Referential framework based on the ISO/IEC 27001:2022 standard for SDN security environments

Authors

DOI:

https://doi.org/10.18779/ingenio.v8i2.1010

Keywords:

Software-defined networks, security, vulnerabilities

Abstract

Software-Defined Networks (SDN) present multiple potential security vulnerabilities due to their innovative architecture, component management interface, and ability to create programmable environments. In this context, the objective of the present study was to design a reference framework for security management in SDN, based on the controls defined in the ISO/IEC 27001:2022 standard. A qualitative methodological approach was adopted, structured into four stages: literature review and vulnerability identification, construction of the reference framework, development and validation of the evaluation instrument using criteria of relevance and applicability; and finally, expert-based validation of the proposed framework. The proposal was validated through a structured instrument consisting of 25 questions, reviewed by five subject matter experts in information security and networking. The results indicate that 78 % of the experts consider the framework both relevant and applicable, emphasizing its potential to mitigate risks within SDN environments. In conclusion, the proposed model constitutes an effective, replicable, and standards-aligned tool, offering a contextualized solution to strengthen the security posture of software-defined infrastructures. 

Downloads

Download data is not yet available.

References

C. Astudillo y A. Cabrera, "Políticas de gestión de seguridad de la información, fundamentadas en la norma ISO/IEC 27001, centro de datos diseñado con el estándar ANSI/TIA 942", Revista Dominios de la Ciencia, vol. 5, no. 3, jul. 2019. [En línea]. Disponible en: https://doi.org/10.23857/dc.v5i3.929

Valuates Reports, "Mercado de SDN por componentes, servicios, industria vertical TI y región – Global Forecast to 2027", 8 de Octubre de 2020.

N. McKeown et al., "OpenFlow: enabling innovation in campus networks", ACM SIGCOMM Computer Communication Review, vol. 38, no. 2, pp. 69–74, mar. 2008. [Online]. Available: https://doi.org/10.1145/1355734.1355746

N. Gude et al., "NOX: Towards an operating system", ACM SIGCOMM Computer Communication Review, vol. 38, no. 3, pp. 105–110, jul. 2008. [Online]. Available: https://doi.org/10.1145/1384609.1384625

D. A. Priano, "Análisis de protocolos de enrutamiento en Redes definidas por software (Software Defined Networks)", Tesis de maestría, Universidad Nacional de La Plata, Buenos Aires, Argentina, 2021. [En línea]. Disponible en: https://sedici.unlp.edu.ar/handle/10915/122842

CISCO, "Informe de ciberseguridad anual de Cisco 2018," 2018.

F. Solarte Solarte, E. Enriquez Rosero y M. Benavides, "Metodología de análisis y evaluación de riesgos aplicados a la seguridad informática y de información bajo la norma ISO/IEC 27001", Revista Tecnológica - ESPOL, vol. 28, no. 5, pp. 492-507, dic. 2015. [En línea]. Disponible en: https://goo.su/XQKZ8

CISCO, "Tendencias globales en redes 2020", 2019.

J. Voutssas, "Preservación documental digital y seguridad informática", IB, vol. 24, no. 50, 127–155, nov. 2010. [En línea]. Disponible en: https://doi.org/10.22201/iibi.0187358xp.2010.50.21416

ICONTEC, NORMA TÉCNICA NTC-ISO/IEC COLOMBIANA 9001 Requisitos NTC-ISO-IEC 9001, 2020.

E. Gómez-Luna, D. Fernando-Navas, G. Aponte-Mayor y L. A. Betancourt-Buitrago, "Metodología para la revisión bibliográfica y la gestión de información en temas científicos, a través de su estructuración y sistematización", Dyna, vol. 81, no. 184, pp. 158-163, abr. 2014. [En línea]. Disponible en: https://www.redalyc.org/articulo.oa?id=49630405022

I. Makhdoom, M. Abolhasan, J. Lipman y R. Liu, "Anatomía de las amenazas al Internet de las cosas", IEEE Communications Surveys & Tutorials, vol. 21, no. 2, pp. 1636–1675, oct. 2018. [Online]. Available: https://doi.org/10.1109/COMST.2018.2874978

H. Maziku, S. Shetty, y D. Nicol, "Security risk assessment for SDN-enabled smart grids", Computer Communications, vol. 133, jan. 2019. [Online]. Available: https://doi.org/10.1016/j.comcom.2018.10.007

W. Chen, S. Xiao, L. Liu, and X. Jian, "A DDoS attacks traceback scheme for SDN-based smart city", Computers and Electrical Engineering, vol. 81, jan. 2020. [Online]. Available: https://doi.org/10.1016/j.compeleceng.2019.106503

