The OSI (Open Systems Interconnection) is 7 layer framework, conceptual model for computer networking. Although the model segments between layers it is a vendor agnostic standard, still widely used. Back in the days when I started working in high tech the OSI model was a black box to me. Only when I started working with packet captures and #wireshark (then called Ethereal) the layers became understandable.

The TCP/IP model replaced the OSI model eventually. As this only represents 4 layers: Application, Transport, Internet and Network Access Layer.

Figure 1: OSI Model vs TCP/IP Model

Today we have many great frameworks but I still believe OSI is important as it:

• Benefits trouble shooting and debugging
• Clear representation of all interfaces
• Different services, interfaces and protocols per layer
• Simplifies and reduces complexity
• Interoperability
• Suitable for connection oriented services and connectionless services

As securing environments is not solely about solutions, products, and processes, it begins with fostering awareness and incorporating good security habits. We take pride in our ability to assist and align all solutions to ensure a zero-trust network access with a robust security posture. It is through proper training that we become fortified to effectively detect and defeat cybercrime.

Figure 2: OSI layers with mitigation and security solutions

While using OSI or for example the Purdue model there are disadvantages too. What about Industry 4.0?

To address security needs comprehensively, many organizations adopt additional frameworks such as Purdue, SABSA, TOGAF, and Zachman. These frameworks provide a broader perspective on security architecture and management.

The Purdue Enterprise Reference Architecture (PERA), commonly known as the Purdue model, is widely used in the industrial control systems domain. It focuses on segregating different levels of systems, such as it, manufacturing, and control, to enhance security and protect critical infrastructure.

SABSA (Sherwood Applied Business Security Architecture) is a risk-driven and business-focused security architecture framework. It provides a structured approach to aligning security needs with business objectives. SABSA emphasizes the integration of security into the overall business architecture, ensuring a holistic and effective security strategy.

TOGAF (The Open Group Architecture Framework) is a widely adopted enterprise architecture framework that encompasses various domains, including security. It provides a comprehensive approach to addressing security needs within the context of an organization's overall architecture. TOGAF promotes the integration of security into all aspects of the enterprise architecture, ensuring a well-aligned and robust security posture.

Zachman Framework, developed by John Zachman, is a widely recognized framework for enterprise architecture. It provides a structured approach to organizing and managing architectural artifacts across different perspectives, including security. The Zachman Framework facilitates a comprehensive understanding of security requirements and enables effective communication between different stakeholders.

While the OSI and TCP/IP models are essential for understanding network protocols and ensuring secure communication, they primarily focus on the technical aspects of security. To address security needs comprehensively, organizations often adopt additional frameworks such as Purdue, SABSA, TOGAF, and Zachman. These frameworks provide a broader perspective on security architecture and management, enabling organizations to establish a robust and well-integrated security posture aligned with their business objectives.