ENISA Case Study: Big Data Security Threats and Mitigation

Verified

Added on 2020/02/18

AI Summary

This report provides a comprehensive analysis of the ENISA case study, focusing on the security threats associated with big data. It begins with an overview of ENISA's role in information security and network infrastructure, followed by a detailed discussion of the main threats, which are categorized into unintentional damage/loss, eavesdropping/interception/hijacking, nefarious activities/abuse, legal issues, and organizational shortcomings. The report identifies the denial of service (DoS) attack as the most significant threat. Key threat agents, including corporations, cybercriminals, cyber terrorists, and employees, are also examined. Furthermore, the report outlines strategies to minimize these threats, such as implementing security policies, antivirus software, firewalls, and digital authentication. It also explores trends in threat probability for various agents and suggests improvements to the ETL (Extraction, Transformation, and Loading) process. Finally, the report briefly describes the current IT security measures in place at ENISA. The report concludes by emphasizing the importance of addressing these threats to safeguard big data assets.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: ENISA CASE STUDY
ENISA Case Study
Name of the Student
Name of the University
Author’s Note:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1
ENISA CASE STUDY
Table of Contents
Introduction......................................................................................................................................2
Discussion........................................................................................................................................3
1. Brief Overview of the Case Study...........................................................................................3
2. Main Threats............................................................................................................................3
2.1 Most Significant Threat.....................................................................................................7
3. Key Threat Agents...................................................................................................................7
3.1 Minimizing the Threats......................................................................................................8
3.2 Trends in Threat Probability..............................................................................................9
4. Improvement of ETL Process................................................................................................10
5. Current IT Security................................................................................................................10
Conclusion.....................................................................................................................................11
References......................................................................................................................................12

2
ENISA CASE STUDY
Introduction
The huge set of data, analyzed by several calculations is known as Big Data. These data
sets are utilized for disclosing the trends, associations, patterns that are directly related to the
interactions and behavior of human beings (Wu et al., 2014). The three features of big data are
defined by 3Vs. the 3Vs are the velocity of the data being processed, the major variety of the
types of data and the total volume of data. It helps to designate the group of systems,
technologies and several algorithms for the collection of data of various varieties and volume and
also for extraction of value by computation of the advanced analytics (Bansal & Kagemann,
2015). The candidate data generators are mobile telecommunication networks and devices; web
based applications, dispersed multimedia sensors on the Internet of Things, and dispersed
processes of business.
The following report outlines the case study of ENISA. The threat landscape for big data
gives a brief description on the security threats of ENISA. The report covers a brief introduction
about the case study. This case study became extremely popular in the year 2016 for the threats
and breaches of the big data assets (Enisa.europa.eu., 2017). The report also outlines the major
threats that can be mapped with the big data assets with the details of the most significant threat.
The report also helps to identify the key threat agents and the procedure to minimize the threats.
The trends in threat probability and the improvement of ETL process are also covered here. The
report gives a brief description on the current security of information technology.

3
ENISA Information System
Security
Policy
FirewallsDigital
Authentication
Antivirus
ENISA CASE STUDY
Discussion
1. Brief Overview of the Case Study
Figure 1: ENISA Big Data Security Infrastructure
(Source: Erl, Khattak & Buhler, 2016)
The European Union agency for Network and Information Security or ENISA is the hub
of information security or network for the European Union, the member states, the citizens of
Europe and the private sectors. They work with all the groups to get the advice and proper
recommendations in the security of the information (Enisa.europa.eu., 2017). They do their work
for improving the flexibility of the infrastructure of information and networks. ENISA is going
through several security threats and breaches in their agency. A security threat is the possibility
of danger that may occur in a system and can lead to dangerous vulnerabilities. These threats can
be either accidental or intentional. The accidental threats are those threats that are caused
accidentally either by malfunctioning of computer systems or by natural disasters. These can
neither be mitigated nor be stopped at any point (Chen & Zhang, 2014). The other threat is the

