Information Security Challenges and ENISA Recommendations Report
VerifiedAdded on 2019/11/25
|11
|2527
|62
Report
AI Summary
This report delves into the critical realm of information security, focusing on the challenges posed by big data. It begins by defining big data and its applications, highlighting the associated security and privacy risks. The report identifies various threats, including data theft, breaches, and degradation, emphasizing the impact of human error and misconfiguration. It analyzes threat agents such as corporations, cybercriminals, and employees, and discusses the importance of cryptography and access control. Furthermore, the report explores the role of ENISA (European Union Agency for Network and Information Security) in identifying and addressing security issues. It recommends that organizations adopt specific security measures and tactics, including regular analysis of contemporary issues and the implementation of robust security protocols. The report also provides recommendations for the use of cloud services and offers insights into how to enhance the current status of IT security to mitigate risks and ensure data protection.
Running Head: INFORMATION SECURITY 1
Information Security
Information Security
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Information Security 2
Part 1
The case study has highlighted the issue related to big data security in the data storage systems.
The term big data refers to different types of algorithms, technology and the infrastructure which
can store and analyze massive amount of data. There are several and diversified sources of big
data which are used for adoption and the development of big data applications. In the present
times, big data applications are necessary to increase the efficiency and the effectiveness of the
decision-making in large business organizations. In the present times, data and knowledge is
considered as the most crucial asset for the business organizations. The applications of big data
are ranging from the military, science and business intelligence (Lopez & Saleem, 2017).
Although big data has immense applications in different work and operations in business
enterprises, it also bears several types of security and privacy risk for the users. Big data
applications are becoming target of various threat agents and with time, several specialized
attacks will also be devised to exploit the vulnerabilities and the threats of big data. It has been
identified that the big data threat includes but is not limited to the theft of ordinary data and new
breaches and degradation and threats have emerged which can impact the data which is collected
with the help of big data collection method. The frequency of outsourcing in big data can
introduce new type of breach, leakage and degradation threats. They can also impact on the
privacy and data protection. In big data system, additional time is required for parallelization and
ingestion; however, the requirement of additional time can increase the impact and frequency of
data leakage and breach. In addition to it, several security challenges and issues are aligned with
big data asset owners and the interest of different asset owners are not aligned together and might
be in conflict. The security countermeasures may be in conflicts which can create a difficult big
data security landscape. The report has highlighted the security issues with the big data.
Part 1
The case study has highlighted the issue related to big data security in the data storage systems.
The term big data refers to different types of algorithms, technology and the infrastructure which
can store and analyze massive amount of data. There are several and diversified sources of big
data which are used for adoption and the development of big data applications. In the present
times, big data applications are necessary to increase the efficiency and the effectiveness of the
decision-making in large business organizations. In the present times, data and knowledge is
considered as the most crucial asset for the business organizations. The applications of big data
are ranging from the military, science and business intelligence (Lopez & Saleem, 2017).
Although big data has immense applications in different work and operations in business
enterprises, it also bears several types of security and privacy risk for the users. Big data
applications are becoming target of various threat agents and with time, several specialized
attacks will also be devised to exploit the vulnerabilities and the threats of big data. It has been
identified that the big data threat includes but is not limited to the theft of ordinary data and new
breaches and degradation and threats have emerged which can impact the data which is collected
with the help of big data collection method. The frequency of outsourcing in big data can
introduce new type of breach, leakage and degradation threats. They can also impact on the
privacy and data protection. In big data system, additional time is required for parallelization and
ingestion; however, the requirement of additional time can increase the impact and frequency of
data leakage and breach. In addition to it, several security challenges and issues are aligned with
big data asset owners and the interest of different asset owners are not aligned together and might
be in conflict. The security countermeasures may be in conflicts which can create a difficult big
data security landscape. The report has highlighted the security issues with the big data.
Information Security 3
Moreover, the report has identified the gaps between big threat and countermeasures in the big
data. If the business organizations adopt basic privacy and security practices, it can decrease the
privacy and security risks in big data organizations. The initial security arrangements can be
beneficial for the organization and it will reduce the cost and effort required to provide ad hoc
solutions later on (Sharvari, Solanki, Kumar, & Nilanjan, 2017).
The current countermeasure technique should adapt the existing solutions against the traditional
data threats in the big data environment. It should also focus on adaptation of the existing
solutions to the big data challenges. The report has provided several recommendations such as
departure from the traditional data security methods to big data specific solutions. The business
organizations should also identify the gaps and needs in the current standardization activities and
focus on training and specialization of the professionals. The organization should define the tools
and techniques for the security and the privacy protection and simplify or customize the solutions
for mitigating risk and threats in the business organizations (Mather, Kumaraswamy, & Latif,
2009).
