DOCSLIB.ORG

Security Criteria Awareness

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Security Criteria Awareness Security Criteria Awareness Overview of Security Criteria Awareness in Finnish Companies Rantanen Master’s Thesis 05 2021 Technology, communication, and transport Master’s Degree in Cyber Security Description Rantanen, Otto Security Criteria Awareness - Overview of Security Criteria Awareness in Finnish Companies Jyväskylä: JAMK University of Applied Sciences, May 2021, 79 pages. Technology, communication, and transport. Degree Programme in Cyber Security. Master's thesis. Permission for web publication: Yes Language of publication: English Abstract Dell is a large American company with roots dating back to 1984. In 2015, Dell embarked on a project to acquire EMC Corporation, which was completed in one of the largest acquisitions in the IT industry and re- sulted in Dell Technologies. Because of its broad product and service portfolio, Dell Technologies is involved in the infrastructure of almost every Enterprise-level company and, to a significant extent, smaller compa- nies. The idea for the work came from my empirical findings when working with client companies. Dell Technolo- gies ’service portfolio is constantly expanding, but leveraging it more efficiently requires an understanding of customer companies’ internal processes and needs. The purpose of the dissertation is to get an idea of Dell Technologies' customer companies’ knowledge of security criteria’s, as well as the possible need for external assistance in the Finnish customer field, so that Dell Technologies can better target its services to the right needs in a right way. Theme interview was chosen as the research method as it allows gathering large amounts of data from a relatively small sample. Theme interview is qualitative research method and results from the interviews were analysed by using narrative analysis and pointing out the answers to the questions. Other relevant and possibly useful data was also analysed and the data from which the conclusions were drawn can be found from the document. The most significant consideration was how large the difference in knowledge and application of the crite- ria was between public and private sector actors. Due to the small sample size, this should be treated with caution and the companies' industry can also have a significant impact on the results. Conclusions were drawn from a seemingly small sample, but the data collected helped to a significant ex- tent to understand the needs of customer companies and how to target services to them. Possible further research around the topic could improve Dell Technologies' competitiveness in Finland's relatively small market area where service provision plays a significant role. Keywords/tags (subjects) Appliance, Cyber Security, Dell Technologies, Framework, Security Criteria Miscellaneous (Confidential information) Appendices 3-6 are confidential and removed from the public thesis. The basis for secrecy is section 24(17) of the Act on the Openness of Government Activities (621/1999), a company’s business or trade secret. The period of secrecy is five (5) years, the secrecy will end on 25th of May 2026. 1 Contents Acronyms ............................................................................................................................ 4 1 Introduction ................................................................................................................ 5 1.1 Thesis Scope and Goals ..................................................................................................... 6 1.2 Dell Technologies .............................................................................................................. 7 1.3 Selected Research-Method ............................................................................................... 8 1.3.1 Narrative Analysis .................................................................................................. 12 1.3.2 Sentiment Analysis................................................................................................. 12 1.4 Goal of this Thesis ........................................................................................................... 13 1.4.1 Research Question ................................................................................................. 13 1.5 Previous Research ........................................................................................................... 14 1.5.1 Summary ................................................................................................................ 14 2 Theoretical Base ........................................................................................................ 16 2.1 DELL Technologies Services ............................................................................................. 17 2.1.1 Basic Deployment .................................................................................................. 19 2.1.2 ProDeploy .............................................................................................................. 19 2.1.3 ProDeploy Plus ....................................................................................................... 19 2.1.4 Additional Deployment Time ................................................................................. 20 2.2 Appliance-based Infrastructure Solutions....................................................................... 20 2.2.1 Dell Technologies Cloudboost ............................................................................... 21 2.2.2 Dell Technologies PowerStore ............................................................................... 21 2.2.3 Dell Technologies VxRail ........................................................................................ 22 2.3 Appliance Related Vulnerabilities ................................................................................... 22 2.4 Global Cyber Events ........................................................................................................ 26 2.4.1 1994 – Russian Hacker Case .................................................................................. 26 2.4.2 Slammer Worm ...................................................................................................... 26 2.4.3 2020 – Vastaamo Data Breach in Finland .............................................................. 27 2.5 Common Frameworks for IT-system Benchmarking ....................................................... 