Architecture Framework for Cyber Security Management


  • Jouni Pöyhönen University of Jyväskylä
  • Martti Lehto



Critical infrastructure, architecture framework, risks assessment, resilience


The smooth operation of contemporary society relies on the collaborative functioning of multiple essential infrastructures, with their collective effectiveness increasingly hinging on a dependable national system of systems construction. The central focus within the realm of cyberspace revolves around safeguarding this critical infrastructure (CI), which includes both physical and electronic components essential for societal operations. The recent surge in cyber-attacks targeting CI, critical information infrastructures, and the Internet, characterized by heightened frequency and increased sophistication, presents substantial threats. As perpetrators become more adept, they can digitally infiltrate and disrupt physical infrastructure, causing harm to equipment and services without the need for a physical assault. The operational uncertainty of CI in these cases is obvious. The linchpin of cyber security lies in a well-executed architecture, a fundamental requirement for effective measures. The framework of this paper emphasizes organizational guidance in cyber security management by integrating the cyber security risks assessment and the cyber resilience process into overall continuity management of organizations business processes.

Author Biographies

Jouni Pöyhönen, University of Jyväskylä

Dr. Jouni Pöyhönen, Col (ret.), is a postdoctoral researcher in cybersecurity programs at the University of Jyväskylä. He received a Ph.D. from the University of Jyväskylä. He has over 30 years of experience as a developer and leader of C4ISR Systems in the Finnish Air Force. He has authored about thirty cybersecurity research papers and articles.

Martti Lehto

Dr. Martti Lehto, (Military Sciences), Col (GS) (ret.) works as a Research Director in the University of Jyväskylä in the Faculty of Information Technology. His research areas are Cyber Security and Cyber Warfare. He served for 30 years in the Finnish Air Force as a developer and leader of C4ISR Systems. He is also Adjunct professor in National Defence University in Air and Cyber Warfare.