Comprehensive Report: IT Risk Management for ENISA Big Data Security
VerifiedAdded on 2019/11/26
|15
|3274
|170
Report
AI Summary
This report examines IT risk management within the context of ENISA's big data security infrastructure. It provides an overview of the case study, focusing on the threats associated with big data assets, which are considered more complex than those associated with ordinary data. The report delves into the ENISA Big data security infrastructure, outlining its layers and modules, including data source, integration process, data storage, analytics and computing models, and presentation layers. It identifies various categories of threats, such as eavesdropping, manipulation of network traffic, unintentional damage, and legal threats, and discusses key threat agents like corporations, cybercriminals, and employees. The report also outlines steps to minimize the impact of these threats, including protecting sensitive information, restricting data transfer, and promoting secure data practices. Finally, the report evaluates the current state of IT security on ENISA and offers recommendations for improvement.
IT risk management
2017
2017
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
IT risk management
Contents
Overview of the case study:.......................................................................................................2
Introduction:...............................................................................................................................2
ENISA Big data security infrastructure:....................................................................................3
Threats associated with the ENISA Big data:............................................................................6
Significance:...............................................................................................................................8
Key threat agents:.......................................................................................................................9
Steps to minimize their impact on the system:...........................................................................9
Trends in the threat probability:...............................................................................................11
Improvement in the ETL process:............................................................................................12
Evaluation of the current state of IT security on ENISA:........................................................13
Recommendation:....................................................................................................................13
Conclusion:..............................................................................................................................14
References:...............................................................................................................................14
1
Contents
Overview of the case study:.......................................................................................................2
Introduction:...............................................................................................................................2
ENISA Big data security infrastructure:....................................................................................3
Threats associated with the ENISA Big data:............................................................................6
Significance:...............................................................................................................................8
Key threat agents:.......................................................................................................................9
Steps to minimize their impact on the system:...........................................................................9
Trends in the threat probability:...............................................................................................11
Improvement in the ETL process:............................................................................................12
Evaluation of the current state of IT security on ENISA:........................................................13
Recommendation:....................................................................................................................13
Conclusion:..............................................................................................................................14
References:...............................................................................................................................14
1
IT risk management
Overview of the case study:
The European Union agency for network and information security (ENISA) is the centralised
network authority which is perform the function of identifying threats and provides
mitigation techniques associated with the information security. This research study focuses
on the threats associated with the Big Data assets.
Introduction:
The threats associated with the Big data are far beyond the threat associated with the ordinary
data. The high level replication strategy should be built for deploying the storage of big data.
The outsourcing of big data results into the introduction of new types of breaches and
degradation and leakages of the threats associated with the specification of big data. “The
significant impact can be seen on the privacy and data protection methods used in storing the
big data” (Singh, 2015). The links should be created for specifying the key requirement to
impose parallelization for improving the process of data collection. The big data analytics
performance can be improved by adding the additional information on the data leakages and
increasing rate of breaches. There are different assets owners which are associated with the
big data are categorised as data owners, computation providers, data transformers, and
storage service providers. The activities and conflicts are aligned in the big data management
processes. The complex ecosystem can be created for involving the security measures in the
planning and execution phases associated with big data management processes. The overall
privacy and security is declining in the management of the big data with the increasing
demand of big data on the request of the user. The emerging paradigm should be constructed
by making use of security principles to minimize the risks of security and privacy associated
with the storage of big data. The gap between the identification of the threats and adopting
the mitigation policies can b filled with the construction of big data security infrastructure.
From the research, it has been identified that there is a lack of technology which can be used
for providing security to the big data environment. The management of the big data involves
focus on the identification of the threats, traditional approaches used for handling big data,
defining the solutions which are specific to the deployment of big data, planning of the
activities, security procedures for big data environment, identification of the big data assets,
and mitigation procedures. The ENISA aligns the data protection methods which are
convenient for securing the Big data. The critical infrastructure should be developed for
2
Overview of the case study:
The European Union agency for network and information security (ENISA) is the centralised
network authority which is perform the function of identifying threats and provides
mitigation techniques associated with the information security. This research study focuses
on the threats associated with the Big Data assets.
