Academic and research cyberinfrastructures (AR-CIs) present unique security challenges due to their collaborative nature, heterogeneous components, and the lack of practical security assessment frameworks tailored to their needs. We propose Cyber Infrastructure Security Analysis Framework (CISAF) -- a simple, systematic, mission-centric approach to analyze the security posture of a CI and prioritize mitigation actions. CISAF guides administrators through a top-down process: (1) defining unacceptable losses, (2) identifying associated system hazards and critical assets, (3) analyzing possible attack paths that target these critical assets, and (4) analyzing security mechanisms that lie on these attack paths. By combining information about the CI architecture, mission, attack vectors, and security mechanisms, CISAF provides a clear overview of potential security risks and offers valuable information to prioritize mitigation actions.

翻译：学术与研究网络基础设施（AR-CIs）因其协作性、异构组件以及缺乏针对其需求定制的实用安全评估框架而面临独特的安全挑战。本文提出网络基础设施安全分析框架（CISAF）——一种简单、系统化、以任务为中心的方法，用于分析网络基础设施的安全态势并优先排序缓解措施。CISAF引导管理员通过自上而下的流程：（1）定义不可接受的损失，（2）识别相关系统危害与关键资产，（3）分析针对这些关键资产的潜在攻击路径，以及（4）分析位于这些攻击路径上的安全机制。通过整合网络基础设施架构、任务、攻击向量及安全机制的信息，CISAF提供了潜在安全风险的清晰概览，并为优先实施缓解措施提供了有价值的信息。