Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Threats to ENISA from Big Data

Verified

Added on 2020/02/19

AI Summary

This assignment delves into the security threats faced by ENISA (European Union Agency for Cybersecurity) due to big data. It identifies various threat agents, such as those utilizing malicious programs and codes (viruses, ransomware), who aim to access and manipulate sensitive data. The report highlights the potential damage these threats can inflict on ENISA's systems. To counter these risks, it explores risk control methodologies like cryptography, access control, and secure design. The emphasis is on the need for continuous monitoring and mitigation of these threats to ensure data protection within ENISA.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: RISK MANAGEMENT
Risk Management
Name of the Student
Name of the University
Author’s Note
Table of Contents

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

RISK MANAGEMENT
Introduction..........................................................................................................................3
1. ENISA Big Data Security Infrastructure.........................................................................3
2. Top Threats in Enisa and their significance....................................................................5
2.1. Threat due to Information leakage............................................................................5
2.2. Threat due to leaks of data via web application.......................................................5
2.3. Threat due to inadequate design and planning or incorrect adaption.......................6
2.4. Most significant Threat.............................................................................................7
3. Threat agents, impact and threat probability...................................................................7
3.1. Key Threat Agents....................................................................................................7
3.1.1. Threat Agent: Corporation.................................................................................8
3.1.2. Threat Agent: Cyber criminals..........................................................................8
3.1.3. Threat Agent: Cyber terrorists...........................................................................8
3.1.4. Threat Agent: Script kiddies..............................................................................8
3.1.5. Threat Agent: Hacktivists or online social hackers...........................................8
3.1.6. Threat Agent: Employees..................................................................................9
3.1.7. Threat Agent: Nation States...............................................................................9
3.2. Minimizing the impact of threat...............................................................................9
3.3. Trends in threat probability....................................................................................10
4. Improving ETL process.................................................................................................10
5. Current State of IT security...........................................................................................11

RISK MANAGEMENT
Conclusion.........................................................................................................................13
References..........................................................................................................................14

RISK MANAGEMENT
Introduction
The term big data corresponds to the vast amount of data and information present within
a system, which can be utilized for different purposes. The stored data can be analyzed
computationally to reveal the different patterns and trends associated with the human behaviors.
Big data deals with voluminous amounts data both structured and unstructured that different
organizations can use for business purposes (Wu et al., 2014). A wide range of audience can
access this data and therefore, different security and privacy issues remain associated with the
storage of massive amount of digital information. Therefore, different security measures are
needed to be ensured in order maintain the privacy and the integrity of the data. Enisa is facing a
similar big data threat and this report discusses the different threats. The report elaborates the top
threats associated with the organization and the key threat agent (Inukollu, Arsi & Ravuri, 2014).
The report further discusses the steps that could be taken to minimize the impact of the threats on
the system.
1. ENISA Big Data Security Infrastructure

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

RISK MANAGEMENT

RISK MANAGEMENT
Figure 1: Representing the ENISA big data security Infrastructure
(Source: created by author using MS Visio)
2. Top Threats in Enisa and their significance
The threats associated with the Big data architecture of Enisa is mainly due to the
information leakage due to human errors, unintentional intervention and erroneous use of
administration of system. The top threats associated with Enisa and their significance are
elaborated below ( ENISA 2017)-
2.1. Threat due to Information leakage
This threat is can be classified as accidental threats. Accidental threats are those threats
that are caused mainly due to human error. The major reason of the this threat is erroneous
configuration of the system, clerical errors, poor patch management and use of default user id
and passwords.
The most common source of information leakage is however due to erroneous
configuration.
The assets of the organization that are mainly affected by these threats include data and
application back end services.
2.2. Threat due to leaks of data via web application