Introduction:
The threats associated with the Big data are far beyond the threat associated with the ordinary
data. The high level replication strategy should be built for deploying the storage of big data.
The outsourcing of big data results into the introduction of new types of breaches and
degradation and leakages of the threats associated with the specification of big data. “The
significant impact can be seen on the privacy and data protection methods used in storing the
big data” (Singh, 2015). The links should be created for specifying the key requirement to
impose parallelization for improving the process of data collection. The big data analytics
performance can be improved by adding the additional information on the data leakages and
increasing rate of breaches. There are different assets owners which are associated with the
big data are categorised as data owners, computation providers, data transformers, and
storage service providers. The activities and conflicts are aligned in the big data management
processes. The complex ecosystem can be created for involving the security measures in the
planning and execution phases associated with big data management processes. The overall
privacy and security is declining in the management of the big data with the increasing
demand of big data on the request of the user. The emerging paradigm should be constructed
by making use of security principles to minimize the risks of security and privacy associated
with the storage of big data. The gap between the identification of the threats and adopting
the mitigation policies can b filled with the construction of big data security infrastructure.
From the research, it has been identified that there is a lack of technology which can be used
for providing security to the big data environment. The management of the big data involves
focus on the identification of the threats, traditional approaches used for handling big data,
defining the solutions which are specific to the deployment of big data, planning of the
activities, security procedures for big data environment, identification of the big data assets,
and mitigation procedures. The ENISA aligns the data protection methods which are
convenient for securing the Big data. The critical infrastructure should be developed for
2
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
IT risk management
aligning the activities. The tools and technologies should be used to develop the mitigation
plan for securing the big data and to cope up with the threats associated with the handling and
storage program used for big data. “The potential impact can be seen with the deployment of
the security measures in the curriculum of the activities” (Wang, 2014).
ENISA Big data security infrastructure:
The strategies should be developed for carrying out the process of threat analysis on cyber
security. “The emerging risks should be identified by collecting relevant information
associated with the development of big data security infrastructure” (Jaseena, 2013). The high
level conceptual model should be for providing security requirement in the management of
big data. “The infrastructure of the big data involves the interrelationship between
computational power, analysis, storage, and analytics (Terzi, 2015). The consideration should
be given on the security massive data collected on the internet to provide digital information,
privacy issues, and data protection methods. The three dimension model can be created by
focusing on the 6V’s associated with the deployment of big data over the network which is
described below:
Volume: The significant amount of data volume should be collected
Velocity: The velocity refers to sending and retrieval of data on the demand of the
user. The speed should be considered for managing the flow of data packets.
Variety: The variety of data types and associated sources should be maintained for
storing the big data on the internet platform.
Veracity: The authenticity of the data helps in analysing and improving the quality of
data.
Variability: The variability is the term used for managing proper scheduling between
the inconsistencies in the arrival of data. The process can be used for handling the big
data effectively.
Value: The value should be associated for collecting the potential revenues from the
big data.
The security infrastructure of the big data constitutes of five layer which are categorised as
data source layer, integration process layer, data storage layer, use of analytical and
computing model layer, and lastly, the presentation layer. The following table shows the
layered infrastructure of the big data management.
3
aligning the activities. The tools and technologies should be used to develop the mitigation
plan for securing the big data and to cope up with the threats associated with the handling and
storage program used for big data. “The potential impact can be seen with the deployment of
the security measures in the curriculum of the activities” (Wang, 2014).