28 2.5.1 NIST Cybersecurity Framework ............................................................................. 28 2.5.2 HIPAA ..................................................................................................................... 30 2.5.3 PCI-DSS ................................................................................................................... 32 2.5.4 KATAKRI ................................................................................................................. 33 2.5.5 PITUKRI................................................................................................................... 34 2.5.6 Common Criteria - ISO/IEC 15408 ......................................................................... 38 2.6 Theory Summary ............................................................................................................. 39 2 3 Theme Interviews ...................................................................................................... 41 3.1 Interview Invitation ......................................................................................................... 41 3.2 Interview Participants ..................................................................................................... 41 3.3 Interview Questions ........................................................................................................ 42 3.4 Interview Summaries ...................................................................................................... 43 3.4.1 Company A ............................................................................................................. 43 3.4.2 Company B ............................................................................................................. 45 3.4.3 Company C ............................................................................................................. 47 3.4.4 Company D ............................................................................................................. 48 4 Interview Results ....................................................................................................... 51 4.1 Overview of Results ......................................................................................................... 51 4.2 Sentiment Analysis Results ............................................................................................. 60 5 Analysis ..................................................................................................................... 65 6 Conclusions ............................................................................................................... 69 7 Discussions ................................................................................................................ 72 8 Further Study ............................................................................................................. 75 Appendices ......................................................................................................................
Load more

Recommended publications
  • Put Our Expertise to Work for You! New and Surplus Repair and Sales Testing 15 Years of Excellence
    Put our expertise to work for you! New and Surplus www.pco2.com Repair and Sales Testing 15 Years Of Excellence Founded in 1995, PCO has been providing the process control industry with the parts and service needed to keep your business growing. Over the years we have accumulated distributorships from companies like WEG, Microsoft, and Unipower; to aid in serving you. Continually growing with the industry has been recognized as a necessity at PCO, which ensures that we’ll always be able to equip your business with the tools you need. Backed by a team of knowledgeable engineers you can trust our service from sales to repair exceeds your company’s expectations from a service provider such as PCO. By offering surplus equipment and custom engineering you can be sure PCO will be able to help your company adapt to the needs of today! Click Logos for Distributorships More Info Surplus Inventory Through the years PCO has amassed a large inventory of surplus parts and equipment. This has made us an industry leader in the sales and repair of obsolete, hard to find, and legacy equipment. With our selection of new and used surplus we can supply our customers the materials they demand. Repair & Testing Our repair technicians provide component level repairs for any piece of equipment including but not limited to; The Testing CRT Monitors, Power Supplies, Industrial Keyboards, Electro-Mechanical Hierarchy Devices, and Control Panels. • System Testing Our professionals assess your problem quickly to supply you with a quick • Functional Testing turnaround and a working unit. Every • In-Circuit Testing repair includes a One Year Parts and Labor Warranty.
    [Show full text]
  • Dell EMC's Response To
    REGION 14 EDUCATION SERVICE CENTER Response to Data Storage, Cloud, Converged and Data Protection Request for Proposal (RFP) # 30-18 Prepared For: Submitted By: Region 14 Education Service Center EMC Corporation 1850 Highway 351 3017 Douglas Blvd. Suite 300 Abilene, Texas 79601 Roseville, CA 95661 ATTN: Pamela Kunhart [email protected] Contractor Point of Contact Title Page Request for Proposal (RFP) # 30-18 | November 13, 2018 Region 14 Education Service Center Data Storage, Cloud, Converged and Data Protection EMC Contact Information for this Solicitation: NAME TITLE ROLE CONTACT INFORMATION Tiffany Pabst Contract Program Manager Individual in (916) 221-0294 State & Local Government, charge of [email protected] managing contract Education (SLED) compliance Pamela Manager, Strategic Contracts Individual in (877) 598-4915 Kunhart Program Office charge of the [email protected] State & Local Government, SLED Strategic Education (SLED) Contracts Office* Amanda Sr. Contracts Manager Individual (512) 723-6806 Hudson Authorized to [email protected] Obligate EMC Contractually *SLED Strategic Contracts Program Office Address: 3017 Douglas Blvd. Suite 300 / Roseville CA 95661; Phone: 1- 877-598-4915 EMC Corporation: EMC is a global leader in enabling businesses and service providers to transform their operations and deliver IT as a Service. Fundamental to this transformation is cloud computing. Through innovative products and services, EMC accelerates the journey to cloud computing, helping IT departments to store, manage, protect, and analyze their most valuable asset – information – in a more agile, trusted, and cost effective way. EMC is a registered trademark of EMC Corporation. All other trademarks used herein are the property of their respective owners.