RISK MANAGEMENT
This is another top threat associated with the system. Big data is often built with little
security and unsecure APIs therefore can be a major reason of data loss. APIs can be vulnerable
for big data as major big data applications are built on web services models.
CA has reported numerous data breaches in big data due to the use of insecure APIs,
especially in social networks, photo and video sharing services like Facebook and Snapchat.
The threat in this category may deal with injection attacks to different semantic web
technologies with the help of SPARQL. Security threats and errors are common in big data
language like SPARQL. The increasing use of these query language is responsible for
introducing new vulnerabilities into the system. The attack on old query language is well known
and therefore can be easily identified; however, they are equally dangerous.
The assets of the organization that are mainly affected by these threats include data and
storage infrastructure models.
2.3. Threat due to inadequate design and planning or incorrect adaption
The different techniques used for improving the Big data analytics performance and
combination of the heterogeneous data sources increase the number of redundancies in
representation of data and generating the ill protected copies of the data as well. This increases
the vulnerabilities of the stored data. This happens during the replication of the data. Considering
an example, if big data storage replicates the records a number of times and distributes in
different channels, the nodes may end up in acquiring different levels of security robustness. This
in turn may increase the possibility of data threats, which includes data disclosure and data leaks.
Therefore, this is categorized as a specific weakness in big data design.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

RISK MANAGEMENT
The assets of the organization that are mainly affected by these threats include data, big
data analytics, software, computing infrastructure models and storage infrastructure models.
2.4. Most significant Threat
The most significant threat associated with the big data is definitely data loss due to the
malicious code and software activity. The different agents of this threat include exploit kits,
worms, Trojans, backdoors and trapdoors, service spoofing and injection attacks. The API
vulnerability also counts in this threat (Chen & Zhao, 2012).
This threat is most significant because after deploying the malicious code into the system
with any of the discussed methods, the attacker may manipulate the data present in the infected
devices leading to a significant data loss. The malware-infected nodes of these files can send
targeted commands to different servers in order to distribute the malicious code, thus leading to
the exposure to number of risks. Numerous examples can be cited of hacking of big data using
malicious code attack. This type of attack is significantly dangerous as the attacker has the power
to manipulate the data using by running the malicious code (Pavlyushchik, 2014).
3. Threat agents, impact and threat probability
The key threat agents, impact of the threat and the threat probability are elaborated in the
following paragraphs-
3.1. Key Threat Agents
The threats or a malicious act is implemented with the help of certain malicious agents or
medium, which is termed as threat agents. The different threat agents associated with this case
are listed below-

RISK MANAGEMENT
3.1.1. Threat Agent: Corporation
One of the major threat agents associated with the big data threat is the organizations and
enterprises that engage in offensive tactics to gain competitive advantage over their competitors.
These organizations or enterprises pose significant capabilities in technology and human
engineering intelligence (ENISA 2017).
3.1.2. Threat Agent: Cyber criminals
Cyber criminals are another or may be the most significant threat agent. Their motivation
of engaging into criminal acts is mainly financial gain and therefore they can go to any extent
and therefore, the risk associated with this type of threat is generally very high.
3.1.3. Threat Agent: Cyber terrorists
The cyber terrorists are one of the most dangerous threat agents. The motivation of the
cyber terrorists in implementing and spreading these threats include political and religious
reasons. The main target of cyber terrorist is critical infrastructures that include public health,
energy production and telecommunication. This is because; failure of these organizations causes
severe impact in society and government, thus fulfilling the main aim of the cyber terrorists
(Taylor, Fritsch & Liederbach, 2014).
3.1.4. Threat Agent: Script kiddies
This is a non-significant threat agent as script kiddies mainly use programs and codes
developed by others to plan and implement an attack.
3.1.5. Threat Agent: Hacktivists or online social hackers

RISK MANAGEMENT
This threat agent makes us of the computer systems to protest and promote their views.
The main targets of hacktivists are high profile websites, corporations, intelligence agencies and
military institution.
3.1.6. Threat Agent: Employees
This refers to the staff, contractors and the operational staffs of an organization. This
threat includes data manipulation or erroneous data entry. Moreover, this threat agent has a
significant knowledge about the effective attacks in the assets present in an organization and
therefore considered as a dangerous threat.
3.1.7. Threat Agent: Nation States
This threat agent has an increasing cyber capability, which can be used against and
adversary. They are considered as a prominent threat agent due to the launching of sophisticated
attacks using different cyber weapons. The sophistication of this attack prove that Nation State
have high level of skill and expertise.
3.2. Minimizing the impact of threat
In order to minimize the impact of the discusses threat on the system, different measures
should be undertaken. The different measures that can be taken to to minimize the impact of the
threat are listed below-
1) Cryptography: in order to deal with the unintentional leakage and loss of information,
securing the information with proper cryptographic methods can be beneficial. Cryptography
further more prevents the unauthorized access of sensitive and confidential data. However, there
are certain issues associated with the use of cryptography in Big data, which includes protection

