- 學位論文
企業導入虛擬化資訊環境對資訊安全影響之研究
The Effects of Adoption Virtualization Environment on Enterprise Information Security
摘要
由於現今全世界過度的濫用能源,並且大量的排放二氧化碳,已經造成地球環境的損害,然而電腦機房擺放了許多的伺服器,也消耗了許多的電力、空調等許多的能源,這幾年來由於虛擬化技術日漸發展,讓人們開始慢慢使用虛擬化技術來進行伺服器整倂(Server Consolidation),虛擬化技術不但可以減少機房空間的使用、伺服器數量,同時也可降低電力、空調需求,並充分發揮伺服器的效能;雖然,使用虛擬化技術可以節能並有效管理資訊環境,但是,對於資訊化的環境中還是有許多的議題是必須注重的,資訊安全就是讓企業不可輕忽的一個重要的議題,許多的資訊安全事件歸究其原因,都顯示因為資訊安全管理沒有落實執行,而讓企業處於一個不安全的資訊環境。因此,本論文將探討企業在導入虛擬化資訊環境後,以資訊安全管理的觀點上,來了解虛擬化資訊環境與資訊安全之間的相關性。研究首先針對13位資訊安全及虛擬化技術專家進行問卷調查,其問卷選項是使用ISO27001規範中之133條控制要點來進行檢驗,使用Lawshe提出之內容效度比率(Content Validity Ratio,CVR),找出32個控制要項與虛擬化資訊環境有關,利用此32個控制要項來進行問卷調查。回收問卷資料後,經過資料分析得到企業導入虛擬化資訊環境對資訊安全是有助益的,並無其負面之影響,在研究過程中得知銀行證券業為高風險之作業,並無法立即接受虛擬化技術,資訊業界工程師及資訊業界從業人員較能接受虛擬化技術,在電子業、資訊業、汽機車業這3行業中,發現到虛擬化環境中的虛擬機器是實際被隔離之優點,此研究結果提供給企業在導入虛擬化資訊環境時,在資訊安全方面要注意的事項,也讓其企業因為導入虛擬化資訊環境提升企業的資訊安全等級。
並列摘要
The overuse of energy and over-emission of carbon dioxide has already caused damage to our environment. The great amounts of servers and their cooling equipments in the “computer farms” around the world also contributed to a significant share of energy consumption. The recent progress in virtualization allows us to implement server consolidation. Virtualization not only reduces the use of computer rooms, the number of servers, it also reduces the use of power and cooling. Furthermore, it helps to utilize the full capacity of remaining servers. Although virtualization saves energy and simplifies management, it has its own side-effects. For one, security can be a major issue. Many security breaches that left the business exposed to hostility are known to be caused by compromised security procedures. This thesis is a survey of the post-virtualization business security landscape from the point of view of system security. We have surveyed 13 security and virtualization experts using a questionnaire constructed by us. The questions in our questionnaire are based on the 133 control managements of ISO 27001. By using the Content Validity Ratio analysis ( Lawshe ), we have found 32 control managements are related to virtualization. We then constructed the questions based on these 32 control managements. Based on the collected replies, we have found that virtualization actually benefits security. Its adverse effects are negligible. We have found that banking and securities business have a very low tolerance to risks. As a result, currently they cannot adopt virtualization. We have also found that IT engineers and workers usually are more likely to embrace virtualization technologies. The electronics, information and mobile vehicle industries have found that the sand-boxed virtual machines in virtualized systems are in fact good for information security. Our findings can provide guidelines to the IT professionals when they are introducing virtualization to their own companies. We believe if proper security measures have been taken, virtualization actually makes you information system more secure.
參考文獻
延伸閱讀
- 莊復貴(2009)。企業運用應用程式虛擬化之研究〔碩士論文,中原大學〕。華藝線上圖書館。https://doi.org/10.6840/CYCU.2009.00726
- 洪榮泰(2016)。虛擬化平台在個人電腦叢集環境效能之研究。中華科技大學學報,(65),77-87。https://www.airitilibrary.com/Article/Detail?DocID=a0000585-201601-201602150007-201602150007-77-87
- 邱永承(2010)。資訊人員對企業導入虛擬化資訊環境之關鍵影響因素〔碩士論文,大同大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0081-3001201315105790
- 陳佑全、唐順明、陳美菁、黃國賢(2012)。虛擬組織資訊科技發展架構影響績效之研究。電子商務學報,14(2),353-382。https://doi.org/10.6188/JEB.2012.14(2).06
- 楊金炎(2001)。A Case Study of Enterprise Internal Control for Information System and Security〔碩士論文,中原大學〕。華藝線上圖書館。https://doi.org/10.6840/cycu200100409