!"!"#$%& ()*+&,)-.

( /0 1$& 2)/)
!"#$%&$# ($)*+ ,$- ./01

"#$%&'( )*+*'(',* -
%.)/,')) )0',+#/$ +,1 *2"/0+& #'3./#'(',*) -
+#04/*'0*.#+& 0$,*'5* 6
"#$"$)'1 )$&.*/$, "$/,*) 7
!"#$%&%'(%)*#"+ -%) ./'/ 0 '$+ 1"#&2+3 4%22 *#' )# /4/5 6
78#%9 :/312%*) -%) ./'/ #* / 1+"%#9%; &/:%: <
='%2%:+ #*>9+3/*9 /*9 ;2#?9 "+:#?";+: 4$+"+ /11"#1"%/'+ <
.5*/3%;/225 "+8%+4 9/'/ ;2/::%@%;/'%#* 2/&+2: &/:+9 #* '"?:' 3+'"%;: A
71125 ;#*'"#2: '# /))"+)/'+ 9/'/ &/:+9 #* ;#3&%*+9 :+*:%'%8%'5 A
71125%*) '+;$*%;/2 ;#*'"#2: '# -%) ./'/ %* 2%*+ 4%'$ :+;?"%'5 3/'?"%'5 B
C$/*)+ D/*/)+3+*' E
#'0$((',1+*/$,) 89
F*:?"+ %*@"/:'"?;'?"+ 4%22 ;#1+ 4%'$ %*;"+/:+9 2#/9 GH
F*:?"+ 9/'/ %: ;2/::%@%+9 /11"#1"%/'+25 GH
F*:?"+ :5:'+3: /"+ 12/;+9 %* '$+ /11"#1"%/'+ :+;?"%'5 9#3/%* GH
F*:?"+ +@@+;'%8+ /;;+:: ;#*'"#2: GH
F*:?"+ -%) ./'/ %: $/*92+9 &5 '"/%*+9 /*/25:': GH
F*:?"+ /22 ;#33?*%;/'%#*: "+%*@#";+ '$+ +*'+"1"%:+ ;#33%'3+*' '# ;?:'#3+" 1"#'+;'%#*I
1"%8/;5I /*9 %*@#"3/'%#* :+;?"%'5 $5)%+*+ GH
Applying safeguaius to Big Bata
Jonathan Care Page 2 28/12/2013
":;<=>? )@A@>?>B@
Enteipiises aie becoming awaie of the powei anu magnituue of the infoimation
that is available to them. Bubbeu "Big Bata", this ocean of uata suiiounus anu
peimeates the enteipiise, anu iequiies new piocessing methous to gain
unueistanuing anu insight, calleu "Big Analytics". Big Bata comes fiom
aggiegating anu coiielating uata souices that pieviously may have seemeu of
little value, anu uses statistical analysis methous to highlight tienus. Big Bata anu
Big Analytics piesent fiesh challenges to the infoimation secuiity piactitionei in
safeguaiuing these new uata souices, pieseiving piivacy, anu incoipoiating new
souices of infoimation secuiity thieat into the existing enteipiise iisk anu
intelligence mouel.
%CDEB>DD )F>BA:E; ABG *HIEFA= #>JCE:>?>B@D
As the complexity of the oveiall IT aichitectuie giows, incoipoiating new anu
existing (plus legacy) applications into its oveiall integiation "mix", a wealth of
tiansactional uata becomes available. This incluues machine-to-machine, human-
to-machine, anu even human-to-human infoimation. Coupleu with exteinal
souices such as social meuia, this can pioviue insight anu uecision suppoit
acioss a vaiiety of inuustiies, incluuing consumei finance, ietail, anu
telecommunications. Infoimation Secuiity piactitioneis aie facing an emeiging
awaieness that this uata, pieviously consiueieu eithei unimpoitant oi "toxic
waste" now has a stiategic value to the enteipiise anu thus must be safeguaiueu
appiopiiately.
