شناسایی کدهای‌مدیریتی چارچوب‌جامع امنیت‌سایبری مرکز‌داده بر اساس الگویNIST با رویکرد یکپارچه و هوشمند

نوع مقاله : مقاله پژوهشی

نویسندگان

1 دانشجوی دکتری مدیریت فناوری اطلاعات دانشگاه تهران ، عضو هیات علمی دانشگاه سیستان و بلوچستان، زاهدان، ایران

2 استاد، عضو هیات علمی دانشکده علوم مهندسی، دانشکدگان ‌فنی، دانشگاه تهران، تهران، ایران

3 دانشیار، عضو هیات علمی دانشکده مدیریت دانشگاه تهران، تهران، ایران

4 استاد، عضو هیات علمی دانشکده اقتصاد، مدیریت و حسابداری دانشگاه سیستان و بلوچستان، زاهدان، ایران

5 استادیار، عضو هیات علمی دانشکده مدیریت و حسابداری دانشکدگان فارابی دانشگاه تهران، تهران، ایران

10.22111/jmr.2022.42211.5774

چکیده

بسیاری از سازمان‌ها به منظور تسهیل فرآیندها و ارائه خدمات نو‌آورانه، توجه ویژه‌ای به استفاده از خدمات مرکز‌داده جهت میزبانی از  سکوها، خدمات و ابزارهای نوین برای مدیریت و راهبری  سامانه‌های خود نشان می‌دهند. در حوزه امنیت‌سایبری مرکز‌داده، برای شناخت علل تهدیدات سایبری و سپس حل مسائل نیاز است، تمام جوانب درنظر گرفته شوند. بنابراین ما در این پژوهش بدنبال شناسایی و ارائه کدهای‌مدیریتی هستیم که در آن تمامی جوانب درونی و بیرونی امنیت‌سایبری در نظر گرفته شود. در این پژوهش با الگو‌گیری از چارچوب کلی امنیت سایبریNIST  و چارچوب بسط داده شده موجود، نسبت به شناسایی جامع کدهای تامین امنیت و حفاظت از زیر ساخت‌ اصلی مرکز‌داده، اقدام نمودیم تا ضمن اتخاذ راهبرد یکپارچه، هوشمندی لازم با اشتراک اطلاعات و یادگیری از حملات قبلی در سازمانها جهت بهبود فرایند پاسخ و بازیابی ایجادگردد. در این پژوهش بمنظور شناسایی و ارائه کدهای‌مدیریتی چارچوب‌جامع امنیت‌سایبری مرکز‌داده با روش مرور نظام‌مند از طریق جستجو در پایگاه وب او ساینس و اسکپوس و مقالات داخلی تعداد 1831 سند استخراج شد که پس از بررسی‌های لازم 63 مورد از آن‌ها به‌عنوان اسناد مرتبط شناسایی و با استفاده از روش فراترکیب، بررسی و کدگذاری شدند و کدهای استخراج شده در ذیل 5 مقوله اصلی (برگرفته از الگوی NIST)، 23 مولفه و 108 کد مدیریتی قرار گرفتند که مربوط به امنیت‌سایبری مرکز‌داده یعنی شناسایی، محافظت، کشف، پاسخگویی و بازیابی بودند.

کلیدواژه‌ها

عنوان مقاله [English]

Identify Management Codes of Comprehensive Framework for Data Center Cybersecurity Based on the NIST Model with an Integrated and Intelligent Approach

نویسندگان [English]

  • Ahmad Kazemi 1
  • Ali Moeini 2
  • Saeed Rouhani 3
  • Nour Mohammad Yaghoobi 4
  • Hamidreza Yazdani 5
1 Instructor of Computer Science Department, Faculty of Mathematics, Statistics and Computer Science, University of Sistan and Baluchestan, Zahedan, Iran
2 Porfessor of School of Engineering Science, College of Engineering, University of Tehran, Tehran, Iran
3 Assistant Professor of Information Technology Management, Faculty of Management University of Tehran, Tehran, Iran
4 Porfessor of School of Management Science, Faculty of managment, University of Sistan and Balouchestan, Zahedan, Iran
5 Assistant Professor of School of Management Science, Faculty of Managment, College of Farabi, University of Tehran, Tehran, Iran
چکیده [English]

