چارچوبی برای امنیت فرایندهای کتابخانه زیرساخت فناوری اطلاعات در محیط اینترنت اشیا

نوع مقاله : مقاله پژوهشی

نویسندگان

1 دانشجوی دکتری، گروه مدیریت فناوری اطلاعات، واحد قزوین، دانشگاه آزاد اسلامی، قزوین، ایران

2 استادیار، گروه مدیریت فناوری اطلاعات، واحد قزوین، دانشگاه آزاد اسلامی، قزوین، ایران

3 استادیار، گروه مدیریت دولتی، واحد قزوین، دانشگاه آزاد اسلامی، قزوین، ایران

10.22034/aimj.2022.159228

چکیده

امنیت فرایندهای کتابخانه زیرساخت فناوری اطلاعات با توجه به محرک‌های موجود در محیط اینترنت اشیا به راه‏کارهای هوشمندانه برای پیشبرد اهداف و جلوگیری از آسیب‌پذیری‌ها نیاز دارد. برای تأمین امنیت و به حداکثر رساندن سطوح امنیتی، به مدیریت مناسب نیاز است تا بتوان مسیرهای پیچیده را حذف کرد، عملکرد را بهبود بخشید، ساختار فرایندهای کتابخانه زیرساخت فناوری اطلاعات را بهینه و در نهایت، اهداف را در دسترس کرد. پژوهش حاضر بر اساس تجزیه‏وتحلیل دقیق روابط، مدل‌های دستی و سیستماتیک با بررسی امنیت دستاوردهای پژوهشی در سه دسته آزاد، دانشگاهی و سازمانی ارائه می‌شود. احتمال رخداد حملات در فرایندها در چهار ناحیه و سه ماژول عمومی، اختصاصی، انتشار با تحلیل سناریوهای امنیتی و با سطوح حداکثری در مدل شبیه‌سازی لحاظ می‌شوند. سطوح حداکثری در مطالعه موردی، ماژول امنیتی اختصاصی در دسته آزاد 10، دسته دانشگاهی 23، دسته سازمانی 14 و در ماژول امنیتی انتشار، 24 سطح برای ژورنال و 8 سطح برای کنفرانس در نظر گرفته می‌شوند. در تعیین احتمال رخداد حملات، احتمالاتی که می‌توان از آنها چشم‌پوشی کرد و به صفر نزدیک هستند، حذف می‌شوند. بقیه موارد به انضمام معادلات، پارامترها، سطوح و جریان‌ها در مدل کلی لحاظ می‌شوند. در ادامه، بر پایه اطلاعات موجود، مدل شبیه‌سازی ارائه می‌شود، آزمایش‌های تغییر پارامتر و کالیبراسیون انجام شده و بهترین مقادیر ممکن متناسب با داده‌ها نیز مشخص می‌شوند. این پژوهش با ارائه مدل‌های دستی و سیستماتیک سعی در ایجاد امنیت با تخمین تأثیر حالات حدی در فرایندها به‌‎وسیله شبیه‏سازی دارد. همچنین بهینه‎سازی تغییرات احتمالی برای مدیریت تغییر را فراهم آورده (آزمایش تغییر پارامتر و کالیبراسیون) و مدیران را به اخذ تصمیم‏های بدون القای ریسک، هزینه و زمان با توجه به سناریوهای موجود قادر می‌کند.

کلیدواژه‌ها

عنوان مقاله [English]

A Framework for Securing Information Technology Infrastructure Library Processes in the Internet of Thing Environment

نویسندگان [English]

  • Akram Ghanaee 1
  • Mohamadreza Sanaei 2
  • Javad Mehrabi 3

1 Ph. D Candidate, Department of Information Technology Management, Qazvin Branch, Islamic Azad University, Qazvin, Iran

2 Assistant Prof., Department of Information Technology Management, Qazvin Branch, Islamic Azad University, Qazvin, Iran

3 Assistant Prof., Department of Public Administration, Qazvin Branch, Islamic Azad University, Qazvin, Iran

چکیده [English]

Security of information technology infrastructure library processes needs to provide intelligent solutions to advance goals and prevent vulnerabilities, given the stimuli in the IoT environment. To ensure security, proper management is needed to maximize security levels so that complex paths can be eliminated, performance improved, the information technology infrastructure library process structure optimized, and ultimately the goals achieved. The present study is based on a detailed analysis of relationships, manual and systematic models by studying the security of research achievements in three categories: free, academic and organizational. We consider the probability of attacks in processes in four areas and three general modules, specific, propagation by analyzing security scenarios and with maximum levels in the simulation model. Also, the maximum levels in the case study are dedicated security module in free category 10, academic category 23, organizational category 14 and in publication security module, 24 levels for journal and 8 levels for conference. In determining the probability of an attack occurring, probabilities that are negligible and close to zero are eliminated. Then, based on the available information, a simulation model is presented, parameter change testing and calibration are performed, and the best possible values are determined in accordance with the data. This research tries to create security by estimating the effect of limit states in processes by simulation by providing manual and systematic models. It also provides optimization of possible changes for change management (parameter change testing and calibration) and enables managers to make decisions without inducing risk, cost and time according to existing scenarios.

