Technical Research Center Publications & Reports
Discover. Learn. Innovate.
Date: December 19, 2025
Comparative Analysis of Cybersecurity Standards: Governance versus Engineering Orientations
Abstract
This whitepaper evaluates the extent to which widely used ISO/IEC and NIST publications are applied in practice, distinguishing governance-oriented guidance from engineering-oriented technical standards. ISO and NIST remain essential baselines for governance, risk management, and program oversight. Still, they do not consistently define engineering inputs, measurable outputs, or verification and validation expectations that are required to build defensible architectures. Using five measurement criteria, Technical Specificity, Verifiability, Artifact Output, Granularity, and Lifecycle Integration, and a repeatable scoring method, we compute a composite Engineering Orientation Index and map the results to a quadrant with clearly defined X- and Y-axis definitions. The analysis shows a persistent gap between governance baselines and engineering implementation. The Defensible 10 Standards (D10S) are positioned as the engineering layer that operationalizes baseline intent into measurable requirements, technical specifications, and verification and validation evidence for cybersecurity architecture and engineering practice. This is a coexistence model, not a replacement
Date: October 9, 2025
AI Architecture Security: Securing the Future of Artificial Intelligence
Abstract
AI architecture security represents one of the most critical challenges facing organizations in the digital age. As artificial intelligence systems become increasingly integrated into critical infrastructure, healthcare, financial services, and defense systems, the potential impact of security breaches grows exponentially. This comprehensive research paper provides an in-depth analysis of AI architecture security, examining current threats and vulnerabilities, as well as defense strategies.
Our research identifies 14 major threat categories affecting AI systems, ranging from adversarial attacks and data poisoning to model inversion and supply chain vulnerabilities. Through extensive analysis of real-world incidents, including high-profile breaches at major international technology manufacturing conglomerates, telecommunications companies, and automotive manufacturers, we demonstrate the practical implications of inadequate AI security measures.
The paper synthesizes leading security frameworks, including the NIST AI Risk Management Framework, MITRE ATLAS, and advanced secure AI frameworks from major technology providers. Our analysis reveals that effective AI security requires a paradigm shift from traditional cybersecurity approaches to AI-specific threat modeling and risk management.
Key findings include the critical importance of implementing Zero Trust architectures for AI systems, the need for continuous monitoring and validation of AI models, and the necessity of comprehensive governance frameworks. We propose a multi-layered security approach combining technical controls, administrative safeguards, and continuous resilience engineering.
The research concludes with specific recommendations for organizations seeking to implement robust AI security programs, including risk assessment methodologies, technical implementation guidance, and governance frameworks that address both current and emerging threats in the AI landscape
Date: July 10, 2025
Cybersecurity Risk by Design (CRD): Integrating DRM and DTM for Enhanced Threat Modeling
Abstract
The Cybersecurity Risk by Design (CRD) model represents a transformative enhancement to threat modeling practices within cybersecurity engineering. Integrating structured methodologies from traditional engineering disciplines—specifically, the Design Risk Model (DRM) and the Design Threat Model (DTM) —CRD addresses fundamental shortcomings that have historically limited the effectiveness of threat modeling. Current cybersecurity breaches highlight persistent gaps, exacerbated by the rapidly evolving complexities of technologies such as artificial intelligence (AI) and cloud infrastructure. Drawing upon cross-disciplinary expertise in civil, aerospace, and systems engineering, the CRD model systematically identifies, analyzes, and mitigates threats from the earliest stages of design. Aligned closely with the mandatory threat modeling guidelines issued by the National Institute of Standards and Technology (NIST), this approach provides cybersecurity engineers with a structured, defensible framework to dramatically enhance the accuracy and effectiveness of threat modeling. Empirical evidence underscores substantial benefits, including significantly reduced vulnerabilities, improved cost efficiency, and strengthened operational resilience. Further augmented by intelligent engineering, which continuously integrates real-time threat intelligence and advanced analytics, the CRD model equips organizations with predictive capabilities and adaptive resilience, critical for securely managing contemporary, complex technological environments.
Keywords: Cybersecurity Risk by Design (CRD), Design Risk Model (DRM), Design Threat Model (DTM), Intelligent Engineering, Threat Modeling (TM), Cybersecurity Engineering, Proactive Risk Mitigation, Artificial Intelligence (AI), Cloud Security, Operational Resilience, Cross-Disciplinary Engineering.
