A Conceptual Framework for Classifying Cyber Space Threats and Opportunities

Document Type : Original Article

Authors

1 PhD in Information Technology Management (Corresponding Author). Email: navidrashvand20@gmail.com

2 PhD in Management, Faculty Member, University of Command and Staff, AJA, Tehran, Iran

Abstract

Today, cyberspace has emerged as a novel domain in defense and security arenas. In Iran, following global trends, cyberspace is officially recognized as a domain akin to land, sea, air, and space, for which operational and strategic organizations are designated. In such a domain, the simultaneous expansion of heterogeneous network connections and diverse organizational services has increased vulnerabilities and security threats in cyberspace. The present study aims to propose a framework for classifying threats and opportunities in cyberspace. This research is developmental-applied in nature, based on the objectives and type of investigation, and employs a mixed-method approach (qualitative and quantitative). The statistical population comprises 140 university experts, cyberspace specialists, and strategic and operational commanders of the armed forces. Data collection was conducted using a five-point Likert scale questionnaire. The validity of the study was confirmed, and reliability was calculated using Cronbach’s alpha (0.95). Findings indicate that cyberspace threats and opportunities can be classified into three layers: cognitive, informational, and physical.

Keywords

References

  • آقایی، محسن؛ معینی، علی؛ عرب­سرخی، ابوذر؛ محمدیان، ایوب و زارعی، علی­اصغر (1398). ارائه مدل مفهومی منطقی طبقه‌بندی تهدیدات سایبری زیرساخت‌های حیاتی، فصلنامه امنیت ملی، سال نهم، شماره دوم.
  • سازمان پدافند غیرعامل کشور (1394). سند راهبردی پدافند سایبری کشور
  • سند ملی استاندارد و فناوری (1398).
  • کیانخواه، احسان (1398). چالش‌های راهبردی حکمرانی با گسترش فضای سایبر، فصلنامه علمی امنیت ملی، سال نهم، شماره سی و چهارم.
  • گرشاسبی، علیرضا؛ یوسفی دیندارلو، مجتبی (1395). بررسی اثرات تحریم بین‌المللی بر متغیرهای کلان اقتصادی ایران، فصلنامه تحقیقات مدل‌سازی اقتصادی، شماره 25.
  • مرکز راهبری سایبر ، ستاد کل ن.م (1399). فرهنگ‌نامه سایبری نیروهای مسلح، مرکز راهبری سایبرن. م، ستاد کل ن.م
  • مرکز بررسی‌های استراتژیک ریاست جمهوری (1399). گزارش نشست حکمرانی سایبری و راهبرد جمهوری اسلامی ایران، مرکز بررسی‌های استراتژیک ریاست جمهوری، شماره مسلسل: 514، کد گزارش:83-99.
  • واحدی، مرتضی (1398). تهدیدات فضای سایبر، موسسه آموزشی و تحقیقاتی صنایع دفاعی.

References

  • Cyber Primer (2016). Development, Concepts and Doctrine Centre, Ministry of Defence, www.gov.uk/mod/dcdc
  • Magar, (2016). State-of-the-Art in Cyber Threat Models and Methodologies, Department of National Defence, Defence Research and Development Canada.
  • J.Bodeau, C.D. McCollum, D.B. Fox, (2018). Cyber Threat Modeling: Survey, Assessment, and representative Framework, Homeland Security Systems Engineering and Development Institute (HSSEDI)™ Operated by The MITRE Corporation, 2018.
  • J. Cebula et al, (2014). A Taxonomy of Operational CyberSecurity Risks Version 2, Carnegie Mellon University.
  • Tarala, K.K. Tarala, (2015). Open Threat Taxonomy version 1.1, Enclave Security, 2015.
  • Steven, (2020). Evaluation of Comprehensive Taxonomies for Information Technology Threats, The SANS Institute.
  • O. Nweke, S.D. Wolthusen, (2020). A Review of Asset-Centric Threat Modelling Approaches, International Journal of Advanced Computer Science and Applications(IJACSA), Vol. 11, No. 2, 2020.
  • Jouini et al, (2014). Classification of security threats in information systems, 5th International Conference on Ambient Systems, Networks and Technologies (ANT-2014).
  • Mateski et al, (2012). Cyber Threat Metrics ", Sandia National Laboratories.
  • Mohd Yusof,A. et al, (2011). The Cyber Space and Information, Communication and Technology: A Tool for Westernization or Orientalism or Both, Journal of Computer Science 7,pp. 1784-1792.
  • NIST Special Publication 800-30 Revision 1, (2011). Initial Public Draft, Guide for Conducting Risk Assessments, September 2011, pp. 7-8 and Appendix D-2.
  • .
  • NIST Special Publication 800-30 Revision 1, (2011). Initial Public Draft, Guide for Conducting Risk Assessments, September 2011, p 9-10, and appendices G-3, H-2, I-3.
  • NIST Special Publication 800-30 Revision 1, (2011). Initial Public Draft, Guide for Conducting Risk Assessments, September 2012, pp. 78 and Appendix F-2.
  • Juuso, (2019). Master’s thesis: Evaluation of Threat Modeling Methodologies A Case Study,JAMK University of Applied science.
  • D. Applegate, A. Stavrou, (2013). Towards a Cyber Conflflict Taxonomy, 5th International Conference on Cyber Conflict, Tallinn.
  • Souppaya, M. & Scarfone, K, (2016). Guide to Data-Centric System Threat Modeling (NIST Special Publication 800-154), Gaithersburg: National Institute of Standards and Technology.

 

 

Interdisciplinary Studies on Strategic Knowledge
Volume 9, Issue 35
December 2025
Pages 267-302

Files

Share

How to cite

Statistics