Moreover, the report has identified the gaps between big threat and countermeasures in the big
data. If the business organizations adopt basic privacy and security practices, it can decrease the
privacy and security risks in big data organizations. The initial security arrangements can be
beneficial for the organization and it will reduce the cost and effort required to provide ad hoc
solutions later on (Sharvari, Solanki, Kumar, & Nilanjan, 2017).
The current countermeasure technique should adapt the existing solutions against the traditional
data threats in the big data environment. It should also focus on adaptation of the existing
solutions to the big data challenges. The report has provided several recommendations such as
departure from the traditional data security methods to big data specific solutions. The business
organizations should also identify the gaps and needs in the current standardization activities and
focus on training and specialization of the professionals. The organization should define the tools
and techniques for the security and the privacy protection and simplify or customize the solutions
for mitigating risk and threats in the business organizations (Mather, Kumaraswamy, & Latif,
2009).
Information Security 4
Figure: Information and Security Issues
Part 2
With the advent of big data, several new security and privacy threats have arisen. The
threats refer to any event which may provide unauthorized access, damage or denial of service to
a third party organization. According to the personal perception, the information leakage due to
human error or sharing is the primary threat to the business organizations. The threats refer to all
those security breaches which are caused by human errors, misconfiguration or clerical errors.
The human errors refer to the misconfiguration, slips or errors due to skill disadvantage or use of
simple or easy to guess user names, and mistakes related to software upgrading or procedural
flaws (Craig & Ludloff, 2011).
Figure: Information and Security Issues
Part 2
With the advent of big data, several new security and privacy threats have arisen. The
threats refer to any event which may provide unauthorized access, damage or denial of service to
a third party organization. According to the personal perception, the information leakage due to
human error or sharing is the primary threat to the business organizations. The threats refer to all
those security breaches which are caused by human errors, misconfiguration or clerical errors.
The human errors refer to the misconfiguration, slips or errors due to skill disadvantage or use of
simple or easy to guess user names, and mistakes related to software upgrading or procedural
flaws (Craig & Ludloff, 2011).
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Information Security 5
Information leakage due to misconfiguration can be a common problem. There are several setups
for system administration such as Redis, MongoDB, Memcache and ElesticSearch. The default
settings do not have any configuration for authentication, encryption or authorization of the data.
It means that the data can be easily accessed by a third party. It can be critiqued that the data
breach due to human error is the biggest threat to a business organization. The organization
invests a large amount of money in training employees to operate organization’s device or
equipment. However, still a large amount of employees make mistakes in operating it. The
human error can be reduced by training; however, it cannot be completely vanished. Therefore, it
is the most significant error in big data application. With negligence, the employees may reveal
sensitive or confidential information of the organization (Katsikas, Lambrinoudakis & Furnell,
2016).
Part 3
The threat agent is an entity which or who has the capabilities, intention or the past
activities of threatening or causing damage to the data of an organization. The threat agents can
be corporation, cyber criminals, cyber terrorists, social hackers or employees. The corporations
refer to the organizations or entities which are engaged in offensive methods so that they can
gain competitive advantage over their competitors or to obtain significant capabilities related to
any specific area of expertise. The cyber criminals are hostile factors who want to obtain
financial gain or any specific skill by breaching the security system of an organization. The
cybercriminals operate in local, national or international level. On the other hand, cyber terrorists
are engaged in numerous activities and the cybercrime or cyber-attacks are only a part of it. They
are differentiated by their motivation which can be political or religious and their capability is
usually high in nature. The cyber terrorists focus on the critical infrastructure of the location
Information leakage due to misconfiguration can be a common problem. There are several setups
for system administration such as Redis, MongoDB, Memcache and ElesticSearch. The default
settings do not have any configuration for authentication, encryption or authorization of the data.
It means that the data can be easily accessed by a third party. It can be critiqued that the data
breach due to human error is the biggest threat to a business organization. The organization
invests a large amount of money in training employees to operate organization’s device or
equipment. However, still a large amount of employees make mistakes in operating it. The
human error can be reduced by training; however, it cannot be completely vanished. Therefore, it
is the most significant error in big data application. With negligence, the employees may reveal
sensitive or confidential information of the organization (Katsikas, Lambrinoudakis & Furnell,
2016).
