Defining a Holistic Data Center Security Management Framework and Designing an Evaluation Tool
Helin, Mikko (2021)
2021
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
http://urn.fi/URN:NBN:fi:amk-2021062116468
http://urn.fi/URN:NBN:fi:amk-2021062116468
Tiivistelmä
Data centers are defined as part of critical information infrastructure in many countries and organizations. The importance of protecting and securing these information processing facilities has increased since information technology is embedded in almost every part of modern societies, businesses, and people’s lives worldwide. To be able to protect data centers and their operation against various types of unwanted events, a holistic viewpoint for data center security management is needed. So far, no generally accepted data center security management framework or model has been published even though several information security management and data center management standards and frameworks are available.
The purpose of this thesis study was to define a general holistic data center security management framework and to develop a tool for evaluating data center security management for an anonymous target organization. Developing the evaluation tool also enabled testing and verifying the framework within the scope of this study. Theoretical framework of this thesis study consisted of corporate security frameworks and standards but information security management and data center industry standards and frameworks were also included.
This thesis study was a constructive research project and research-based development processes were followed. The usability of the evaluation tool was verified through a heuristic evaluation process, which formed the research method base of this thesis study. Three domain experts were included in the heuristic evaluation process and as a result, 24 different types of usability problems were found and 15 different types of comments received regarding general acceptability and usefulness of the evaluation tool.
The results of this thesis study suggested that the general holistic data center security management framework and the evaluation tool could be applied in actual use cases. Both the framework and the tool were found as applicable and useful for the target organization. The basic structure of the framework was accepted to represent general data center security management holistically.
The results presented in this thesis could benefit further research on data center security management by providing a holistic framework to start with. The results and the framework may also be utilized outside the academic research community by those creating similar evaluation tools or by adopting the holistic data center security management framework to actual data center management use cases. Further research topics on data center security management were identified throughout the course of this thesis study.
The purpose of this thesis study was to define a general holistic data center security management framework and to develop a tool for evaluating data center security management for an anonymous target organization. Developing the evaluation tool also enabled testing and verifying the framework within the scope of this study. Theoretical framework of this thesis study consisted of corporate security frameworks and standards but information security management and data center industry standards and frameworks were also included.
This thesis study was a constructive research project and research-based development processes were followed. The usability of the evaluation tool was verified through a heuristic evaluation process, which formed the research method base of this thesis study. Three domain experts were included in the heuristic evaluation process and as a result, 24 different types of usability problems were found and 15 different types of comments received regarding general acceptability and usefulness of the evaluation tool.
The results of this thesis study suggested that the general holistic data center security management framework and the evaluation tool could be applied in actual use cases. Both the framework and the tool were found as applicable and useful for the target organization. The basic structure of the framework was accepted to represent general data center security management holistically.
The results presented in this thesis could benefit further research on data center security management by providing a holistic framework to start with. The results and the framework may also be utilized outside the academic research community by those creating similar evaluation tools or by adopting the holistic data center security management framework to actual data center management use cases. Further research topics on data center security management were identified throughout the course of this thesis study.