Bata souices aie many anu vaiieu, anu may incluue both inteinal anu exteinal
feeus, foi example:
Application uata Physical Secuiity
Tiansaction Bata uPS
NetFlowFiiewall logs ABLBAP & BNSBBCP
vPN Social Neuia
It is cleai fiom obseiving the example uata souices above, that much of the
infoimation in the analyst's scope will have at the veiy least a peisonal
iuentifiable infoimation (PII) chaiacteiistic to it. Potentially, application uata
coulu incluue uata subject to specific compliance iegimes such as PCI-BSS,
Saibanes-0xley, Basel, oi otheis.
Big Bata is uefineu as a "thiee-v" pioblem, that is:
Big volume - moie than can be hanuleu by tiauitional SQL baseu
uatabase management technology. 0ne of the chaiacteiistics of the Big
Analytics piocess is to embiace the uata set as a whole, iathei than taking
a sample fiom it.
Big velocity - styleu as "uiinking fiom the fiie hose", inuicates that the
stieam of uata is constant anu iapiu
Applying safeguaius to Big Bata
Jonathan Care Page 3 28/12/2013
Big vaiiety - uata is fiom a !"#$%&' )* +),#-%+. anu incluues both +&#,-&,#%/
anu ,01+&#,-&,#%/ elements. Bata also has a vaiiety of &#,+&, in that much
of the infoimation is exteinal anu contiol ovei the authoiity mouel is
limiteu, if not in fact zeio. The business is faceu with the challenge of
whethei the infoimation is sufficiently tiustwoithy to make a uecision
baseu upon it.
It becomes cleai fiom this example that one constiaint on the success of Big Bata
in the enteipiise is the quality of the Big Analytics that can be applieu to it. No
venuoi on the maiket is making a claim to ieuuce the uemanus foi stiong
analytical anu statistical skills fiom the human analysts who aie iesponsible foi
piouucing actionable intelligence (An SIEN venuoi, Splunk have stateu that "The
Easy Button uoes not exist!"
1
). The eiiois of false coiielationcausation, null
hypothesis eiiois (both false positive anu false negative) aie well known in
many fielus.
When examining the IT secuiity fielu, it can be seen that Big Bata anu Big
Analytics aie emeiging in uata-intensive fielus, most notably in the fielu of Log
management anu SIEN. Next geneiation SIENs aie being biought to maiket
unuei the umbiella of F*'+"1"%:+ J+;?"%'5 K*'+22%)+*;+ - the collection of uata
fiom all IT systems in the enteipiise that coulu be secuiity ielevant anu the
application of the secuiity teams' knowleuge anu skill, iesulting in "%:L
"+9?;'%#*.
Seveial challenges have been iuentifieu with tiauitional SIEN. The SANS log
management suivey (2u12)
2
iuentifieu the top challenges in log management as:
1. Iuentification of key events fiom noimal backgiounu activity
2. Coiielation of infoimation fiom multiple souices to meet complex thieats
S. Lack of analytics capabilities
4. Bata noimalisation at collection
In 2uuS, Einst & Young stateu, "Noie than S4% of oiganizations iate themselves
as less than auequate in theii ability to ueteimine whethei theii systems aie
cuiiently unuei attack".
S
In 2u12, theii comment was "Nany oiganizations aie
still having uifficulty finuing secuiity bieaches anu piopeily logging them".
4
This
suggests that uespite consiueiable effoit on the pait of venuois, IT secuiity
piactitioneis, anu integiatois, this pioblem is still extant anu not solveu.

1
https:www.biighttalk.comwebcast288S149S
2
http:www.sans.oigpiessevent-management-suivey-iesults.php
S
http:www.secuiitymanagement.comaichivelibiaiyEY_Suivey11uS.puf
4

http:www.ey.comPublicationvwL0AssetsFighting_to_close_the_gap:_2u12_ulobal_Infoimati
on_Secuiity_Suivey$FILE2u12_ulobal_Infoimation_Secuiity_Suivey___Fighting_to_close_the_ga
p.puf
Applying safeguaius to Big Bata
Jonathan Care Page 4 28/12/2013
+:FKE@>F@C:A= 0;B@>L@
In oiuei to effectively utilise anu safeguaiu Big Bata, it is impoitant to be able to
place this not only within the context of a secuiity impiovement piogiamme but
also within the secuiity aichitectuie. The specifics of secuiity aichitectuie will
be baseu on the inuiviuual iequiiements of the enteipiise anu the IT seivices
ueliveieu, anu also on the capability matuiity of the enteipiise at a point in time.