ENISA Big data security infrastructure:
The strategies should be developed for carrying out the process of threat analysis on cyber
security. “The emerging risks should be identified by collecting relevant information
associated with the development of big data security infrastructure” (Jaseena, 2013). The high
level conceptual model should be for providing security requirement in the management of
big data. “The infrastructure of the big data involves the interrelationship between
computational power, analysis, storage, and analytics (Terzi, 2015). The consideration should
be given on the security massive data collected on the internet to provide digital information,
privacy issues, and data protection methods. The three dimension model can be created by
focusing on the 6V’s associated with the deployment of big data over the network which is
described below:
Volume: The significant amount of data volume should be collected
Velocity: The velocity refers to sending and retrieval of data on the demand of the
user. The speed should be considered for managing the flow of data packets.
Variety: The variety of data types and associated sources should be maintained for
storing the big data on the internet platform.
Veracity: The authenticity of the data helps in analysing and improving the quality of
data.
Variability: The variability is the term used for managing proper scheduling between
the inconsistencies in the arrival of data. The process can be used for handling the big
data effectively.
Value: The value should be associated for collecting the potential revenues from the
big data.
The security infrastructure of the big data constitutes of five layer which are categorised as
data source layer, integration process layer, data storage layer, use of analytical and
computing model layer, and lastly, the presentation layer. The following table shows the
layered infrastructure of the big data management.
3
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
IT risk management
The tabular representation of the architecture is depicted in the table below:
Big data management
infrastructure
Layers Modules and processes
Presentation layer Use of Web browsers
Use of Desktops and laptops
Use f mobile devices
Use of web services
Analytics and computing
model layer
Query and reporting tools
Use of map reducing
technique
Use of stream analytics
Use of advanced analytics
4
The tabular representation of the architecture is depicted in the table below:
Big data management
infrastructure
Layers Modules and processes
Presentation layer Use of Web browsers
Use of Desktops and laptops
Use f mobile devices
Use of web services
Analytics and computing
model layer
Query and reporting tools
Use of map reducing
technique
Use of stream analytics
Use of advanced analytics
4
IT risk management
Data Storage layer Development of New SQL
databases
Use of distributed file system
Use of RDF stores
Integration of processes Use of messaging and API’s
Use of Data sources Streamlining of the data
Development of the
unstructured data
Development of the semi-
structured data
Development of structured
data
Function of Layer:
Data source layer: The data source layer is comprised of disparately data sources,
development of range for streamlining and alignment of the data and information.
The infrastructure is composed of semi-structured and structured developed on the
relational databases.
Integration process layer: The integration process layer is used for focusing data and
integration of datasets for managing the pre-processing operation.
Data storage layer: “The data storage layer is used for comprising the resource pool.
The data set is used for managing distributed file system, new SQL databases, use of
NoSQL, and RDF stores” (Munaye, 2016). The large number of data sets which are
used for persistent storage.
Analytics and computing models: “The model is used for encapsulation for various
tools such as technology of map reduce, storage of resources, and inclusion of data
management technology” (Bertino, 2013).
5
Data Storage layer Development of New SQL
databases
Use of distributed file system
Use of RDF stores
Integration of processes Use of messaging and API’s
Use of Data sources Streamlining of the data
Development of the
unstructured data
Development of the semi-
structured data
Development of structured
data
Function of Layer:
Data source layer: The data source layer is comprised of disparately data sources,
development of range for streamlining and alignment of the data and information.
The infrastructure is composed of semi-structured and structured developed on the
relational databases.
Integration process layer: The integration process layer is used for focusing data and
integration of datasets for managing the pre-processing operation.
Data storage layer: “The data storage layer is used for comprising the resource pool.
The data set is used for managing distributed file system, new SQL databases, use of
NoSQL, and RDF stores” (Munaye, 2016). The large number of data sets which are
used for persistent storage.
Analytics and computing models: “The model is used for encapsulation for various
tools such as technology of map reduce, storage of resources, and inclusion of data
management technology” (Bertino, 2013).
5
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
IT risk management
Presentation layer: The programming model is developed for the visualization of
technologies.