Abstract
 In order to facilitate processes and provide innovative services, Most of organizations pay special attention to using data center services to host new platforms, services and tools to manage and run their systems. In the field of data center cybersecurity, all aspects need to be considered to identify the causes and then solve the problems. Therefore, in this study, we seek to identify and provide management codes that consider all internal and external aspects of cyber security.
In this research, using NIST cybersecurity framework and existing localized framework for Identify management codes of Comprehensive framework for data center cybersecurity by systematic literature review (SLR), 1831 documents was extracted by searching the Science direct, Scopus and ISC articles. After necessary examinations, 63 of them were identified as related documents. They were analyzed and coded using the Meta- synthesis method. Finally, the extracted features were classified into 5 main category and 23 sub categories and 108 codes, which were related to data center cyber security, i.e. Identification, protection, detection, response and retrieval.
Introduction
 In recent years, the volume of data has increased to such an extent that the 21st century is known as the data century (Calzada & Almirall, 2020). However, this increase in the volume of data and the need to ensure the security of the production and maintenance center and data services have been raised as an emerging issue in the management of information systems. Utilization of the data center, which is considered as the most important vital infrastructure of the organization, and huge investment has been made and the existential importance of these centers in providing the information and services needed by the society, causes an increase in cyber threats against them and increases the motivation of the threat actors to endanger the security of these centers. (Kazemi et al., 2022). The researcher's main approach is to identify and present data center cyber security management codes with an integrated and intelligent approach.
Problem Statement
Identify management codes of Comprehensive framework for data center ‌ cybersecurity Based on the NIST model with an integrated and intelligent approach.
The review of internal research in the field of cyber security also shows that no research has been conducted that has examined the security of the organizational data center separately. Adopting this point of view, which includes all the dimensions and components, and the codes affecting the cyber security of the data center, can be a useful approach in this regard.
Materials and Methods
 The current research method is qualitative and Meta- synthesis method. In this research, in order to review data center cyber security literature, Sandelowski and Barroso's seven-step model has been used (Sandelowski & Barroso, 2006).
Research Findings
 By systematically reviewing data center cyber security literature and coding and analyzing them, the main categories and components of this framework were identified. In total, the results of coding the sources led to the identification of the components of the framework and its dimensions. Based on the investigations, a total of 108 management codes were classified in the form of 23 components and extracted as components of the intelligent and integrated cyber security framework of the data center, which were identified in the 5 main categories of identification, protection, discovery, response and recovery.
Conclusion
 In this research, using NIST cybersecurity framework and existing localized framework for Identify management codes of Comprehensive framework for data center cybersecurity by systematic literature review (SLR), 1831 documents was extracted by searching the Science direct, Scopus and ISC articles. After necessary examinations, 63 of them were identified as related documents. They were analyzed and coded using the Meta- synthesis method. Finally, the extracted features were classified into 5 main category and 23 sub categories and 108 codes, which were related to data center cyber security, i.e. Identification, protection, detection, response and retrieval.
The innovation of the current research is from the aspect of studying the framework of cyber security with the approach of integrated and intelligent management of data centers, and therefore the development of a framework that can help organizations in facing cyber threats of data centers active in information and communication infrastructures is one of the goals of this research.
 Integrity and intelligence in paying attention to each of the components of the above dimensions, which are connected and integrated like the links of a chain, and the continuous and rotating monitoring of that is the necessary intelligence to learn from the previous actions of oneself and others and to prevent the repetition of threats to the cyber security of the organization's data centers.
In this research, using NIST cybersecurity framework and existing localized framework for Identify management codes of Comprehensive framework for data center cybersecurity by systematic literature review (SLR), 1831 documents was extracted by searching the Science direct, Scopus and ISC articles. After necessary examinations, 63 of them were identified as related documents. They were analyzed and coded using the Meta- synthesis method. Finally, the extracted features were classified into 5 main category and 23 sub categories and 108 codes, which were related to data center cyber security, i.e. Identification, protection, detection, response and retrieval.