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4
ENISA CASE STUDY
intentional threat. These threats are created intentionally or with a specific purpose for criminal
acts like hacking. These threats can be mitigated or can be even stopped with proper measures.
2. Main Threats
ENISA has several big assets in its agency that can be mapped with several vulnerable
threats. The big data threats are broadly divided into five segments (Chen, Mao & Liu, 2014).
The five segments are as follows:
i) Unintentional Damage/Loss of Information or IT Assets
ii) Eavesdropping/ Interception/ Hijacking
iii) Nefarious Activities/ Abuse
iv) Legal
v) Organizational
The description of the above mentioned big data threats are given in the following
paragraphs.
i) Unintentional Damage/Loss of Information or IT Assets: These threats fall under the
section of unintentional threats or loss of information or any IT asset (Demchenko et al., 2013).
There are several threats under this section. They are follows:
a) Destruction of Records: The records of important data are destructed in this type of
threat and information is lost (Erl, Khattak & Buhler, 2016).
b) Leakage of Data: Data is leaked in this type of threat and thus information is lost.

5
ENISA CASE STUDY
c) Loss of Devices: Storage media, devices and documents are lost in this type of threat.
d) Loss of Sensitive Information: The integrity of sensitive information is lost in this type
of threat.
e) Loss of Information in the Cloud: The information gets lost in the cloud (Hashem et
al., 2015).
f) Damage by Third Party: A third party causes an unintentional damage.
g) Improper design and planning: Planning and design play the most important roles in
any organization. Improper and inadequate design and planning thus can cause major
destruction.
h) Unintentional Change in Data: The data gets modified and altered in this type of threat.
ii) Eavesdropping/ Interception/ Hijacking: These are the second type of big data
threats. These can be classified into several sub threats (Kshetri, 2014). They are as follows:
a) Manipulation in Network Traffic: The network traffic gets manipulated in this type of
threat.
b) Interception of information: The necessary information is intercepted in this type of
threat.
c) Replay of messages: The messages are replayed in this type of threat.
d) Interfering Radiation: the radiation is interfered in this type of threat.

6
ENISA CASE STUDY
e) Middleman: The hijacking of session and hijacking of middle men are the main
reasons for this threat (Patil & Seshadri, 2014).
iii) Nefarious Activities/ Abuse: These are the most vulnerable threats. Several threats
fall under this section. They are as follows:
a) Abuse of Information: The information leakage is abused in this type of threat.
b) Malicious Code or Software: The code or software that is malicious in nature and is
harmful for the system is known as malicious code or software (Bansal, 2014).
c) Denial of Service: Another most vulnerable threat is the denial of service.
d) Abuse of Authorization: The authority is abused in this type of threat.
e) Identity Theft: The identification of the user is theft in this type of threat and hacking
is done.
f) Unsolicited E-mail: Receiving any type of unsolicited emails is another important
threat (Kao et al., 2014).
g) Unauthorized activities: The activities that are not authorized are major threats.
h) Manipulation of hardware and software: Important data can be stolen by this particular
type of threat.
iv) Legal: This category covers all the legal and violation of laws threats. The
classification of this section is as follows:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7
ENISA CASE STUDY
a) Violation of Laws: Any type of violation of laws or regulations and breaching of
legislation comes under this threat (Sagiroglu & Sinanc, 2013).
b) Judiciary Decisions: The court orders and the judiciary decisions are important threats.
c) Failure to meet the contractual requirements: When the Contractual requirements are
not met entirely; it can lead to a major threat.
d) Abuse of Personal Data: Any type of abuse of personal data is another major threat in
legal section.
v) Organizational: This particular type of threat does not have any sub parts (Vatsalan et
al., 2017). This is mainly caused due to the shortage in skills of the employees.
2.1 Most Significant Threat
The most significant threat for the case study of ENISA is the Denial of Service or DoS.
The denial of service attack is a particular type of cyber attack that allows the hacker to make a
network resource or system unavailable to the users by interfering in the services of the computer
(Lu et al., 2014). The main disadvantage of denial of service attack is that the intended user does
not even know about the attack and the attack takes place. The system is absolutely open to the
hacker and he can alter or modify the data and information according to his wish. The incoming
traffic in a distributed denial of service attack allows the hacker to enter into the system and thus
can modify all the data (Vatsalan et al., 2017). Thus, it can be said that the most significant threat
of ENISA is the denial of service attack.
3. Key Threat Agents
ENISA has several key threat agents. They are as follows:

8
ENISA CASE STUDY
a) Corporations: These are the enterprises or organizations that adopt or are engaged in
any type of offensive tactics (Sagiroglu & Sinanc, 2013). The corporations are often considered
as the key threat agents and the motivation to achieve the competitive advantage over
competitors.
b) Cyber Criminals: These individuals are hostile by nature. They can be local, national
or international.
c) Cyber Terrorists: These people hack the systems and engage themselves into several
cyber attacks.
d) Script Kiddies: These unskilled people use scripts and codes for hacking the systems
(Thuraisingham, 2015).
e) Online Social Hackers: These most important threat agents can be vulnerable to the
organization.
f) Employees: The employees are the main assets of an organization (Lu et al., 2014).
Therefore, they know every detail about the organization and can be the major agent of threats.
g) Nation States: These states can have several offensive cyber capabilities and utilize
them.
3.1 Minimizing the Threats
The threats are the problems for ENISA big data assets. However, these threats can be
minimized by taking several measures (Thuraisingham, 2015). The measures are as follows:
i) Security Policy: This is the easiest way to secure systems and prevent security threats.
The security policies contain several guidelines to detect and prevent threats.

9
ENISA CASE STUDY
ii) Anti Virus: Installing antivirus software is another way to prevent security threats in
systems.
iii) Firewalls: Firewalls prevent security threats in a massive way and thus breaches can
be mitigated (Baumer, 2017).
iv) Digital Authentication: This type of authentication is done with the help of digital
systems and authentication is using digital signatures or face recognition software.
The above four ways will help ENISA to prevent and mitigate the security threats and
breaches.
3.2 Trends in Threat Probability
The trends in various threat probabilities are as follows:
i) Corporations: The trends of threat probability of this particular key agent are the
leakage of data via Web applications, interception of information, identity fraud, denial of
service, malicious code and generation and use of rogue certificates (Sagiroglu & Sinanc, 2013).
ii) Cyber Criminals: The trends of threat probability of this particular key agent are the
leakage of data via Web applications, interception of information, identity fraud, denial of
service, malicious code and generation and use of rogue certificates.
iii) Cyber Terrorists: The trends of threat probability of cyber terrorists are the leakage of
data via Web applications, identity fraud, denial of service, malicious code and generation of
rogue certificates.
iv) Script Kiddies: The trend of threat probability of script kiddies is the identity fraud.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

10
ENISA CASE STUDY
v) Online Social Hackers: The trends of threat probability of online social hackers are
the leakage of data via Web applications, interception of information and identity fraud
(Kshetri, 2014).
vi) Employees: The trends of threat probability of employees are the information leakage,
inadequate design and planning, identity fraud, malicious code, misuse of audit tools, failure of
business process.
vii) Nation States: The trends of threat probability of nation states are the leakage of data
via Web applications, interception of information, identity fraud, malicious code, generation and
use of rogue certificates (Baumer, 2017).
4. Improvement of ETL Process
The full form of ETL is the Extraction, Transformation and Loading (Wu et al., 2014).
The procedure of withdrawing data from several sources and getting them into warehouse of data
is known as ETL. The ETL process can be improved by various guidelines. They are as follows:
a) Loading of Changed Rows: The loading of changed rows can improve the process of
ETL (Baumer, 2017). The most efficient way is to take the snapshot of the changed records in
the source.
b) Using Batching: Batching reduces the complexities and can be done extracting the
data.
These guidelines can help ENISA to improve their ETL process.