As a cautionaiy note, it is impoitant that a iealistic pictuie of the enteipiise's
matuiity as iegaius infoimation secuiity is measuieu anu unueistoou.
0nueistating the enteipiise matuiity leaus to a lack of confiuence in the ability
to uelivei anu opeiate, while oveistatement leaus to embaikation on ambitious
piojects, with ovei-ieliance on venuois, ultimately leauing to abiogation of
leaueiship in the ueliveiy context.
Specific points in the secuiity aichitectuie that will uiiectly suppoit the
uevelopment anu ueliveiy of Big Bata (anu Big Analytics) capability incluue:
1. Effective Infoimation Lifecycle Nanagement, in paiticulai 9/'/
;2/::%@%;/'%#*. This shoulu answei the following questions, which will
iuentify key infoimation assets:
a. What uata is available.
b. Wheie is it locateu.
c. What access levels aie cuiiently implementeu.
u. What piotection level is implementeu anu uoes it auheie to
ielevant compliance iegulations.
2. M+21 N/*9 *#' $%*9+"O 1"%8/;5 /*9 #'$+" ;#312%/*;+ +@@#"':P A Big
Bata capability will piocess sensitive employee anu customei-ielateu
infoimation, theiefoie in auuition to the usual access contiols anu uata
safeguaius, it is impoitant to consiuei the effect of this capability on
employee moiale, management uecisions, anu inueeu on bianu iuentity.
In paiticulai, a secuiity intelligence capability shoulu not be useu insteau
of effective management communications, employee leaueiship anu
woikplace ethics; insteau it shoulu suppoit anu enfoice stiong piactices
in these aieas.
S. 7%9 "+)?2/'#"5 "+1#"'%*)P Big Bata shoulu pioviue actionable iepoits
that impiove the enteipiise compliance stance.
4. Q1+"/'+ 4%'$%* 3?2'%12+ KR :+;?"%'5 9#3/%*:P Big Bata will gathei
infoimation fiom a vaiiety of souices, each souice with a vaiying uegiee
of confiuence Secuiity intelligence shoulu be able to consume anu iate
infoimation fiom all IT secuiity uomains, anu incoipoiate the tiust level
of the secuiity uomain as a factoi. Foi example, coiielation of sentiment
on twittei in the time fiame befoie an attack on the enteipiise also
coiielateu with maiketing anu sales campaigns.
S. K*;#"1#"/'+ 2+::#*: 2+/"*+9 /*9 &+:' 1"/;'%;+:I &#'$ %*'+"*/225 /*9
+S'+"*/225P The SANS log management suivey iefeienceu above ieveals
seveial key iequiiements that may be expecteu of a secuiity intelligence
piogiamme. In paiticulai, effective secuiity intelligence iequiies iaw uata
that has not been subject to noimalising at the point of collection.
Availability of this iaw uata allows foi ietiospective analysis of inciuent
Applying safeguaius to Big Bata
Jonathan Care Page 5 28/12/2013
uata, anu coiielation anu analysis with pieviously unavailable
infoimation souices.
":;I;D>G );=C@E;B ";EB@D
Big Bata Analytics aie being auopteu as uecision suppoit tools acioss many
business stieams. As an example, Wonga is a shoit-teim consumei finance
company that has stateu that consumei biowsei habits aie tiackeu minutely,
anu that these aie coiielateu with othei Big Bata souices to pieuict anu measuie
iisk of loan uefault
S,6,7
. Similaily, it has emeigeu that online ietail titan Amazon
tiacks consumei activity to aujust anu optimise piicing of its piouucts to meet
uemanu
8
. It is notable that Amazon foiums themselves now constitute a iich vein
of social meuia infoimation, offeieu as a piouuct by aggiegatois.