کلیدواژه‌ها [English]

  • Cyber Security
  • Comprehensive Framework
  • Data Center
  • NIST Model
  • Integrated and Intelligent Approach

مراجع

منابع فارسی
کاظمی، احمد؛ معینی، علی؛ روحانی، سعید؛ یعقوبی، نورمحمد؛ یزدانی، حمیدرضا. (1400) چارچوب هوشمند و یکپارچه امنیت‌سایبری مرکز‌داده سازمان در سطح ملی، فصلنامه علمی پژوهشی، امنیت ملی.
آقایی، محسن؛ معینی، علی؛ عرب‌سرخی، ابوذر؛محمدیان، ایوب؛ زارعی، علی­اصغر. (1398). ارائه مدل مفهومی ساختار تهدیدات سایبری مراکز داده. فصلنامه امنیت پژوهی دانشگاه فارابی.
بازرگان، عباس.(1378). مقدمه­ای بر روش­های تحقیق کیفی و آمیخته؛رویکردهای متداول در علوم رفتاری، تهران، چاپ اول، نشر دیدار.
حسین­زاده، محمد؛ حسنی آهنگر، محمدرضا. (1395).  اصول طراحی یک مدل امنیتی برای مراکز داده، یازدهمین سمپوزیوم پیشرفت­های علوم و تکنولوژی.
 