Part 3
The threat agent is an entity which or who has the capabilities, intention or the past
activities of threatening or causing damage to the data of an organization. The threat agents can
be corporation, cyber criminals, cyber terrorists, social hackers or employees. The corporations
refer to the organizations or entities which are engaged in offensive methods so that they can
gain competitive advantage over their competitors or to obtain significant capabilities related to
any specific area of expertise. The cyber criminals are hostile factors who want to obtain
financial gain or any specific skill by breaching the security system of an organization. The
cybercriminals operate in local, national or international level. On the other hand, cyber terrorists
are engaged in numerous activities and the cybercrime or cyber-attacks are only a part of it. They
are differentiated by their motivation which can be political or religious and their capability is
usually high in nature. The cyber terrorists focus on the critical infrastructure of the location
Information Security 6
which is public health, energy production or the telecommunication infrastructure of the
organization. The cyber terrorists cause severe impact on the society or the government. The
online social hackers refers to the socially or the politically motivated individuals who are
motivated to use online mediums to promote or protest for their cause. Along with it, the
employee can also pose significant threat to a business organization. They can access a
company’s resource and easily leak the sensitive information. The employees can be non-hostile
threat agents or hostile threat agents. The non-hostile threat agents refers to the distracted
employees whereas thee disgruntled employees are included in hostile threat agents (Wheeler &
Winburn, 2015). The nation agents have also become another significant threat agent which may
use online capabilities to use against an adversary. In the recent years, several nation states have
deployed sophisticated cyber-attacks to secure highly-sensitive information related to
intelligence, military and other technological developments.
There are several practices which can be adopted to secure the sensitive information of the
organization to protect the big data assets of the organization. Cryptography can be used to
protect the data from unintentional leakages and to prevent unauthorized access to the data and
the system. However, encryption or cryptography can create additional complexity and require
additional demand and requirement for the infrastructure. Other than that, information leakage
due to incapability of the information system can be addressed by integrating the security
features at the initial stage of development t lifecycle of the organization. The use of ad hoc key
management tools can also be used to protect the data from eavesdropping, interception or
hijacking of the information. In addition to it, the nefarious activities or abuse can be addressed
by establishing access control in the organization. It means that the information should be
provided an appropriate level of protection according to its importance to the organization. The
which is public health, energy production or the telecommunication infrastructure of the
organization. The cyber terrorists cause severe impact on the society or the government. The
online social hackers refers to the socially or the politically motivated individuals who are
motivated to use online mediums to promote or protest for their cause. Along with it, the
employee can also pose significant threat to a business organization. They can access a
company’s resource and easily leak the sensitive information. The employees can be non-hostile
threat agents or hostile threat agents. The non-hostile threat agents refers to the distracted
employees whereas thee disgruntled employees are included in hostile threat agents (Wheeler &
Winburn, 2015). The nation agents have also become another significant threat agent which may
use online capabilities to use against an adversary. In the recent years, several nation states have
deployed sophisticated cyber-attacks to secure highly-sensitive information related to
intelligence, military and other technological developments.
There are several practices which can be adopted to secure the sensitive information of the
organization to protect the big data assets of the organization. Cryptography can be used to
protect the data from unintentional leakages and to prevent unauthorized access to the data and
the system. However, encryption or cryptography can create additional complexity and require
additional demand and requirement for the infrastructure. Other than that, information leakage
due to incapability of the information system can be addressed by integrating the security
features at the initial stage of development t lifecycle of the organization. The use of ad hoc key
management tools can also be used to protect the data from eavesdropping, interception or
hijacking of the information. In addition to it, the nefarious activities or abuse can be addressed
by establishing access control in the organization. It means that the information should be
provided an appropriate level of protection according to its importance to the organization. The
Information Security 7
security protocols should be implemented according to its importance to the organization.
Several cyber-attackers attack other system prevent the owner’s access to the system. It is called
denial of service and it can be mitigated with the help of network traffic monitoring, filtering,
and rate limiting and general DNS services (Bunnik, Cawley, Lulqueen & Zwitter, 2016).
The major trends in cyber-security are due to threat to the privacy and the confidentiality of the
data streams. The primary challenge for the business organizations is the issue of personal
identification information and the confidentiality of the customers and the organization. The
identity fraud can result due to traffic capture and data mining. The anonymity of the users is
another issue for the organization. An organization can increase the privacy by the use of
cryptography; however, there are several issues related to the cryptographic technique. It
includes performance and scalability, protection of logical and physical fragments. Cryptography
can increase the complexity of the system and negatively impacts on the performance. Several
products and ad hoc solutions can be used instead of cryptography to increase the overall
performance of the system. There are also several issues related to the computing infrastructure
and storage models. There are several issues related to the lack of standardization and the
portability of security controls which may arise due to the poor design of the security features of
the system (Pearson & Yee, 2012).