Big Bata aggiegation has spiung up as a iesponse to the incieasing uemanus on
the social meuia platfoims to pioviue feeus consumable by the enteipiise. Two
of the maiket leaueis in this aiea aie )*%1 (www.gnip.com) anu ./'/J%@'
(www.uatasift.com). The aggiegatois auu value to theii co-opeiating uata
souices by acting as a buffei between the souice anu the consuming enteipiise,
anu auu value to the consuming enteipiise by pioviuing not only the Big Bata
feeus fiom a single API, but also a uegiee of eniichment, such as uemogiaphics,
genuei, tienus, sentiment, entity analysis, anu Klout scoie
9
.
It is a ceitain fact that Big Bata is at veiy least a uiscussion point within the
enteipiise. Naiketing, sales anu customei seivices aie coipoiately awaie of the
benefits anu challenges of social meuia, anu on an inuiviuual level, most have
expeiimenteu with Twittei, Facebook, anu othei social meuia platfoims.
Theiefoie, the challenge to the infoimation secuiity piofessional is how to apply
goveinance anu safeguaius to these new uata souices, anu the piogiammes,
applications anu business piocesses consuming them.
":;KE<E@MENB;:> %EN 1A@A O @K> I:;<=>? PE== B;@ N; APAH
The tiivial solution is to foibiu the use of social meuia within the enteipiise. This
is unlikely to be successful as it goes against the ethos of the infoimation secuiity
team as a iisk-focuseu enablei, anu can be seen as un-coopeiative anu not
aligneu with business neeus. In similai vein, not engaging with pioject teams
exploiing Big Bata possibilities uenies the oppoitunity to engage at eaily stages

S
http:www.stanuaiu.co.uklifestylelonuon-lifethe-two-main-aspects-of-my-life-aie-ait-anu-
big-uata-meet-jonty-huiwitz-the-geek-sculptoi-who-founueu-wonga-861S219.html
6
http:panuouaily.com2u12u227big-uata-machine-leaining-scaieu-banks
7

http:www.slate.comaiticlestechnologyfutuie_tense2u1Su1wonga_lenuuo_lenuup_big_u
ata_anu_social_netwoiking_banking.html
8
http:online.wsj.comaiticleSB1uuu1424127887S2S7772u4S78189S9181S881SS4.html
9
A measuie of influence in Social Neuia. While its accuiacy iemains a subject of consiueiable
uebate amongst social meuia uata scientists, it iemains a uefinitive measuie. See www.klout.com
Applying safeguaius to Big Bata
Jonathan Care Page 6 28/12/2013
of the pioject anu pioviue effective guiuance in uata goveinance, theieby stoiing
up infoimation secuiity management issues foi the futuie.
In auuition, fiom the authoi's peisonal expeiience, theie is no uoubt that bau
actois uo use social meuia to communicate, piomote anu co-oiuinate both
physical anu online attacks, anu this valuable open-souice thieat intelligence
shoulu not be lightly uismisseu.
+Q;EG DA?I=EBN %EN 1A@A ;B A I>:E;GEF <ADED
The analyst can of couise sample big Bata souices peiiouically oi even manually,
which is tiue foi both inteinal anu exteinal uata souices. Bowevei, uue to the
high iate anu volume of Big Bata this is unlikely to give an accuiate
iepiesentation of the infoimation stieam. As uesciibeu Big Bata souices can be
both inteinal anu exteinal to the enteipiise, anu each of these souices aie
themselves composeu of many contiibutois, each of whom will vaiy in the
ielevance anu ieliability of theii output to a paiticulai Big Analytics exeicise. In a
iecent Stiata confeience
1u
, a stiong iecommenuation was maue to obtain anu
cieate complete uata volumes that can be piocesseu anu analyseu at scale. The
puipose of this "sampling is ueau" methouology is to captuie the "outlieis", those
uata sets that exist at highei levels of stanuaiu ueviation (typically 2.S stu uevs
oi above) anu inuicate inteiesting iesults. Because of theii ielative scaicity,
these have been iemoveu fiom the uata in the sampling anu noimalisation
piocess.