The cloud computing technologies should be used for the development of infrastructure for
the management of big data. “The cost effective and elasticity model should be developed for
scaling up and down of the virtual assets” (Wuest, 2016). The following diagram shows the
taxonomy of the big data assets:
Threats associated with the ENISA Big data:
The consideration should be given on the cyber-security threats because threats are associated
with the assets of the information and communication technology. The following table shows
the list of threats associated with the Big data analytics:
Category Types of threats
Eavesdropping Manipulation of network traffic
Interception Comprising emission interception
6
Presentation layer: The programming model is developed for the visualization of
technologies.
The cloud computing technologies should be used for the development of infrastructure for
the management of big data. “The cost effective and elasticity model should be developed for
scaling up and down of the virtual assets” (Wuest, 2016). The following diagram shows the
taxonomy of the big data assets:
Threats associated with the ENISA Big data:
The consideration should be given on the cyber-security threats because threats are associated
with the assets of the information and communication technology. The following table shows
the list of threats associated with the Big data analytics:
Category Types of threats
Eavesdropping Manipulation of network traffic
Interception Comprising emission interception
6
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
IT risk management
Intercepting radiation
Messages replay
Hijacking Man in the middle attack
Unintentional damage to the IT assets Record destruction
Leakage of data and application
Loss of media storage devices
Loss of sensitive information
Information loss on the cloud
Result in penetration testing
Third party damage
Inadequate design
Changes done in the information system
Information collected from unreliable sources
Administration errors
Organization threats Shortage of skills
Shortage of resources
Legal threats Violation of the laws and regulation
associated with the data management
Failure of assigning contractual requirement
Inadequacy in personal data
Judiciary decision
Other associated threats with big data Leakage of information
Deployment of the social engineering
concepts
Deployment of the malicious code and
activity
Inefficiency in authorization and
authentication
Brute force attacks
Failure of the business methodology and
processes
Denial of service attacks
Association of target attacks
7
Intercepting radiation
Messages replay
Hijacking Man in the middle attack
Unintentional damage to the IT assets Record destruction
Leakage of data and application
Loss of media storage devices
Loss of sensitive information
Information loss on the cloud
Result in penetration testing
Third party damage
Inadequate design
Changes done in the information system
Information collected from unreliable sources
Administration errors
Organization threats Shortage of skills
Shortage of resources
Legal threats Violation of the laws and regulation
associated with the data management
Failure of assigning contractual requirement
Inadequacy in personal data
Judiciary decision
Other associated threats with big data Leakage of information
Deployment of the social engineering
concepts
Deployment of the malicious code and
activity
Inefficiency in authorization and
authentication
Brute force attacks
Failure of the business methodology and
processes
Denial of service attacks
Association of target attacks
7
IT risk management
Unsolicited receiving of emails
Execution of remote activity
Identification of fraud and theft
Compromising with the sharing of
confidential information
Unauthorized installation of the software.
Misusing of the audit tools and information
Information manipulation
Generation of certificates
Significance:
The analysis of the threats present the extensive reviewing of actual threats associated with
the big data sets. “The threats result into the malfunctioning of the infrastructure which is
used for handling big data” (Do, 2013). The threat affects the unauthorised access of the big
data, destruction of activities, disclosure of information, data modification, and occurrence of
the denial of service attacks. The redundancy procedure of big data is used for mitigating the
effects of threats. The threat is an event which adversely affects the functioning of the big
data processes and management schemes. The big data asset is the collection of big volumes
of resources which are collected from different sources. There are two categories of threats
which are classified as big data leak and big data breach. “The big data breaches occur when
the theft of digital information takes place from the information and communication
technologies” (Sebaa, 2014). The big data leak is the disclosure of information which occurs
in the deployment project life cycle. The accidental threats are occurred by the human due to
misconfiguration of activities or due to the poor management of processes undertaken to
handle the big data. The interception in the communication is the common issue which exist
with the deployment of ICT technologies.
Key threat agents:
The following are the list of key threat agents which are associated with the management of
Big data:
8
Unsolicited receiving of emails
Execution of remote activity
Identification of fraud and theft
Compromising with the sharing of
confidential information
Unauthorized installation of the software.
