شناسایی کدهای مدیریتی چارچوب جامع امنیت سایبری مرکز داده بر اساس الگویNIST با رویکرد یکپارچه و هوشمند (مقاله علمی وزارت علوم)
درجه علمی: نشریه علمی (وزارت علوم)
آرشیو
چکیده
بسیاری از سازمان ها به منظور تسهیل فرآیندها و ارائه خدمات نو آورانه، توجه ویژه ای به استفاده از خدمات مرکز داده جهت میزبانی از سکوها، خدمات و ابزارهای نوین برای مدیریت و راهبری سامانه های خود نشان می دهند. در حوزه امنیت سایبری مرکز داده، برای شناخت علل تهدیدات سایبری و سپس حل مسائل نیاز است، تمام جوانب درنظر گرفته شوند. بنابراین ما در این پژوهش بدنبال شناسایی و ارائه کدهای مدیریتی هستیم که در آن تمامی جوانب درونی و بیرونی امنیت سایبری در نظر گرفته شود. در این پژوهش با الگو گیری از چارچوب کلی امنیت سایبریNIST و چارچوب بسط داده شده موجود، نسبت به شناسایی جامع کدهای تامین امنیت و حفاظت از زیر ساخت اصلی مرکز داده، اقدام نمودیم تا ضمن اتخاذ راهبرد یکپارچه، هوشمندی لازم با اشتراک اطلاعات و یادگیری از حملات قبلی در سازمانها جهت بهبود فرایند پاسخ و بازیابی ایجادگردد. در این پژوهش بمنظور شناسایی و ارائه کدهای مدیریتی چارچوب جامع امنیت سایبری مرکز داده با روش مرور نظام مند از طریق جستجو در پایگاه وب او ساینس و اسکپوس و مقالات داخلی تعداد 1831 سند استخراج شد که پس از بررسی های لازم 63 مورد از آن ها به عنوان اسناد مرتبط شناسایی و با استفاده از روش فراترکیب، بررسی و کدگذاری شدند و کدهای استخراج شده در ذیل 5 مقوله اصلی (برگرفته از الگوی NIST)، 23 مولفه و 108 کد مدیریتی قرار گرفتند که مربوط به امنیت سایبری مرکز داده یعنی شناسایی، محافظت، کشف، پاسخگویی و بازیابی بودند.Identify Management Codes of Comprehensive Framework for Data Center Cybersecurity Based on the NIST Model with an Integrated and Intelligent Approach
In order to facilitate processes and provide innovative services, Most of organizations pay special attention to using data center services to host new platforms, services and tools to manage and run their systems. In the field of data center cybersecurity, all aspects need to be considered to identify the causes and then solve the problems. Therefore, in this study, we seek to identify and provide management codes that consider all internal and external aspects of cyber security. In this research, using NIST cybersecurity framework and existing localized framework for Identify management codes of Comprehensive framework for data center cybersecurity by systematic literature review (SLR), 1831 documents was extracted by searching the Science direct, Scopus and ISC articles. After necessary examinations, 63 of them were identified as related documents. They were analyzed and coded using the Meta- synthesis method. Finally, the extracted features were classified into 5 main category and 23 sub categories and 108 codes, which were related to data center cyber security, i.e. Identification, protection, detection, response and retrieval. Introduction In recent years, the volume of data has increased to such an extent that the 21st century is known as the data century (Calzada & Almirall, 2020). However, this increase in the volume of data and the need to ensure the security of the production and maintenance center and data services have been raised as an emerging issue in the management of information systems. Utilization of the data center, which is considered as the most important vital infrastructure of the organization, and huge investment has been made and the existential importance of these centers in providing the information and services needed by the society, causes an increase in cyber threats against them and increases the motivation of the threat actors to endanger the security of these centers. (Kazemi et al., 2022). The researcher's main approach is to identify and present data center cyber security management codes with an integrated and intelligent approach. Problem Statement Identify management codes of Comprehensive framework for data center cybersecurity Based on the NIST model with an integrated and intelligent approach. The review of internal research in the field of cyber security also shows that no research has been conducted that has examined the security of the organizational data center separately. Adopting this point of view, which includes all the dimensions and components, and the codes affecting the cyber security of the data center, can be a useful approach in this regard. Materials and Methods The current research method is qualitative and Meta- synthesis method. In this research, in order to review data center cyber security literature, Sandelowski and Barroso's seven-step model has been used (Sandelowski & Barroso, 2006). Research Findings By systematically reviewing data center cyber security literature and coding and analyzing them, the main categories and components of this framework were identified. In total, the results of coding the sources led to the identification of the components of the framework and its dimensions. Based on the investigations, a total of 108 management codes were classified in the form of 23 components and extracted as components of the intelligent and integrated cyber security framework of the data center, which were identified in the 5 main categories of identification, protection, discovery, response and recovery. Conclusion In this research, using NIST cybersecurity framework and existing localized framework for Identify management codes of Comprehensive framework for data center cybersecurity by systematic literature review (SLR), 1831 documents was extracted by searching the Science direct, Scopus and ISC articles. After necessary examinations, 63 of them were identified as related documents. They were analyzed and coded using the Meta- synthesis method. Finally, the extracted features were classified into 5 main category and 23 sub categories and 108 codes, which were related to data center cyber security, i.e. Identification, protection, detection, response and retrieval. The innovation of the current research is from the aspect of studying the framework of cyber security with the approach of integrated and intelligent management of data centers, and therefore the development of a framework that can help organizations in facing cyber threats of data centers active in information and communication infrastructures is one of the goals of this research. Integrity and intelligence in paying attention to each of the components of the above dimensions, which are connected and integrated like the links of a chain, and the continuous and rotating monitoring of that is the necessary intelligence to learn from the previous actions of oneself and others and to prevent the repetition of threats to the cyber security of the organization's data centers. In this research, using NIST cybersecurity framework and existing localized framework for Identify management codes of Comprehensive framework for data center cybersecurity by systematic literature review (SLR), 1831 documents was extracted by searching the Science direct, Scopus and ISC articles. After necessary examinations, 63 of them were identified as related documents. They were analyzed and coded using the Meta- synthesis method. Finally, the extracted features were classified into 5 main category and 23 sub categories and 108 codes, which were related to data center cyber security, i.e. Identification, protection, detection, response and retrieval.