A pievailing question in IT iisk management is the likelihoou of a paiticulai
secuiity event oi class of events. This becomes impoitant when consiueiing the
toleiance of the enteipiise to veiy low-likelihoou, business-thieatening
inciuents. Secuiity intelligence by its natuie puipoits to give insights into the
actual iisk exposuie by ueteimining patteins of behaviouis behinu activities anu
aleiting appiopiiately. Bowevei ueteimining the impact anu likelihoou of "black
swan" events (high impact, low likelihoou) is one that will iequiie skilleu analyst
input - uue to the natuie of such an event, statistical infoimation is iaiely
available.
.@E=ED> ;BRG>?ABG ABG F=;CG :>D;C:F>D PK>:> AII:;I:EA@>
It is tempting, especially when consiueiing the value of exteinal Big Bata feeus,
to aichive eveiything inteinally as one woulu when iecoiuing othei Big Bata
souices (foi example, NetFlow uata). 0ne ieason foi this is the iequiiement to be
able to inteipolate iaw uata obtaineu pieviously with fiesh infoimation, known
as the "colu case" scenaiio. Bata Aggiegatois such as BataSift typically pioviue
not only live queiies but also histoiic queiies, allowing the analyst to ietiieve a
uataset at a pievious point in time.

1u
http:stiata.oieilly.com2u11uSoutlieis-coexistence-big-uata.html
Applying safeguaius to Big Bata
Jonathan Care Page 7 28/12/2013
The 0K goveinment has maue a conscious piactice to expose its public-sectoi
Big Bata sets that aie not piotectively maikeu to uata analysts. In a stuuy
11
,
Stephan Shakespeaie, chaiiman of the 0K uoveinment Bata Stiategy Boaiu,
outlines iecommenuations foi how the Biitish can best use public sectoi
infoimation to impiove goveinment seivices anu unlock economic giowth. It
coulu also be iaw mateiial foi futuie inuustiies stating, "If we'ie clevei heie,
theie's no ieason why the next uoogle can't come fiom the 0.K." The stuuy also
outlines how the 0K goveinment can make best use of the massive uata collecteu
fiom the public anu geneiate useful uata applications, an example being live uata
pioviueu by Tianspoit foi Lonuon allowing commuteis to bettei plan theii
tiavel.
When examining the case foi Enteipiise Secuiity Intelligence, an evei-piesent
challenge to any enteipiise is the uata itself; incieasingly the enteipiise iuns the
iisk of being oveiwhelmeu by the sheei volume of uata that may pioviue
valuable opeiational anu secuiity infoimation. This stiuggle is at the heait of the
'big uata' issue that has been iecently expiesseu. A similai stiuggle exists with
the uiive to pioviue timely actionable intelligence fiom this volume of uata, anu
hence the giowth of "next geneiation" SIEN, pioviuing secuiity intelligence.
1HBA?EFA==H :>QE>P GA@A F=ADDESEFA@E;B =A<>=D <AD>G ;B @:CD@ ?>@:EFD
0vei time, the ieliability anu ielevance of uata souices in the Big Bata mouel will
change. It is theiefoie impoitant that the analytics piocess pioviue a feeuback
mouel to allow tiust metiics to be feu back into the uecision mouel.
Bata may be acquiieu fiom a numbei of souices both inteinal anu exteinal to the
enteipiise. It shoulu also be noteu that a secuiity intelligence package can use
access iequests to itself as an input item, thus pioviuing a measuie of useful self-
piotection.
+II=H F;B@:;=D @; ANN:>NA@> GA@A <AD>G ;B F;?<EB>G D>BDE@EQE@H
The appaient sensitivity of uata feeus vaiies fiom veiy low to veiy high.
