedgewick, M. (2021). Challenges in implementing Zero Trust networks. IEEE Security & Privacy, 19(3), 72–79. https://doi.org/10.1109/MSEC.2021.3062045
Hu, J., & Liu, H. (2022). Dynamic network segmentation for adaptive cyber defense. Computers & Security, 116, 102677. https://doi.org/10.1016/j.cose.2022.102677
Chandia, R., et al. (2009). Security strategies for SCADA networks. International Journal of Critical Infrastructure Protection, 2(1–2), 28–37. https://doi.org/10.1016/j.ijcip.2009.01.002
National Institute of Standards and Technology. (2020). NIST Special Publication 800-207: Zero Trust architecture. https://doi.org/10.6028/NIST.SP.800-207
International Organization for Standardization. (2015). ISO/IEC 27033-1:2015 — Network security — Part 1: Overview and concepts. Geneva.
National Institute of Standards and Technology. (2011). NIST SP 800-137: Information security continuous monitoring (ISCM) for federal information systems and organizations. https://doi.org/10.6028/NIST.SP.800-137
Kreibich, T., & Crowcroft, J. (2023). Network topology and data flow mapping for cybersecurity. Computers & Security, 117, 102747. https://doi.org/10.1016/j.cose.2023.102747
Cisco Systems. (2022). Network segmentation design guide (White Paper). https://bookstation.org/book/cisco-ise-design-guide-4987197
International Organization for Standardization. (2022). ISO/IEC 27001:2022 — Information security, cybersecurity and privacy protection — Information security management systems — Requirements. Geneva.
Kindervag, J. (2010). Building a Zero Trust network. Forrester Research.
National Institute of Standards and Technology. (2014). NIST SP 800-162: Guide to attribute-based access control (ABAC) definition and considerations. https://doi.org/10.6028/NIST.SP.800-162
European Union Agency for Cybersecurity. (2023). Access control in digital environments: Principles and best practices.
European Union Agency for Cybersecurity. (2023). Threat landscape 2023 — Main trends and emerging threats.
Microsoft Security Architecture Center. (2023). Zero Trust implementation guidance. https://learn.microsoft.com/security/zero-trust
National Institute of Standards and Technology. (2014). NIST SP 800-162: Guide to attribute-based access control (ABAC). https://doi.org/10.6028/NIST.SP.800-162
Splunk Inc. (2023). Security information and event management best practices. https://www.splunk.com
Peterson, R. S. (2019). Unidirectional gateway security models. IEEE Security & Privacy, 17(4), 73–80. https://doi.org/10.1109/MSEC.2019.2914368
Noor, M., & Hassan, A. (2022). A survey on detection and prevention techniques for lateral movement in enterprise networks. Computers & Security, 121, 102859. https://doi.org/10.1016/j.cose.2022.102859
IBM Security. (2023). Cost of a data breach report 2023. https://www.ibm.com/reports/data-breach
CyberArk. (2023). Privileged access management explained (White Paper). https://www.cyberark.com/resources
OWASP Foundation. (2023). API Security Top-10 2023. https://owasp.org/API-Security
European Union Agency for Cybersecurity. (2023). Threat landscape 2023 — Main trends and emerging threats.
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Олег Гарасимчук, Юрій Касаткін
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