11
ENISA CASE STUDY
5. Current IT Security
ENISA is not satisfied with the current IT security because of the several security threats
and breaches. The main threat is the denial of service attack. This type of threat occurs when a
hacker gets the access to the system is able to change the data and information (Demchenko et
al., 2013). The end user does not get any idea about this threat and the hacker is able to change
the contents of necessary information. They stop or block the access to the computer and is
extremely dangerous for any organization. ENISA is tensed about the security of their
organization and thus can be stated that they are not happy with the current information
technology security.
Conclusion
Therefore, from the above discussion it can be concluded that, ENISA has several big
data assets in their agency and these can be mapped with various vulnerable threats that are
harmful for their security system. The above report gives a brief discussion on the case study of
ENISA. The report contains the detailed research on the top threats and the description of the
most significant threat, which is the denial of service attacks. The report further contains the
main key threat agents and the ways to mitigate these risks. The trends of threat probability and
the improvement of ETL process are also mentioned here. The report concludes with the
discussion that whether ENISA is happy with the current IT security or not.

12
ENISA CASE STUDY
References
Bansal, S. K. (2014, June). Towards a semantic extract-transform-load (ETL) framework for big
data integration. In Big Data (BigData Congress), 2014 IEEE International Congress
on (pp. 522-529). IEEE.
Bansal, S. K., & Kagemann, S. (2015). Integrating big data: A semantic extract-transform-load
framework. Computer, 48(3), 42-50.
Baumer, B. S. (2017). A Grammar for Reproducible and Painless Extract-Transform-Load
Operations on Medium Data. arXiv preprint arXiv:1708.07073.
Chen, C. P., & Zhang, C. Y. (2014). Data-intensive applications, challenges, techniques and
technologies: A survey on Big Data. Information Sciences, 275, 314-347.
Chen, M., Mao, S., & Liu, Y. (2014). Big data: A survey. Mobile Networks and
Applications, 19(2), 171-209.
Demchenko, Y., Grosso, P., De Laat, C., & Membrey, P. (2013, May). Addressing big data
issues in scientific data infrastructure. In Collaboration Technologies and Systems (CTS),
2013 International Conference on (pp. 48-55). IEEE.
Enisa.europa.eu. (2017). Big Data Threat Landscape — ENISA. [online] Available at:
https://www.enisa.europa.eu/publications/bigdata-threat-landscape [Accessed 5 Sep.
2017].
Erl, T., Khattak, W., & Buhler, P. (2016). Big data fundamentals: concepts, drivers &
techniques. Prentice Hall Press.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

13
ENISA CASE STUDY
Hashem, I. A. T., Yaqoob, I., Anuar, N. B., Mokhtar, S., Gani, A., & Khan, S. U. (2015). The
rise of “big data” on cloud computing: Review and open research issues. Information
Systems, 47, 98-115.
Kao, R. R., Haydon, D. T., Lycett, S. J., & Murcia, P. R. (2014). Supersize me: how whole-
genome sequencing and big data are transforming epidemiology. Trends in
microbiology, 22(5), 282-291.
Kshetri, N. (2014). Big data׳ s impact on privacy, security and consumer
welfare. Telecommunications Policy, 38(11), 1134-1145.
Lu, R., Zhu, H., Liu, X., Liu, J. K., & Shao, J. (2014). Toward efficient and privacy-preserving
computing in big data era. IEEE Network, 28(4), 46-50.
Patil, H. K., & Seshadri, R. (2014, June). Big data security and privacy issues in healthcare.
In Big Data (BigData Congress), 2014 IEEE International Congress on (pp. 762-765).
IEEE.
Sagiroglu, S., & Sinanc, D. (2013, May). Big data: A review. In Collaboration Technologies and
Systems (CTS), 2013 International Conference on (pp. 42-47). IEEE.
Thuraisingham, B. (2015, March). Big data security and privacy. In Proceedings of the 5th ACM
Conference on Data and Application Security and Privacy (pp. 279-280). ACM.
Vatsalan, D., Sehili, Z., Christen, P., & Rahm, E. (2017). Privacy-Preserving Record Linkage for
Big Data: Current Approaches and Research Challenges. In Handbook of Big Data
Technologies (pp. 851-895). Springer International Publishing.

14
ENISA CASE STUDY
Wu, X., Zhu, X., Wu, G. Q., & Ding, W. (2014). Data mining with big data. IEEE transactions
on knowledge and data engineering, 26(1), 97-107.