    [Show full text]
  • Dell Technologies Company Overview Dell Technologies 회사 소개
    Dell Technologies Company Overview Dell Technologies 회사 소개 Dell Technologies는 오늘보다 나은 미래를 만든다는 비전으로, 담대하고 훌륭한 아이디어를 가진 전 세계 사람들이 더 나은 기술에 더 쉽게 접근할 수 있도록 지원하여 인류의 진보와 발전을 앞당기는 데 헌신하고 있습니다. 회사 소개 Dell Technologies HQ Dell Technologies Korea o 설립연도 o 법인 명 o 법인 명 o 대표 o 소재지 서울특별시 강남구 테헤란로 o 소재지 o 소재지 152, 17층 (역삼동, 강남파이낸스센터) o 사업분야 o 지방사무소 o 지방 사무소 • 글로벌 지점 - 53 개국에 직판 거점 / 190 개 이상의 시장에서 판매 o 설립연도 o 설립연도 1995년 8월 17일 - 직원 157,000 명 (2019) • 창업 32여년만인 2019년(FY20)에 연간 매출액 약 o 임직원수 913억불 달성 o 임직원수 • Dell EMC, VMware, PivOtal, RSA, VCE: 약 80조 인수 • 글로벌 및 APJ 서버시장 1위 • Fortune 500대 기업 중 98%가 고객 • 클라우드 컴퓨팅 본격화를 주도 Internal Use - Confidential 1 Dell Technologies Company Overview Dell Technologies 연혁 Dell Technologies의 연혁을 통해 함께 겪어 온 기념비적인 순간과 획기적인 발전의 역사를 살펴보면, 어떻게 7개 기업들이 힘을 모아 역사상 최대 규모의 기술 기업 합병을 성사시키게 되었는지를 알 수 있습니다. 1979 Michael Dell 회장의 비전이 구체화되기 5년 전, 대학 룸메이트였던 Richard Egan 씨와 Roger Marino 씨는 각자 하던 일을 그만 두고 매사추세츠주 뉴턴에서 EMC를 설립합니다. 1984 University of Texas의 젊은 대학생이었던 Michael Dell 씨는 기술을 어떻게 설계, 제조 및 판매해야 1987 하는지에 대한 획기적인 비전과 단돈 1,000 달러만으로 PC‘s Limited를 설립합니다. 회사가 설립되고 첫 번째 컴퓨터 시스템을 개발한 후, Dell은 영국에서 첫 번째 해외 자회사를 설립합니다. 1988 연간 약 80%의 성장률을 보이면서, Dell은 상장을 단행하기로 하며, 회사 명을 공식적으로 Dell Computer 1995 Corporation으로 변경하고, 외부 투자 자본을 활용하여 제품 오퍼링 뿐 아니라, 세계적인 입지와 인지도를 넓힙니다.
    [Show full text]
  • Complementary Capabilities in Dynamic Environments: the Evolution of Professional Services in Information Technology Product Firms
    Complementary Capabilities in Dynamic Environments: The Evolution of Professional Services in Information Technology Product Firms by Phillip C. Anderson M.B.A., University of California Los Angeles, 1998 M.S. in Electrical Engineering, Illinois Institute of Technology, 1985 B.S. in Electrical Engineering, Purdue University, 1984 Submitted to the Sloan School of Management in Partial Fulfillment of the Requirements for the Degree of ARCHIVES DOCTOR OF PHILOSOPHY at the MASSACHUSETTS INSTITUTE OF TECHNOLOGY June 2012 7~i C 2012 Phillip C. Anderson. All rights reserved. The author hereby grants to MIT permission to reproduce and to distribute publicly paper and electronic copies of this thesis document in whole or in part in any medium now known or hereafter created. Signature of Author: MIT Sloan School of Management March 15, 2012 -i Certified by: Michael A. Cusumano Sloan Management Review Distinguished Professor of Management MIT Sloan School of Management K Thesis Supervisor 4 Accepted by: Ezra Zuckerman Sivan V Nanyang Technological University Professor Chair MIT Sloan Ph.D. Program MIT Sloan School of Management 2 Complementary Capabilities in Dynamic Environments: The Evolution of Professional Services in Information Technology Product Firms by Phillip C. Anderson Submitted to the MIT Sloan School of Management on March 15, 2012 in Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy ABSTRACT The innovative firm must continually evaluate its boundaries - decisions often shaped through make-buy-partner evaluations and choices about where to define the firm's competences. Building off of earlier work that suggests heterogeneity in types of organizational competences, I submit that a firm's portfolio of organizational capabilities map across three states: core, supplementary, and complementary.