Bowevei, when aggiegateu anu combineu into a uesciiptive timeline by a
tiaineu analyst, theie is a cleai iequiiement foi stiong infoimation piotection
iequiiements. 0sing the classical Confiuentiality-Integiity-Availability mouel,
then it can be simply stateu as follows:
R/&2+ G ./'/ 7::?"/*;+ "+T?%"+3+*':
./'/ %'+3 C#*@%9+*'%/2%'5 K*'+)"%'5 78/%2/&%2%'5
.%:;"+'+ 9/'/ "+;#"9 vaiies vaiies vaiies
7))"+)/'+ 9/'/:+' Bigh Bigh Neuium
7*/25:' "+1#"': Bigh Bigh Neuium
K*;%9+*' "+:#2?'%#* "+1#"': Bigh Bigh Neuium

11
https:www.gov.ukgoveinmentpublicationsshakespeaie-ieview-of-public-sectoi-
infoimation
Applying safeguaius to Big Bata
Jonathan Care Page 8 28/12/2013

The ieasoning behinu this is that once aggiegateu, much of the uata will foim a
usei-centiic timeline, uetailing the activity of human actois thiough the IT
systems in the enteipiise. This will incluue customei activity, employee actions,
as well as malfeasance on the pait of exteinal attackeis anu uisgiuntleu insiueis.
The neeu foi piivacy (that is, confiuentiality) of this uata is theiefoie high, anu
goveineu by vaiious iegulations (foi example, the 0K Bata Piotection Act, anu in
the case of 0S meuical infoimation, the Bealth Insuiance Poitability anu
Accountability Act).
0ne of the piime goals foi a secuiity intelligence piogiamme is iisk ieuuction,
accomplisheu thiough actions emanating fiom analyst iepoits. Some actions will
be ielatively low-impact (foi example, "install malwaie tools on BY0B laptops at
no chaige") otheis may involve significant inciuent iesponse inteivention anu
liaison with law enfoicement, at fai highei cost. It is expecteu anu assumeu that a
functioning secuiity intelligence system will pioviue eaily inteiventions to limit
uamage anu contiol behaviouis so that fuithei moie uiastic inteiventions will be
less iequiieu, thus pioviuing a cost benefit.
+II=HEBN @>FKBEFA= F;B@:;=D @; %EN 1A@A EB =EB> PE@K D>FC:E@H ?A@C:E@H
Seveial solutions exist to the challenge of safeguaiuing secuiity intelligence
souice uata, iesultant analysis, anu aichiveu infoimation. The enteipiise can
make an explicit choice, baseu on iisk analysis of theii enviionment, not to
safeguaiu piivacy oi implement specific infoimation assuiance contiols. This
may be a sign of the ielatively stable anu low-iisk natuie of the business stieams
the enteipiise is engageu in, oi peihaps is a sign of the ielative immatuiity of the
enteipiise with iegaius to secuiity awaieness.
Infoimation assets in scope will incluue both input anu output uata iesouices as
uesciibeu above, anu will iequiie uiligent iole-baseu access contiols foi analysts,
inciuent iesponueis, IT auministiatois, iisk manageis, anu IT executive
management, all of whom will have uiffeient infoimational neeus fiom the
system. Piotection of uata in tiansit (stieam-baseu ciyptogiaphic systems) is
unlikely to geneiate new iequiiements as a iesult of ueploying a Big Bata system
as uesciibeu, howevei it shoulu be iecogniseu that existing uata assets that
become inputs to the system may have intiinsic piotection iequiiements as a
iesult of enteipiise uata classification iules oi ovei-aiching iegulatoiy
fiamewoiks.
0nce aggiegateu (oi collecteu) appiopiiate measuies shall be useu to piotect
uata in stoiage. Since Big Bata Analytics iequiies puie "iaw" uata to be
pieseiveu, the most appiopiiate piotection mechanism is a ciyptogiaphic one,
as opposeu to one using tokenisation oi tiuncation. It must be emphasiseu that
while ciyptogiaphic techniques aie ielatively easy to apply, the fiist-time
enteipiise auoptei faces opeiational key management challenges, anu best
piactice guiuelines such as IS011S68 (foi financial seivices) anu IS01177u (as a
moie geneial mouel) aie iecommenueu.