کلیدواژه‌ها [English]

  • IoT
  • ITIL
  • Process Security
  • Framework
  • Simulation
رضائیان، علی (1393). مبانی سازمان و مدیریت. تهران: نشر سمت.
صادقی، محمد؛ حسینی، علی (1392). مدیریت فناوری اطلاعات (جلد اول). اصفهان: نشر مانی.
Ackermann, T., IT Security Risk Management: Perceived IT Security Risks in the Context of Cloud Computing2013: Springer Gabler.
Ahmad, N., Amer, N. T., Qutaifan, F., & Alhilali, A. (2013). Technology adoption model and a road map to successful implementation of ITIL. Journal of Enterprise Information Management, 26(5).
Axelos. (2019). ITIL4 foundation. TSO publishers.
Beims, M. (2017). ITIL: Wundermittel für IT-Services? Wirtschaftsinformatik & Management, 9(1), 70-79.‏
Bon, J.V. (2007). ITIL V3 - A Pocket Guide (Best Practice) Kindle Edition. Van Haren Publishing.
Cannon, D. (2011). Itil service strategy. TSO, The Stationery Office; Second edition.
Castillo, F. (2016). IT Portfolio Management. In Managing Information Technology (pp. 211-227). Springer, Cham.‏
Das, A. K., Zeadally, S., & He, D. (2018). Taxonomy and analysis of security protocols for Internet of Things. Future Generation Computer Systems, 89, 110-125.‏
Douceur, J. R. (2002, March). The sybil attack. In International workshop on peer-to-peer systems (pp. 251-260). Springer, Berlin, Heidelberg.‏
Farooq, M. U., Waseem, M., Mazhar, S., Khairi, A., & Kamal, T. (2015). A review on internet of things (IoT). International journal of computer applications, 113(1), 1-7.‏
French, W. L., & Bell, C. (1995). Organization development: Behavioral science interventions for organization improvement. Pearson Educación.‏
Ge, M., Hong, J. B., Guttmann, W., & Kim, D. S. (2017). A framework for automating security analysis of the internet of things. Journal of Network and Computer Applications, 83, 12-27.‏
Han, K. H., Kang, J. G., & Song, M. (2009). Two-stage process analysis using the process-based performance measurement framework and business process simulation. Expert systems with applications, 36(3), 7080-7086.‏
Haufe, K., Colomo-Palacios, R., Dzombeta, S., Brandis, K., & Stantchev, V. (2016). A process framework for information security management.‏
Hong, S., Park, S., Park, L. W., Jeon, M., & Chang, H. (2018). An analysis of security systems for electronic information for establishing secure internet of things environments: Focusing on research trends in the security field in South Korea. Future Generation Computer Systems, 82, 769-782.‏
Hossain, M., Islam, S. R., Ali, F., Kwak, K. S., & Hasan, R. (2018). An Internet of Things-based health prescription assistant and its security system design. Future generation computer systems, 82, 422-439.‏
Huang, X., Craig, P., Lin, H., & Yan, Z. (2016). SecIoT: a security framework for the Internet of Things. Security and communication networks, 9(16), 3083-3094.‏
Ingols, K., Chu, M., Lippmann, R., Webster, S., & Boyer, S. (2009, December). Modeling modern network attacks and countermeasures using attack graphs. In 2009 Annual Computer Security Applications Conference (pp. 117-126). IEEE.‏
ISO/IEC, Corporate governance of information technology in 385002008.
Jang, J., Jung, I. Y., & Park, J. H. (2018). An effective handling of secure data stream in IoT. Applied Soft Computing, 68, 811-820.‏
Kumbakara, N. (2008). Managed IT services: the role of IT standards. Information Management & Computer Security.‏
Law, A. M., Kelton, W. D., & Kelton, W. D. (2000). Simulation modeling and analysis (Vol. 3). New York: McGraw-Hill.‏
Marrone, M., Gacenga, F., Cater-Steel, A., & Kolbe, L. (2014). IT service management: A cross-national study of ITIL adoption. Communications of the association for information systems, 34(1), 49.‏
Mavropoulos, O., Mouratidis, H., Fish, A., & Panaousis, E. (2019). Apparatus: A framework for security analysis in internet of things systems. Ad Hoc Networks, 92, 101743.‏
McNaughton, B., Ray, P., & Lewis, L. (2010). Designing an evaluation framework for IT service management. Information & management, 47(4), 219-225.‏
Mitrokotsa, A., Rieback, M. R., & Tanenbaum, A. S. (2010). Classification of RFID attacks. Gen, 15693(14443), 14.‏
Mohamed, M. S., Ribiere, V. M., O'Sullivan, K. J., & Mohamed, M. A. (2008). The restructuring of the information technology infrastructure library (ITIL) implementation using knowledge management framework. Vine.‏
Mohsin, M., Anwar, Z., Zaman, F., & Al-Shaer, E. (2017). IoTChecker: A data-driven framework for security analytics of Internet of Things configurations. Computers & Security, 70, 199-223.‏