Part 4
ENISA Threat Landscape (ETL) is an organization which identifies the threats and other
contemporary security issues with the digital system and new technologies. The organization
conducts a survey with the business managers and IT professionals in different organizations
posted at different levels. The organization can use other primary data collection methods to
security protocols should be implemented according to its importance to the organization.
Several cyber-attackers attack other system prevent the owner’s access to the system. It is called
denial of service and it can be mitigated with the help of network traffic monitoring, filtering,
and rate limiting and general DNS services (Bunnik, Cawley, Lulqueen & Zwitter, 2016).
The major trends in cyber-security are due to threat to the privacy and the confidentiality of the
data streams. The primary challenge for the business organizations is the issue of personal
identification information and the confidentiality of the customers and the organization. The
identity fraud can result due to traffic capture and data mining. The anonymity of the users is
another issue for the organization. An organization can increase the privacy by the use of
cryptography; however, there are several issues related to the cryptographic technique. It
includes performance and scalability, protection of logical and physical fragments. Cryptography
can increase the complexity of the system and negatively impacts on the performance. Several
products and ad hoc solutions can be used instead of cryptography to increase the overall
performance of the system. There are also several issues related to the computing infrastructure
and storage models. There are several issues related to the lack of standardization and the
portability of security controls which may arise due to the poor design of the security features of
the system (Pearson & Yee, 2012).
Part 4
ENISA Threat Landscape (ETL) is an organization which identifies the threats and other
contemporary security issues with the digital system and new technologies. The organization
conducts a survey with the business managers and IT professionals in different organizations
posted at different levels. The organization can use other primary data collection methods to
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Information Security 8
access more information related to the information security risk. In the personal perception, the
organization should conduct interview with the industry experts. It will provide the customers
with in-depth information related to the information security challenges and they can also
identify solutions regarding how to address these challenges. The organization should also
conduct research on different companies in other nations regarding the information security
breach and the current breach of information. With this, the organization will have first-hand
knowledge regarding different kinds of data breach. They will also be possessing knowledge
regarding what to do in such situations (Hu, 2016).
The organization should also examine how other highly secure organizations are managing the
security of their system. The organization should identify the issues specific to the business
system and the operations of the organization. The report should also suggest the security
measures and tactics which can be used by the organization to address the situation.
Part 5
The ENISA (European Union Agency for Network and Information Security) is center
for information security network which promoted information security in the private and the
public sector organizations situated in EU and its member states. It provides recommendations
and suggestions related to information security. It also assists the member states of the Union to
develop legislations and policies to encourage information security of the business organizations.
There are several public and private sector organizations which regularly deal with highly
sensitive information; therefore, it is important that the organization have access to high level
security arrangements. Currently, cloud and big data are frequently adopted by the business
access more information related to the information security risk. In the personal perception, the
organization should conduct interview with the industry experts. It will provide the customers
with in-depth information related to the information security challenges and they can also
identify solutions regarding how to address these challenges. The organization should also
conduct research on different companies in other nations regarding the information security
breach and the current breach of information. With this, the organization will have first-hand
knowledge regarding different kinds of data breach. They will also be possessing knowledge
regarding what to do in such situations (Hu, 2016).
The organization should also examine how other highly secure organizations are managing the
security of their system. The organization should identify the issues specific to the business
system and the operations of the organization. The report should also suggest the security
measures and tactics which can be used by the organization to address the situation.
Part 5
The ENISA (European Union Agency for Network and Information Security) is center
for information security network which promoted information security in the private and the
public sector organizations situated in EU and its member states. It provides recommendations
and suggestions related to information security. It also assists the member states of the Union to
develop legislations and policies to encourage information security of the business organizations.
There are several public and private sector organizations which regularly deal with highly
sensitive information; therefore, it is important that the organization have access to high level
security arrangements. Currently, cloud and big data are frequently adopted by the business
Information Security 9
organizations as they are cost-effective method to store a large amount of information however,
with emerging technologies, the security issues also evolve (ENISA, 2016).