Applying safeguaius to Big Bata
Jonathan Care Page 9 28/12/2013
0KABN> (ABAN>?>B@
Anothei uecision point to be maue when ueploying Big Bata Analytics is how to
communicate the change to stakeholueis. Both employee anu customei uata is in
scope of enteipiise secuiity intelligence piogiammes, anu theie is a iisk of
significant negative sentiment, with the accompanying iisk of bianu uamage anu
loweieu employee moiale, shoulu this be seen as intiusive on piivacy. Nany
enteipiises consiueiing the auoption of this technology will be opeiating in a
tightly iegulateu anu contiolleu enviionment such as financial seivices, anu thus
the change in management style anu woiking conuitions will be minoi. Nany
online seivices fiom ietail to consumei finance make no seciet of the extensive
tiacking of customei activity to uiive business piocesses, howevei the all-
inclusive use of Big Bata analytics specifically to enfoice anu limit bieach
uamage anu othei attacks may cieate concein. It is iecommenueu that
ueployment of Enteipiise Secuiity Intelligence is pioactively championeu by
executive management as pait of the enteipiise commitment to customei safety
anu piivacy, anu to assist the employees of the enteipiise in uefenuing against
bau actois, anu that the contiols ovei stoieu uata will enhance employee piivacy,
iathei than lessen it.

Applying safeguaius to Big Bata
Jonathan Care Page 10 28/12/2013
#>F;??>BGA@E;BD
'BDC:> EBS:AD@:CF@C:> PE== F;I> PE@K EBF:>AD>G =;AG
By its natuie, laige amounts of uata will be tiansmitteu anu stoieu in a cential
point. This will place highei loau on netwoiking anu seiveistoiage components,
possibly iequiiing incieaseu use of uiiect attacheu stoiage (BAS), ueuicateu
netwoik topology, anu highei thioughput components such as iouteis anu
fiiewalls.
'BDC:> GA@A ED F=ADDESE>G AII:;I:EA@>=H
Bata will be gatheieu fiom uiveise souices anu ie-puiposeu to pioviue
actionable intelligence anu uecision suppoit. In oiuei to uevise appiopiiate
safeguaius, this uata must be classifieu effectively. Caie must be given to
consiuei the aggiegate effect of new uatasets gaineu by combining pieviously
uispaiate anu appaiently unielateu uata sets.
'BDC:> DHD@>?D A:> I=AF>G EB @K> AII:;I:EA@> D>FC:E@H G;?AEB
Since all infoimation within the enteipiise can be consiueieu to be potentially
within the scope of the Big Bata Analytical piocess, the systems shoulu be placeu
in the high secuiity uomain, with iestiictions anu technical contiols applieu in
line with enteipiise secuiity policies.
'BDC:> >SS>F@EQ> AFF>DD F;B@:;=D
The infoimation caiiieu within a Big Bata system is ueemeu highly sensitive.
Theiefoie caie shoulu be taken to ensuie that access is gianteu on a "least
piivilege iequiieu" basis, with sepaiation of uuties wheievei possible. Role
baseu access contiols must be uefineu foi IT executive management, inciuent
iesponueis, IT system auministiatois, Risk manageis, anu auuitois, anu foi any
othei ioles with a legitimate business neeu to ueiive output fiom the secuiity
intelligence system.
'BDC:> %EN 1A@A ED KABG=>G <H @:AEB>G ABA=HD@D
Nuch of the analytical piocess is baseu aiounu the use of statistical methous to
ueteimine piobability. uiven the ielative new maiket piesence fiom venuois, it
is assumeu that the iequiiement foi tiaineu uata scientists to pioviue infoimeu
input anu analysis is accuiate. Becision suppoit tools will neeu to make finely
balanceu uecisions to avoiu blocking valiu, but unusual actions by bona fiue
actois. Theiefoie, it is impoitant that inexpeiienceu staff not intiouuce statistical
eiiois anu flaws.
'BDC:> A== F;??CBEFA@E;BD :>EBS;:F> @K> >B@>:I:ED> F;??E@?>B@ @;
FCD@;?>: I:;@>F@E;BT I:EQAFHT ABG EBS;:?A@E;B D>FC:E@H KHNE>B>
As with any technical measuie intenueu to impiove enteipiise infoimation
secuiity postuie, it shoulu be ueployeu as an aujunct to an impiovement in
piocess anu awaieness. uiven the wiue-ianging scope of Big Bata, it is stiongly
iecommenueu that the coiiesponuing communication, euucation anu awaieness
piogiamme be equally wiue ianging.