Orta, E., & Ruiz, M. (2019). Met4ITIL: A process management and simulation-based method for implementing ITIL. Computer Standards & Interfaces, 61, 1-19.‏
Orta, E., Ruiz, M., Hurtado, N., & Gawn, D. (2014). Decision-making in IT service management: a simulation-based approach. Decision Support Systems, 66, 36-51.‏
Padmavathi, D. G., & Shanmugapriya, M. (2009). A survey of attacks, security mechanisms and challenges in wireless sensor networks. arXiv preprint arXiv:0909.0576.‏
Peak, D., Guynes, C. S., & Kroon, V. (2005). Information technology alignment planning—a case study. Information & management, 42(5), 635-649.‏
Pidd, M. (2004). Computer simulation in management science (No. 5th). John Wiley and Sons Ltd.‏
Pollard, C., & Cater-Steel, A. (2009). Justifications, strategies, and critical success factors in successful ITIL implementations in US and Australian companies: an exploratory study. Information systems management, 26(2), 164-175.‏
Puthal, D., Nepal, S., Ranjan, R., & Chen, J. (2017). A dynamic prime number based efficient security mechanism for big sensing data streams. Journal of Computer and System Sciences, 83(1), 22-42.‏
Rao, M., Newe, T., Omerdic, E., Kaknjo, A., Elgenaidi, W., Mathur, A., ... & Toal, D. (2018). Bump in the wire (BITW) security solution for a marine ROV remote control application. Journal of information security and applications, 38, 111-121.‏
Rathore, S., & Park, J. H. (2018). Semi-supervised learning based distributed attack detection framework for IoT. Applied Soft Computing, 72, 79-89.‏
Robinson, S., Towards a model of franchises for community telecentres in Latin America. M. Bonilla y G. Cliché, G.(Eds.), Internet and Society in Latin America and the Caribbean, 2004: p. 337,361.
Roman, R., Zhou, J., & Lopez, J. (2013). On the features and challenges of security and privacy in distributed internet of things. Computer Networks, 57(10), 2266-2279.‏
Roy, A., Kim, D. S., & Trivedi, K. S. (2012). Attack countermeasure trees (ACT): towards unifying the constructs of attack and defense trees. Security and Communication Networks, 5(8), 929-943.‏
Ruiz, M., Moreno, J., Dorronsoro, B., & Rodriguez, D. (2018). Using simulation-based optimization in the context of IT service management change process. Decision Support Systems, 112, 35-47.‏
Saini, V., Duan, Q., & Paruchuri, V. (2008). Threat modeling using attack trees. Journal of Computing Sciences in Colleges, 23(4), 124-131.‏
Sfar, A. R., Natalizio, E., Challal, Y., & Chtourou, Z. (2018). A roadmap for security challenges in the Internet of Things. Digital Communications and Networks, 4(2), 118-137.‏
Sha, K., Wei, W., Yang, T. A., Wang, Z., & Shi, W. (2018). On security challenges and open issues in Internet of Things. Future Generation Computer Systems, 83, 326-337.‏
Sharp, A., & McDermott, P. (2009). Workflow modeling: tools for process improvement and applications development. Artech House.‏
Sheyner, O., Haines, J., Jha, S., Lippmann, R. & Wing, J.M. (2002). Automated generation and analysis of attack graphs. Paper presented at the Proceedings 2002 IEEE Symposium on Security and Privacy.
Sicari, S., Rizzardi, A., Grieco, L. A., & Coen-Porisini, A. (2015). Security, privacy and trust in Internet of Things: The road ahead. Computer networks, 76, 146-164.‏
Stergiou, C., Psannis, K. E., Kim, B. G., & Gupta, B. (2018). Secure integration of IoT and cloud computing. Future Generation Computer Systems, 78, 964-975.‏
Sun, P., Li, J., Bhuiyan, M. Z. A., Wang, L., & Li, B. (2019). Modeling and clustering attacker activities in IoT through machine learning techniques. Information Sciences, 479, 456-471.‏
Thakur, B. S., & Chaudhary, S. (2013). Content sniffing attack detection in client and server side: A survey. International Journal of Advanced Computer Research, 3(2), 7.‏
White, G., Nallur, V., & Clarke, S. (2017). Quality of service approaches in IoT: A systematic mapping. Journal of Systems and Software, 132, 186-203.‏
Yang, J.-C., Hao P., & Zhang, X. (2013). Enhanced Mutual Authentication Model Of Iot. The Journal of China Universities of Posts And Telecommunications, 20, 69-74.
Yiğit, B., Gür, G., Alagöz, F., & Tellenbach, B. (2019). Cost-aware securing of IoT systems using attack graphs. Ad Hoc Networks, 86, 23-35.‏
Zeng, J. (2008). A case study on applying ITIL availability management best practice. Contemporary Management Research, 4(4).
  • تاریخ دریافت: 20 بهمن 1400
  • تاریخ بازنگری: 22 تیر 1401
  • تاریخ پذیرش: 09 مهر 1401