References
Abraham, R., Schneider, J., & vom Brocke, J. (2019). A conceptual framework, structured review, and research agenda. International Journal of Information Management, 49, 424-438.
Abraham S., Nair S. (2018). Comparative analysis and patch optimization using the cyber security analytics framework. Journal of Defense Modeling and Simulation.
Accenture Technology Vision 2019.                                                                                           
Accenture Trend 4: Secure US to Secure ME .
Aghaei, M., and Moini, A., and Arabsarkhi, A., and Mohammadian, A., and Zarei, A. (2018). Providing a conceptual model of the structure of cyber threats in data centers. Farabi University Security Research Quarterly. (In Persian)
Ahmed M., Rama Mohan Babu G. (2019).      Cyber security framework for big data environment using support vector machine. Journal of Advanced Research in Dynamical and Control Systems.
Ahmed AlKalbani., Hepu Deng., Booi Kam., (2014). A Conceptual Framework for       Information Security in Public Organizations for E-Government Development , 25th Australasian Conference on Information Systems, 8th -10th Dec 2014, Auckland, New Zealand.     
Al-Badi, A., Tarhini, A., & Khan, A. I. (2018). Exploring big data governance frameworks. Procedia Computer Science, 141, 271-277.
Alhassan, I., Sammon, D., & Daly, M. (2016). Data governance activities: an analysis of the literature. Journal of Decision Systems, 25(sup1), 64-75.
Alhassan, I., Sammon, D., & Daly, M. (2019). Critical success factors for data governance: a theory building approach. Information Systems Management, 36(2), 98-110.
Ashtiani M., Abdollahi Azgomi M. (2014). A distributed simulation framework for modeling cyber attacks and the evaluation of security measures. SIMULATION.
Al-Muhtadi J., Saleem K., Al-Rabiaah S., Imran M., Gawanmeh A., Rodrigues J.J.P.C. (2020). A lightweight cyber security framework with context-awareness for pervasive computing environments. Sustainable Cities and Society.
Attard, J., Orlandi, F., & Auer, S. (2016). Data driven governments: Creating value through open government data Transactions on Large-Scale Data-and Knowledge-Centered Systems XXVII (pp. 84-110): Springer.
Atoum I., Otoom A. (2016). Effective belief network for cyber security frameworks. International Journal of Security and its Applications.
Atoum I., Otoom A., Ali A.A. (2014). A holistic cyber security implementation framework. Information Management and Computer Security.
Australian Government. (2020). Data Governance framework 2020.
American National Standards Institute/International Society of Automation (ANSI/ISA)-62443-2-1 (99.02.01)-2009, Security for Industrial Automation and Control Systems: Establishing an Industrial Automation and Control Systems Security Program:
   https://www.isa.org/templates/one-column.aspx ?pageid=111294&productId=116731
ANSI/ISA-62443-3-3 (99.03.03)-2013, Security for Industrial Automation and Control
Systems: System Security Requirements and Security Levels:
https://www.isa.org/templates/one-column.aspx ?pageid=111294&productId=116785
Baggott S.S., Santos J.R. (2020 ). A Risk Analysis Framework for Cyber Security and Critical Infrastructure Protection of the U.S. Electric Power Grid. Risk Analysis.
Baig Z., Zeadally S. (2019). Cyber-security risk assessment framework for critical infrastructures. Intelligent Automation and Soft Computing.
Bazargan, Abbas. (1999). An introduction to qualitative and mixed research methods; Common approaches in behavioral sciences, Tehran, First Edition, Didar Publishing. (In Persian)
Benfeldt, O., Persson, J. S., & Madsen, S. (2019). Data governance as a collective action problem. Information Systems Frontiers, 1-15.
Bhardwaj A., Goundar S. (2019). A framework to define the relationship between cyber security and cloud performance.  Fraud and Security.
Bonina, C., & Eaton, B. (2020). Cultivating open government data platform ecosystems: Lessons from Buenos Aires, Mexico City and Montevideo. Government Information Quarterly, 37(3), 101479.
Calzada, I., & Almirall, E. (2020). Data ecosystems for protecting European citizens’ digital rights. Transforming Government: People, Process and Policy.
CIS Critical Security Controls for Effective Cyber Defense (CIS Controls):                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 
https://www.cisecurity.org
Collier J. (2018).          Cyber security assemblages: A framework for understanding the dynamic and contested nature of security provision. Politics and Governance
Control Objectives for Information and Related Technology (COBIT): http://www.isaca.org/COBIT/Pages/default.aspx
Cyber Threatscape Report 2019. Accenture
Dawes, S. S., Vidiasova, L., & Parkhimovich, O. (2016). Planning and designing open government data programs: An ecosystem approach. Government Information Quarterly, 33(1), 15-27.
Diran, D., Hoppe, T., Ubacht, J., Slob, A., & Blok, K. (2020). A data ecosystem for data-driven thermal energy transition: Reflection on current practice and suggestions for re-design. Energies, 13(2), 444.
Efthymiopoulos M.P. (2019). A cyber-security framework for development, defense and innovation at NATO.  Journal of Innovation and Entrepreneurship.