    [Show full text]
  • Business Model Evolving: Technology Strategy and New Value Capture Routines
    Business Model Evolving: Technology Strategy and New Value Capture Routines Phillip C. Anderson Assistant Professor Strategy and Entrepreneurship College of Business University of Illinois, Urbana-Champaign 1206 S. 6th Street 467 Wohlers Hall Champaign, IL 61820 [email protected] Mobile: 617-990-6043 September 14, 2015 – Please do not cite, quote, or circulate without permission – 1 Abstract When and how do business models evolve in a fast-changing environment? As a mediating link between technological innovation and firm performance, the business model is able to link two important dimensions of the firm: value creation and value capture. Yet, the construct suffers from fuzzy definitions, empirical silos, and a lack of theoretical development. Based on the existing literature, we build a value capture framework that is able to facilitate comparisons between a wide variety of business model types. Using a historical case study of two initiatives to extend a product- service business model at a technology product firm, the current paper explores when and how the business model as a system of organizational routines evolves as the firm’s technology strategy continues to shift. 1 Introduction When and how do business models evolve in a fast-changing environment? Schumpeterian innovation is often a time when new firms introduce new technologies as well as new business models to capture value from creative destruction (Schumpeter, 1942). The emergence of e-Business and web-enabled firms that accompanied the Internet in the mid-1990s has created a new context for old business models and in many cases spawned new business models (Amit and Zott, 2001, Baden-Fuller and Haefliger, 2013).
    [Show full text]
  • Emc Corporation
    Hillsborough County Aviation Authority Supplemental Contract Data Storage, Cloud, Converged, Data Protection and Technology Solutions COMPANY: EMC CORPORATION Term Date: 3/4/2021 through 10/31/2021 TABLE OF CONTENTS ARTICLE 1 CONTRACT 3 ARTICLE 2 SCOPE OF WORK 4 ARTICLE 3 TERM 5 ARTICLE 4 PAYMENTS 6 ARTICLE 5 TAXES 6 ARTICLE 6 NON-EXCLUSIVE 6 ARTICLE 7 ACCOUNTING RECORDS AND AUDIT REQUIREMENTS 7 ARTICLE 8 INSURANCE 7 ARTICLE 9 NON-DISCRIMINATION 9 ARTICLE 10 AUTHORITY APPROVALS 11 ARTICLE 11 DATA SECURITY 12 ARTICLE 12 COMPLIANCE WITH LAWS, REGULATIONS, ORDINANCES, RULES 12 ARTICLE 13 COMPLIANCE WITH CHAPTER 119, FLORIDA STATUTES PUBLIC RECORDS LAW 12 ARTICLE 14 NOTICES AND COMMUNICATIONS 13 ARTICLE 15 SUBORDINATION OF AGREEMENT 14 ARTICLE 16 SUBORDINATION TO TRUST AGREEMENT 14 ARTICLE 17 SECURITY BADGING 14 ARTICLE 18 VENUE 15 ARTICLE 19 PROHIBITION AGAINST CONTRACTING WITH SCRUTINIZED COMPANIES 15 ARTICLE 20 RELATIONSHIP OF THE PARTIES 15 ARTICLE 21 RIGHT TO AMEND 15 ARTICLE 22 FAA APPROVAL 16 ARTICLE 23 AGENT FOR SERVICE OF PROCESS 16 ARTICLE 24 INVALIDITY OF CLAUSES 16 ARTICLE 25 SEVERABILITY 16 ARTICLE 26 HEADINGS 17 ARTICLE 27 COMPLETE CONTRACT 17 ARTICLE 28 MISCELLANEOUS 17 ARTICLE 29 ORGANIZATION AND AUTHORITY TO ENTER INTO CONTRACT 17 ARTICLE 30 OWNERSHIP OF DOCUMENTS 17 ARTICLE 31 INDEMNIFICATION 18 EXHIBIT A NCPA CONTRACT NO. 01-82 EXHIBIT B WORK PLAN EXHIBIT C AUTHORITY POLICY P412, TRAVEL, BUSINESS DEVELOPMENT, AND WORKING MEALS EXPENSES EXHIBIT D SCRUTINIZED COMPANY CERTIFICATION Hillsborough County Aviation Authority Supplemental
    [Show full text]
  • Hard Disk Drives New 1.3 Hard Disk Drive