T. Wang, H. Chen, G. Cheng, and Y. Lu, "SDN Manager: A Safeguard Architecture for SDN DoS Attacks Based on Bandwidth Prediction", Security and Communication Networks, jan. 2018. [Online]. Available: https://doi.org/10.1155/2018/7545079

Y. Guo, F. Miao, L. Zhang, and Y. Wang, "CATH: An effective method for detecting denial-of-service attacks in software defined networks", Science China Information Sciences, vol. 62, no. 3, 2019. [Online]. Available: https://doi.org/10.1007/s11432-017-9439-7

S. Zonouz, J. Rrushi y S. McLaughlin, "Detección de malware de control industrial mediante análisis de código de PLC automatizado", IEEE Security & Privacy, vol. 12, no. 6, pp. 40–47, dic. 2014. [Online]. Available: https://doi.org/10.1109/MSP.2014.113

J. Deogirikar, and A. Vidhate, "Security attacks in IoT: A survey", en 2017 International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC), Palladam, India, 2017, pp. 32–37. [Online]. Available: https://doi.org/10.1109/I-SMAC.2017.8058363

P. Voigt y A. Von dem Bussche, El reglamento general de protección de datos de la UE (GDPR), "Una guía práctica", Cham: Springer International Publishing, 2017. [En línea]. Disponible en: https://doi.org/10.1007/978-3-319-57959-7

AT&T, "The CEO's Guide to Data Security," 2016. [Online]. Available: https://www.business.att.com/cybersecurity/docs/vol5-datasec

P. Zanu Sotenga, K. Djouan, and A. Matthew, "A virtual network model for gateway media access control virtualisation in Large Scale", Internet of Things, vol. 21, apr. 2023. [Online]. Available: https://doi.org/10.1016/j.iot.2022.100668

I. Singh, and B. Singh, "Access management of IoT devices using access control mechanism and decentralized authentication: A review", Measurement: Sensors, vol. 25, 2023. [Online]. Available: https://doi.org/10.1016/j.measen.2022.100591

H. Cui, Z. Wan, H. Qi, B. Qin, and X. Yi, "Password-authenticated proofs of retrievability for multiple devices checking cloud data", Journal of Information Security and Applications, vol. 75, june. 2023. [Online]. Available: https://doi.org/10.1016/j.jisa.2023.103480

Y. Luo et al., "Platform perspective verse user perspective: The role of expression perspective in privacy disclosure", Journal of Retailing and Consumer Services, vol. 73, jul. 2023. [Online]. Available: https://doi.org/10.1016/j.jretconser.2023.103372

R. Fillmore, D. McKinley, and E. F. Tallman, "Chapter 6 - Managing privacy, confidentiality, and risk: towards trust", in Health Information Exchange (Second Edition), pp. 131-147, 2023. [Online]. Available: https://doi.org/10.1016/B978-0-323-90802-3.00030-7

D. Ganji, C. Kalloniatis, H. Mouratidis, and S. M. Gheytassi, “Approaches to Develop and Implement ISO/IEC 27001 Standard: A Systematic Literature Review,”, International Journal On Advances in Software, vol. 12, no. 3, pp. 228–238, dec. 2019. [Online]. Available: https://goo.su/iybUPYO

International Organization for Standardization, ISO/IEC 27001:2022 – Information security, cybersecurity and privacy protection – Information security management systems – Requirements, ISO, Geneva, Switzerland, 2022.

G. Culot, G. Nassimbeni, M. Podrecca, and M. Sartor, “The ISO/IEC 27001 information security management standard: literature review and theory-based research agenda”, The TQM Journal, vol. 33, no. 7, pp. 76–105, dic. 2021. [Online]. Available: https://doi.org/10.1108/TQM-09-2020-0202

Downloads

Published

2025-07-04

How to Cite

Fernández Lectong, N. ., & Molina Aquino, B. (2025). Referential framework based on the ISO/IEC 27001:2022 standard for SDN security environments. InGenio Journal, 8(2), 1–18. https://doi.org/10.18779/ingenio.v8i2.1010

Issue

Vol. 8 No. 2 (2025)

Section

Articles

License

Copyright (c) 2025 Narcisa Mariana Fernández Lectong, Bethsy Alexandra Molina Aquino

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Licensing Agreement

This journal provides free access to its content through its website following the principle that making research available free of charge to the public supports a larger exchange of global knowledge. 

Web content of the journal is distributed under a Attribution-NonCommercial-ShareAlike 4.0 International.

 

Authors may adopt other non-exclusive license agreements for the distribution of the version of the published work, provided that the initial publication in this journal is indicated. Authors are allowed and recommended to disseminate their work through the internet before and during the submission process, which can produce interesting exchanges and increase citations of the published work.