European Commission. (2020). Data governance and data policies at the European Commission.
ENISA Threat Landscape Report 2018. 15 Top Cyberthreats and Trends, FINAL VERSION 1.0 ETL 2018, JANUARY 2019
Evangelou M., Adams N.M. (2020 ). An anomaly detection framework for cyber-security data. Computers and Security.
Georgiadou A., Mouzakitis S., Bounas K., Askounis D. (2020). A Cyber-Security Culture Framework for Assessing Organization Readiness. Journal of Computer Information Systems.
Gupta, A., Panagiotopoulos, P., & Bowen, F. (2020). An orchestration approach to smart city data ecosystems. Technological Forecasting and Social Change, 153, 119929.
Hadji-Janev M., Bogdanoski M. (2017). Swarming-based cyber defence under the framework of collective security. Security Journal.
Hashim M.S., Masrek M.N., Yunos Z. (2016). Elements in the cyber security framework for protecting the Critical Information Infrastructure against cyber threats. Information (Japan).
Hahn A., Thomas R.K., Lozano I., Cardenas A. (2015). A multi-layered and kill-chain based security analysis framework for cyber-physical systems. International Journal of Critical Infrastructure Protection.
Hosseinzadeh, Mohammad; Hosni Ahangar, Mohammad Reza. (2015). Principles of Designing a Security Model for Data Centers, 11th Symposium on Advances in Science and Technology. (In Persian)
Immonen, A., & Kalaoja, J. (2019). Requirements of an Energy Data Ecosystem. IEEE access, 7, 111692-111708.
Immonen, A., Palviainen, M., & Ovaska, E. (2014). Requirements of an open data based business ecosystem. IEEE access, 2, 88-103.
ISO/IEC 27001, Information technology -- Security techniques -- Information security management systems -- Requirements: https://www.iso.org/standard/54534.html
Jang, K.-a., & Kim, W.-J. (2020). Development of data governance components using DEMATEL and content analysis. The Journal of Supercomputing, 1-15.
Janssen, M., Brous, P., Estevez, E., Barbosa, L. S., & Janowski, T. (2020). Data governance: Organizing data for trustworthy Artificial Intelligence. Government Information Quarterly, 37(3), 101493.
Jetzek, T. (2017). Innovation in the open data ecosystem: Exploring the role of real options thinking and multi-sided platforms for sustainable value generation through open data Analytics, Innovation, and Excellence-Driven Enterprise Sustainability (pp. 137-168): Springer.
Kapletia D., Felici M., Wainwright N. (2014). An integrated framework for innovation management in cyber security and privacy. Communications in Computer and Information Science.
Kampars, J., Zdravkovic, J., Stirna, J., & Grabis, J. (2020). Extending organizational capabilities with Open Data to support sustainable and dynamic business ecosystems. Software and Systems Modeling, 19(2), 371-398.
Kazemi, A., and Moini, A., and Rohani, S., and Yagoubi, N., and Yazdani, H. (2022) Intelligent and integrated cyber security framework of the organization's data center at the national level. Farabi University Security Research Quarterly. (In Persian)
Kim I., Park N. (2019). A study on cyber security framework by life cycle for safety system based on information and communication technology. Journal of Advanced Research in Dynamical and Control Systems.
Khalid A., Kirisci P., Khan Z.H., Ghrairi Z., Thoben K.-D., Pannek J. (2018). Security framework for industrial collaborative robotic cyber-physical systems Computers in Industry.
Knight R., Nurse J.R.C. (2020 ). A framework for effective corporate communication after cyber security incidents. Computers and Security.
Kassen, M. (2017). Open data and e-government–related or competing ecosystems: a paradox of open government and promise of civic engagement in Estonia. Information Technology for Development, 25(3), 552-578.
Le N.T., Hoang D.B. (2017). Capability maturity model and metrics framework for cyber cloud security. Scalable Computing.
Li, S., & Yu, H. (2020). Big data and financial information analytics ecosystem: strengthening personal information under legal regulation. Information Systems and e-Business Management, 18(4), 891-909.
Lillie, T., & Eybers, S. (2018). Identifying the constructs and agile capabilities of data governance and data management: A review of the literature. Paper presented at the International Development Informatics Association Conference.
Lindman, J., Kinnari, T., & Rossi, M. (2015). Business roles in the emerging open-data ecosystem. IEEE Software, 33(5), 54-59.
Lu T., Zhao J., Zhao L., Li Y., Zhang X. (2015). Towards a framework for assuring cyber physical system security. International Journal of Security and its Applications.
Madaan, N., Ahad, M. A., & Sastry, S. M. (2018). Data integration in IoT ecosystem: Information linkage as a privacy threat. Computer law & security review, 34(1), 125-133.
Mazumdar, S., Seybold, D., Kritikos, K., & Verginadis, Y. (2019). A survey on data storage and placement methodologies for cloud-big data ecosystem. Journal of Big Data, 6(1), 1-37.
McBride, K., Olesk, M., Kütt, A., & Shysh, D. (2020). Systemic change, open data ecosystem performance improvements, and empirical insights from Estonia: A country-level action research study. Information Polity(Preprint), 1-26.