    January 2008 / Volume 21#1 / Issue No. 240 StorageNewsletter THE INTERNATIONAL MONTHLY NEWS REPORT ON THE WORLDWIDE STORAGE INDUSTRY GEORGE TEIXEIRA, STORAGE START-UPs: DATACORE’s CEO : “WE WILL PROVIDE A FRAMEWORK INVESTORS TO INTEGRATE SAN AND NAS” TIGHT-FISTED IN 2007 StorageNewsletter: Why did you choose Florida, a From 2006 to 2007, the total number of financial tourist state with very few storage and IT compa- rounds for storage start-ups fell from 62 to 52, for a nies, rather than California, Colorado or Massa- total amount of $477 million. chusetts? Teixeira: It turns out that Florida was actually the home This figure is down 29%, since just as significantly, the to a lot of the space program. And the original founders average investment per round also dipped from $10.8 of Datacore were from the space program and the million to $9.2 million, the lowest figure since 2003, the aerospace industry. We used to work for a company year we began undertaking this yearly survey. called Systems Engineering Labs, which became VCs are still interested in storage technology, but they Encore. And we were the group that did nuclear power are looking more closely before they take out their plant control, we did telemetry for the NASA space checkbooks. On the other hand, there have never been shuttle, so what we learned was if you're doing nuclear as many IPOs (6) as there were this year. power control, you learn how to do fail-over. If you NUMBER OF STORAGE START-UPs know how to do telemetry, you know how to do high- LAUNCHED EACH YEAR SINCE 1996 speed I/O.
    [Show full text]
  • An Event Study Analysis of the Dell-EMC Merger Courtney Meddaugh Clemson University, [email protected]
    Clemson University TigerPrints All Theses Theses 8-2017 An Event Study Analysis of the Dell-EMC Merger Courtney Meddaugh Clemson University, [email protected] Follow this and additional works at: https://tigerprints.clemson.edu/all_theses Recommended Citation Meddaugh, Courtney, "An Event Study Analysis of the Dell-EMC Merger" (2017). All Theses. 2749. https://tigerprints.clemson.edu/all_theses/2749 This Thesis is brought to you for free and open access by the Theses at TigerPrints. It has been accepted for inclusion in All Theses by an authorized administrator of TigerPrints. For more information, please contact [email protected]. An Event Study Analysis of the Dell-EMC Merger A Thesis Presented to the Graduate School of Clemson University In Partial Fulfillment of the Requirements for the Degree Master of Science Applied Economics and Statistics by Courtney Meddaugh August 2017 Accepted by: Dr. Thomas Hazlett, Committee Chair Dr. Raymond Sauer Dr. Matthew Lewis 1 Abstract The Dell-EMC merger presents a massive technology merger that will likely have an impact on many different markets. This paper uses this merger in order to test three commonly used methods of determining abnormal stock returns and finds that the three methods do not significantly differ. In addition, event study methodology is employed to evaluate share price reactions of competitors of Dell and EMC in response to categorized merger announcements leading up to the acquisition. It is determined that although some competitor returns move in a direction that could imply anti-competitiveness, these results are likely caused by occurrences unrelated to the merger. ii 2 Acknowledgements I thank my dad for his continued support during my thesis-writing process as well as all throughout my time at Clemson.
    [Show full text]