ENISA should be satisfied with its current state of IT security. It has been identified that the
business organizations in European Union have developed resilient methods to protect the
identity of the organization. The organization tries to maintain maximum security in private and
public organizations by implementing various security measures and other tactics. Firstly, the
organization implements regular analysis of the contemporary issues in the technological system
of the organization. The organization has implemented cloud services for the database
infrastructure and for information storage. It is a cost-effective method for information storage;
however, with its implementation several security issues have also arisen. ENISA has also
examined various methods related to IT infrastructure so that it can also uplift its current status
of security (Halpert, 2011). It is recommended that the organization should also focus on
research and development so that they can develop methods which can address the recent or
novel security breaches.
organizations as they are cost-effective method to store a large amount of information however,
with emerging technologies, the security issues also evolve (ENISA, 2016).
ENISA should be satisfied with its current state of IT security. It has been identified that the
business organizations in European Union have developed resilient methods to protect the
identity of the organization. The organization tries to maintain maximum security in private and
public organizations by implementing various security measures and other tactics. Firstly, the
organization implements regular analysis of the contemporary issues in the technological system
of the organization. The organization has implemented cloud services for the database
infrastructure and for information storage. It is a cost-effective method for information storage;
however, with its implementation several security issues have also arisen. ENISA has also
examined various methods related to IT infrastructure so that it can also uplift its current status
of security (Halpert, 2011). It is recommended that the organization should also focus on
research and development so that they can develop methods which can address the recent or
novel security breaches.
Information Security 10
References
Bunnik, A., Cawley, A., Lulqueen, M., & Zwitter, A. (2016). Big Data Challenges: Society,
Security, Innovation and Ethics. Springer.
Craig, T., & Ludloff, M. (2011). Privacy and Big Data. O'Reilly Media, Inc.
ENISA. (2016). Big Data Threat Landscape and Good Practice Guide. European Union Agency
For Network And Information Security. Retrieved On 10 September 2017 from
https://www.enisa.europa.eu/publications/bigdata-threat-landscape
Halpert, B. (2011). Auditing Cloud Computing: A Security and Privacy Guide. John Wiley &
Sons.
Hu, F. (2016). Big Data: Storage, Sharing, and Security. CRC Press.
Katsikas, S., Lambrinoudakis, C., & Furnell, S. (2016). Trust, Privacy and Security in Digital
Business: 13th International Conference, TrustBus 2016, Porto, Portugal, September 7-8,
2016, Proceedings. Springer.
Lopez, D., & Saleem, D.M.A. (2017). HCI Challenges and Privacy Preservation in Big Data
Security. IGI Global.
Mather, T., Kumaraswamy, S., & Latif, S. (2009). Cloud Security and Privacy: An Enterprise
Perspective on Risks and Compliance. "O'Reilly Media, Inc.".
Pearson, S., & Yee, G. (2012). Privacy and Security for Cloud Computing. Springer Science &
Business Media.
References
Bunnik, A., Cawley, A., Lulqueen, M., & Zwitter, A. (2016). Big Data Challenges: Society,
Security, Innovation and Ethics. Springer.
Craig, T., & Ludloff, M. (2011). Privacy and Big Data. O'Reilly Media, Inc.
ENISA. (2016). Big Data Threat Landscape and Good Practice Guide. European Union Agency
For Network And Information Security. Retrieved On 10 September 2017 from
https://www.enisa.europa.eu/publications/bigdata-threat-landscape
Halpert, B. (2011). Auditing Cloud Computing: A Security and Privacy Guide. John Wiley &
Sons.
Hu, F. (2016). Big Data: Storage, Sharing, and Security. CRC Press.
Katsikas, S., Lambrinoudakis, C., & Furnell, S. (2016). Trust, Privacy and Security in Digital
Business: 13th International Conference, TrustBus 2016, Porto, Portugal, September 7-8,
2016, Proceedings. Springer.
Lopez, D., & Saleem, D.M.A. (2017). HCI Challenges and Privacy Preservation in Big Data
Security. IGI Global.
Mather, T., Kumaraswamy, S., & Latif, S. (2009). Cloud Security and Privacy: An Enterprise
Perspective on Risks and Compliance. "O'Reilly Media, Inc.".
Pearson, S., & Yee, G. (2012). Privacy and Security for Cloud Computing. Springer Science &
Business Media.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Information Security 11
Sharvari, T., Solanki, Kumar, & Nilanjan, D. (2017). Privacy and Security Policies in Big Data.
IGI Global.
Wheeler, A., & Winburn, M. (2015). Cloud Storage Security: A Practical Guide. Elsevier.
Sharvari, T., Solanki, Kumar, & Nilanjan, D. (2017). Privacy and Security Policies in Big Data.
IGI Global.
Wheeler, A., & Winburn, M. (2015). Cloud Storage Security: A Practical Guide. Elsevier.
1 out of 11
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.