Methodology of business ecosystems network analysis: A case study in Telecom Italia Future Centre, Technological Forecasting and Social Change, Elsevier, vol. 80(6), pages 1194-1210.
Mendhurwar S., Mishra R. (2019).      Integration of social and IoT technologies: architectural framework for digital transformation and cyber security challenges. Enterprise Information Systems.
Micheli, M., Ponti, M., Craglia, M., & Berti Suman, A. (2020). Emerging models of data governance in the age of datafication. Big Data & Society, 7(2), 2053951720948087.
Moreno, J., Fernandez, E. B., Serrano, M. A., & Fernández-Medina, E. (2019). Secure development of big data ecosystems. IEEE access, 7, 96604-96619.
 National Institute of Standards and Technology, “Framework for Improving Critical Infrastructure Cybersecurity”, January 10, 2017
National Institute of Standards and Technology, “Framework for Improving Critical Infrastructure Cybersecurity”, April 16, 2018
NIST SP 800-53 Rev. 4 - NIST Special Publication 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations, April 2013 (including updates as of January 22, 2015). https://doi.org/10.6028/NIST.SP.800-53r4.
Noorman, M. (2017). Institutions in the Data Ecosystem: Actors in the public knowledge domain and in private data companies. Open Data and the Knowledge Society, 85-103.
Oliveira, M. I. S., Lima, G. d. F. B., & Lóscio, B. F. (2019). Investigations into Data Ecosystems: a systematic mapping study. Knowledge and Information Systems, 1-42.
Otoom A., Atoum I. (2013). An implementation framework (IF) for the National Information Assurance and Cyber Security Strategy (NIACSS) of Jordan. International Arab Journal of Information Technology.
Panda A., Bower A. (2020 ). Cyber security and the disaster resilience framework. International Journal of Disaster Resilience in the Built Environment.
Pandey S., Singh R.K., Gunasekaran A., Kaushik A. (2020). Cyber security risks in globalized supply chains: conceptual framework. Journal of Global Operations and Strategic Sourcing.
Porcedda M.G. (2018). Patching the patchwork: appraising the EU regulatory framework on cyber security breaches. Computer Law and Security Review.
Rowe B., Halpern M., Lentz T. (2012). Is a public health framework the cure for cyber security?. CrossTalk.
Royalsociety. (2020 ). The UK data governance landscape.
Sandelowski, M., & Barroso, J. (2006). Handbook for synthesizing qualitative research: springer publishing company.
Sani A.S., Yuan D., Jin J., Gao L., Yu S., Dong Z.Y.  (2019). Cyber security framework for Internet of Things-based Energy Internet. Future Generation Computer Systems.
SANS, The State of Dynamic Data Center and Cloud Security in the Modern Enterprise, A SANS    Survey, Dave Shackleford, October 2015
Specht, A., Guru, S., Houghton, L., Keniger, L., Driver, P., Ritchie, E. G.,. . .  Treloar, A. (2015). Data management challenges in analysis and synthesis in the ecosystem sciences. Science of the Total Environment, 534, 144-158.
Srinivas J., Das A.K., Kumar N. (2019). Government regulations in cyber security: Framework, standards and recommendations. Future Generation Computer Systems.
Strauss, A., & Corbin, J. (1994). Grounded theory methodology: An overview.
Svilicic B., Kamahara J., Celic J., Bolmsten J. (2019). Assessing ship cyber risks: a framework and case study of ECDIS security. WMU Journal of Maritime Affairs.
Styrin, E., Luna-Reyes, L. F., & Harrison, T. M. (2017). Open data ecosystems: an international comparison. Transforming Government: People, Process and Policy.
Tikk-Ringas E. (2015). Legal framework of cyber security. Intelligent Systems, Control and Automation: Science and Engineering.
Topal O.A., Demir M.O., Liang Z., Pusane A.E., Dartmann G., Ascheid G., Kur G.K. (2020 ). A Physical Layer Security Framework for Cognitive Cyber-Physical Systems. IEEE Wireless Communications.
Vaishnavi,  V.,  Kuechler,  W.,  and  Petter,  S.  (Eds.)  (2004/19).  “Design  Science  Research  in  Information Systems” January 20, 2004 (created in 2004 and updated until 2015 by Vaishnavi, V. and  Kuechler,  W.);  last  updated  (by  Vaishnavi,  V.  and  Petter,  S.),   June 30,  2019.  URL:  http://www.desrist.org/design-research-in-information-systems/.
Weber, K., Otto, B., & Österle, H. (2009). One size does not fit all---a contingency approach to data governance. Journal of Data and Information Quality (JDIQ), 1(1), 1-27.
Wei J. (2010). Knowledge management framework for cyber security learning. International Journal of Management in Education.
Yoon, A., & Copeland, A. (2020). Toward community‐inclusive data ecosystems: Challenges and opportunities of open data for community‐based organizations. Journal of the Association for Information Science and Technology, 71(12), 1439-1454.
Zhai L., Vamvoudakis K.G. (2020).    A data-based private learning framework for enhanced security against replay attacks in cyber-physical systems. International Journal of Robust and Nonlinear Control.
Zimmer, L. (2006). Qualitative meta‐synthesis: a question of dialoguing with texts. Journal of advanced nursing, 53(3), 311-318.
پژوهش های مدیریت عمومی
دوره 15، شماره 57 - شماره پیاپی 57
پژوهشی)
آذر 1401
صفحه 113-142

فایل ها

اشتراک گذاری

ارجاع به این مقاله

آمار