2021-03-05: IT-Security and Visualization
"Work scientifically and gain work experience in the process"
"Visualization-based Enhancement of IT Security Management and Operations” is the title of the 287-page dissertation written by Tanja Hanauer, an employee at IT Infrastructure Server and Services (ITS) at the Leibniz Computing Center (LRZ). In it, she researches how the IT processes of an organization can be made clearer, more reliable and more secure. "The LRZ is a good place for a thesis," says Hanauer. "I was able to research, work in practice and at the same time put my research results into practice, the LRZ offers a lot of scientific and practical knowledge." The dissertation was accepted at the University of the Federal Armed Forces in Munich, it includes suggestions for the visualization of security measures and their verification: A lack of overview and deficiencies in the management of systems, so the most important result of Hanauer, are often the cause of security deficits. Well-defined processes, secured, reliable data and graphics based on them offer quick control options and insights.
Why the subject? Dr. Tanja Hanauer: Security comes with a lot of IT requirements that users and administrators have to implement. But often only a few specialists know that. The gap between must and action and that between individual and organizational knowledge is relevant for lived security. So it's about knowing security-related requirements, adapting them to the organization and putting them into practice. To do this, it is necessary to use the existing experience of employees. The visualization of data and processes can help. For my dissertation, I also analyzed use cases with data from the LRZ and developed a framework from this that can be transferred to other IT environments, applications and generally data-based processes.
How long have you been working on it? Hanauer: About 5 years. In 2012 I joined the LRZ as a security employee, found my topic and a doctoral supervisor, initially a professor at the LMU. But I noticed that a full-time job in Garching is difficult to combine with events inthe city of Munich. So I switched to Wolfgang Hommel, who worked at the LRZ and is now a professor at the University of the Federal Armed Forces.
What are your main results or experiences? Hanauer: The set of rules or framework I developed offers approaches to support various participants or stakeholders in ensuring more IT security in their organization. Specifically, it offers according to current security standards and requirements for the configuration, operation and management of a heterogeneous IT environment and its services.
How did your colleagues support you? Hanauer: My supervisors, first Christoph Biardzki, then Winfried Raab, knew about the dissertation. Parts of my diss were written during my working hours. I was also able to supervise master's and bachelor's theses at the LRZ and hold block seminars at the University of Bremen. Without such support from the colleagues, a dissertation alongside a full-time position is difficult.
There were problems? Hanauer: PhD have to publish in science journals and at conferences. Here I found it difficult to get funding to attend the conference. Access to scientific publications is also not possible via the LRZ. A fund is missing, and the routes are unclear.
Responsibility, teaching, money - what does the doctorate bring? Hanauer: First and foremost, I wanted to create new knowledge, deal intensively with an exciting topic and make a difference in IT security. I succeeded. I hope to bring even more movement into the matter after the dissertation.
What was the biggest surprise during your doctorate? Hanauer: In addition to the research-based, time-consuming aspect of doing a doctorate, some sub-steps that initially appear trivial take significantly longer than expected. As with IT security, it is the small details that we tend to neglect or overlook. (Interview: vs)