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

RISK MANAGEMENT
of sensitive information and maintaining the performance along with protecting logical and
physical fragments apart from files and disks (Stallings & Tahiliani, 2014).
2) Better security design can further help in data protection by preventing the data risks
associated with unsecure APIs. This can help in data protection with regular integrity checks.
3) Access Control: Access control is a significant area of big data. Information
classification and access control can help in limiting the access of data into the system. The host
of big data, which is cloud provider, should implement access control to fight the loss of data and
data breaches. Moreover, the use of strong hashing functions such as SHA-256 can help
securing the big data (Brucker et al., 2012).
4) Training the staffs can be an effective method of controlling the data loss due to
human error. Information security awareness, education and training is essential for ensuring
data security in big data.
3.3. Trends in threat probability
The threat probability of manipulation of data with due to the effect of malicious code
injected into the system is very high. The probability of this threat is high because it is the most
common method of manipulating the big data. Different threat agents are involved with this
threat, which makes the effect of the threat more dangerous. The probability of threat due to
erroneous data entry is very low and it can be eliminated as well.
4. Improving ETL process
ETL is used as a short form for extract, transform and load, which are three main
database functions. This is a process of data warehousing which is responsible for taking data out

RISK MANAGEMENT
of the system and transferring it into the warehouse. The different methods that can be used to
improve the ETL process are listed below (Kimball & Ross, 2013)-
1) An important technique of improving the ETL process is tackling the bottlenecks. This
can be done by maintaining a log metrics such as time, number of records and hardware usage.
The resources each process is accessing should be estimated beforehand in order to tackle this
problem.
2) Another significant technique of improving the ETL process is loading the data into
the system incrementally. This means, only the changes between the previous data and the new
data are to be changed. This reduces the threat of erroneous data entry. It is although a bit
difficult to implement, it helps in improving the process of ETL and in removal of threats.
3) Large tables can be partitioned in order to improve the processing of data. A large
table is cut down into smaller tables that help in data better management of data and elimination
of threat as well.
4) The extraneous data is not uploaded into the warehouse. Elimination of irrelevant data
helps in improving the performance of ETL.
5) Use of cache data may help in improving the ETL process. This is because, the cache
memory helps in speeding up of the things and process in an effective way. However, caching
largely depends on the system and the amount of memory the system support and therefore this
may not be that effective for systems with low data storage.
5. Current State of IT security

RISK MANAGEMENT
The current IT security of Enisa is not appropriate and hence proper measures are to be
taken in order to prevent data security threats. The current IT state is not appropriate because
there are certain issues associated with the security of big data. Absence of access control is an
important reason for unauthorized access of data and data manipulation (Von Solms & Van
Niekerk, 2013). The data needs to be secured with proper cryptographic means, which would
considerably help in data protection. Cryptography along with the process of encryption may
considerably help in data security. This is furthermore essential as big data is mainly stored in
cloud and therefore, different security measures are furthermore essential. The threats discussed
in the report are dangerous and are the risk of such threats is associated with Enisa. Therefore,
Enisa should not be satisfied with the current state of IT security. The organization can be easily
targeted by the hackers as the system is vulnerable to different types of threats and intrusion. The
organization should implement an intrusion detection system to report the different cases of
threats, vulnerabilities and attacks. The insecure API can be a major source of malware and
therefore Enisa should install proper firewall and vulnerability scanner in order to develop a
secure system. The use of vulnerability scanner and firewall may reduce the risk of intrusion into
the information system of Enisa and can considerably help in data protection. The absence of
these features considerably increases the risk of data breach and data manipulation. Enisa lacks
proper risk mitigation approaches and techniques to control the risk. Risk mitigation is an
important risk management approach, which includes, risk avoidance, risk monitoring, risk
control and risk transfer. Risk transfer deals with transferring the risk to a stakeholder or a
different organization that is willing to take that risk. Having an insurance is an effective way of
risk mitigation. Absence of proper risk management strategy is another important aspect of the
security loopholes Enisa is facing. Therefore, it is concluded that ENISA should not be satisfied