Misusing of the audit tools and information
Information manipulation
Generation of certificates
Significance:
The analysis of the threats present the extensive reviewing of actual threats associated with
the big data sets. “The threats result into the malfunctioning of the infrastructure which is
used for handling big data” (Do, 2013). The threat affects the unauthorised access of the big
data, destruction of activities, disclosure of information, data modification, and occurrence of
the denial of service attacks. The redundancy procedure of big data is used for mitigating the
effects of threats. The threat is an event which adversely affects the functioning of the big
data processes and management schemes. The big data asset is the collection of big volumes
of resources which are collected from different sources. There are two categories of threats
which are classified as big data leak and big data breach. “The big data breaches occur when
the theft of digital information takes place from the information and communication
technologies” (Sebaa, 2014). The big data leak is the disclosure of information which occurs
in the deployment project life cycle. The accidental threats are occurred by the human due to
misconfiguration of activities or due to the poor management of processes undertaken to
handle the big data. The interception in the communication is the common issue which exist
with the deployment of ICT technologies.
Key threat agents:
The following are the list of key threat agents which are associated with the management of
Big data:
8
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
IT risk management
Corporations: “Sometimes offensive tactics are used by the organizations. The
organization is categorised as hostile threat agent” (Bouchard, 2012). It is successful
in taking competitive advantage associated with the competitors. The capabilities of
the corporation depend on the size, sector, range of human intelligence, and area of
expertise.
Association of cyber criminals: Cyber criminals are treated as hostile threat agents
because they motivate to increase financial gain of the enterprise. They are
categorised as international, national, and local.
Association of cyber terrorist: The activities of cyber-attack can be expanded with the
inclusion of cyber-terrorist. There can be political and religious issues to motivate the
cyber terrorist. The failure of the critical infrastructure can have an adverse effect on
the society.
Script Kiddies: The unskilled individuals are called as script kiddies. They can attack
on the network of the system by using script and programs.
Online social hackers: The hackers are politically motivated to steal the information
from high profile website, database of the corporation, use of intelligence agencies,
and military institution.
Employees: The employees of the company can attack on the computer resources of
the corporation to steal the confidential information of the organization.
Steps to minimize their impact on the system:
The steps which should be taken to minimise the effect of threats on the big data management
are:
Steps Description
Protection of the information The sensitive information should be handled
carefully. The protection mechanism should
be used for protecting the sensitive
information. The personal information should
not be shared.
Reducing the data transfer rate The shifting of the data should be banned
within the working curriculum of the
organization
Putting restriction on downloading The restriction of downloading helps in
9
Corporations: “Sometimes offensive tactics are used by the organizations. The
organization is categorised as hostile threat agent” (Bouchard, 2012). It is successful
in taking competitive advantage associated with the competitors. The capabilities of
the corporation depend on the size, sector, range of human intelligence, and area of
expertise.
Association of cyber criminals: Cyber criminals are treated as hostile threat agents
because they motivate to increase financial gain of the enterprise. They are
categorised as international, national, and local.
Association of cyber terrorist: The activities of cyber-attack can be expanded with the
inclusion of cyber-terrorist. There can be political and religious issues to motivate the
cyber terrorist. The failure of the critical infrastructure can have an adverse effect on
the society.
Script Kiddies: The unskilled individuals are called as script kiddies. They can attack
on the network of the system by using script and programs.
Online social hackers: The hackers are politically motivated to steal the information
from high profile website, database of the corporation, use of intelligence agencies,
and military institution.
Employees: The employees of the company can attack on the computer resources of
the corporation to steal the confidential information of the organization.
Steps to minimize their impact on the system:
The steps which should be taken to minimise the effect of threats on the big data management
are:
Steps Description
Protection of the information The sensitive information should be handled
carefully. The protection mechanism should
be used for protecting the sensitive
information. The personal information should
not be shared.
