Data Center Physical Security Ontology for Automated Evaluation

Nowadays, most business operations are supported by IT systems. Therefore, their availability is critical to keep business running smoothly and continuously. In order to provide high quality IT services, a well-managed data center is required to house computer servers, storage systems, network devices, and their associated components. Downtime of the data center can be costly resulting in production and business losses so that the high availability requirement of the data center is needed. Apart from availability, the data center also requires a dependable and secure computing including such attributes as confidentiality, reliability, safety, integrity, maintainability, etc. This paper introduces an ontology-based framework for data center physical security by gathering and mapping the requirement from well-known information security standards such as COBIT, ISO/IEC 27002, and ITIL. In order to fulfill the safety requirement of the data center, this ontology-based framework is also designed to be applicable with National Fire Protection Association (NFPA) code and standard for protecting all data center occupants and for limiting data center property loss from fire. The completion of this ontology will be used for the knowledge sharing and also as an input for data center physical security evaluation tool.