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

RISK MANAGEMENT
with the current state of IT security and should implement proper methods to control and
mitigate the risks associated with the big data security of the system.
Conclusion
Therefore, from the above discussion, it can be concluded that ENISA is associated with
different types of threats in relation to the big data. Big data and data mining are one of the most
important aspect of today’s business and therefore many dishonest people make incorrect use of
big data that gives rise to a number of threats. These people or organization that is associated
with the threats is termed as threat agents. The report discusses in detail, the different threat
agents associated with ENISA and the probable damage they could cause into the system. The
threat agents have different objectives in planning and implementing an attack. The repot
discusses the effect of these threats that are associated with big data and their probable causes.
Among many threats present in Enisa, the top threat identified is the threat, the system is exposed
to due to the involvement of malicious programs and codes. These can involve viruses and
ransomwares that further spread from system to system. With the help of these malicious codes,
the attacker can access and manipulate the data and thus the threat arises in the process. These
threats are to be removed from the information system of ENISA in order to ensure data
protection. Different risk control methodologies and approaches are described in the report,
which include cryptography, access control and proper security design. These factors are to be
kept in mind before implementing proper security measures, which is essential for eliminating
the risks associated with the system. ENISA is should not be satisfied with the current state of IT
security within the organization because the organization is exposed to a number of threats,
which should be controlled mitigated and monitored as soon as possible.

RISK MANAGEMENT
References
Big Data Threat Landscape — ENISA. (2017). Enisa.europa.eu. Retrieved 6 September 2017,
from https://www.enisa.europa.eu/publications/bigdata-threat-landscape
Brucker, A. D., Hang, I., Lückemeyer, G., & Ruparel, R. (2012, June). SecureBPMN: Modeling
and enforcing access control requirements in business processes. In Proceedings of the
17th ACM symposium on Access Control Models and Technologies (pp. 123-126).
ACM.
Chen, D., & Zhao, H. (2012, March). Data security and privacy protection issues in cloud
computing. In Computer Science and Electronics Engineering (ICCSEE), 2012
International Conference on (Vol. 1, pp. 647-651). IEEE.
Inukollu, V. N., Arsi, S., & Ravuri, S. R. (2014). Security issues associated with big data in
cloud computing. International Journal of Network Security & Its Applications, 6(3), 45.
Kimball, R., & Ross, M. (2013). The data warehouse toolkit: The definitive guide to dimensional
modeling. John Wiley & Sons.
Pavlyushchik, M. A. (2014). U.S. Patent No. 8,713,631. Washington, DC: U.S. Patent and
Trademark Office.
Stallings, W., & Tahiliani, M. P. (2014). Cryptography and network security: principles and
practice (Vol. 6). London: Pearson.
Taylor, R. W., Fritsch, E. J., & Liederbach, J. (2014). Digital crime and digital terrorism.
Prentice Hall Press.

RISK MANAGEMENT
Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber security.
computers & security, 38, 97-102.
Wu, X., Zhu, X., Wu, G. Q., & Ding, W. (2014). Data mining with big data. IEEE transactions
on knowledge and data engineering, 26(1), 97-107.

1 out of 16

+13062052269

info@desklib.com

Threats to ENISA from Big Data

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Related Documents

Cybersecurity Risks and Cloud Computing

Improving ETL Process for Big Data Analysis

Improving ENISA Big Data Security Threat Detection and Prevention

Analysis of Cyber-Security Threats and Recommendations for Improvement

Cyber Security Risks in Cloud Computing

Cybersecurity & Data Protection in Industry 4.0