Reducing the data transfer rate The shifting of the data should be banned
within the working curriculum of the
organization
Putting restriction on downloading The restriction of downloading helps in
9
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
IT risk management
reducing the data transfer rate. The data will
not be carry out to any external sources
Sharing of files “The files and folders should be shared
within the organization before disposing of
the information” (Garg, 2013).
Restriction on unencrypted devices The restriction should be put not to use any
unencrypted devices within the infrastructure
of the organization
Promote secure transfer The transfer of data should be securely done
with the use of security methods such as
cryptography, encryption methods, and use
of private and public key.
Use of strong password The password policies should be used for the
creation of password.
Automatic security procedures The automatic security system should be
incurred in the working curriculum of the
organization because it helps in periodic
checking of the password, updating of the
firewall configuration, and reducing the risks
associated with the sensitive information
Identification of the threats The suspicious activity should be identified
on the network to take proactive action to
overcome the situation of cyber-attack.
Tracking of data The flow of data packets should be
monitored and tracked periodically.
Accessibility The sensitive data is accessible for bringing
down the risks associated with the malicious
user
Training and development programs The skills of the team members should be
sharpen to take proactive action before the
occurrence of cyber-attack.
Stopping incursion The management of activities and security
solution helps in preventing from the
10
reducing the data transfer rate. The data will
not be carry out to any external sources
Sharing of files “The files and folders should be shared
within the organization before disposing of
the information” (Garg, 2013).
Restriction on unencrypted devices The restriction should be put not to use any
unencrypted devices within the infrastructure
of the organization
Promote secure transfer The transfer of data should be securely done
with the use of security methods such as
cryptography, encryption methods, and use
of private and public key.
Use of strong password The password policies should be used for the
creation of password.
Automatic security procedures The automatic security system should be
incurred in the working curriculum of the
organization because it helps in periodic
checking of the password, updating of the
firewall configuration, and reducing the risks
associated with the sensitive information
Identification of the threats The suspicious activity should be identified
on the network to take proactive action to
overcome the situation of cyber-attack.
Tracking of data The flow of data packets should be
monitored and tracked periodically.
Accessibility The sensitive data is accessible for bringing
down the risks associated with the malicious
user
Training and development programs The skills of the team members should be
sharpen to take proactive action before the
occurrence of cyber-attack.
Stopping incursion The management of activities and security
solution helps in preventing from the
10
IT risk management
occurrence of attack.
Response of breach “The quick response should be generated
with the breaches attack. The notification
should be generated on the occurrence of
breaches attack” (Crane, 2014).
Trends in the threat probability:
Types of threats Trend and probability
Manipulation of network traffic High
Comprising emission interception Low
Intercepting radiation Low
Messages replay Low
Man in the middle attack Medium
Record destruction High
Leakage of data and application Low
Loss of media storage devices Low
Loss of sensitive information High
Information loss on the cloud High
Result in penetration testing Low
Third party damage High
Inadequate design Medium
Changes done in the information system Medium
Information collected from unreliable sources Low
Administration errors Low
Shortage of skills Low
Shortage of resources Low
Violation of the laws and regulation
associated with the data management
High
Failure of assigning contractual requirement High
11
occurrence of attack.
Response of breach “The quick response should be generated
with the breaches attack. The notification
should be generated on the occurrence of
breaches attack” (Crane, 2014).
Trends in the threat probability:
Types of threats Trend and probability
Manipulation of network traffic High
Comprising emission interception Low
Intercepting radiation Low
Messages replay Low
Man in the middle attack Medium
Record destruction High
Leakage of data and application Low
Loss of media storage devices Low
Loss of sensitive information High
Information loss on the cloud High
Result in penetration testing Low
Third party damage High
Inadequate design Medium
Changes done in the information system Medium
Information collected from unreliable sources Low
Administration errors Low
Shortage of skills Low
Shortage of resources Low
Violation of the laws and regulation
associated with the data management
High
Failure of assigning contractual requirement High
11
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 15
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.