ENISA stands for European Union Agency for Network and Information Security. It is known be centre part or core of the expertise of information security of network. ENISA is responsible for the development of communities across the borders. It provides great support to the members of EU and helps to implement EU legislation. They have big data that is a huge collection of set of data. The big data is analyzed in details to find patterns. Implementation of risk management is mandatory for every organization for effective operation (Mahajan, Gaba & Chauhan, 2016).
This report discusses about the several top threats that exist in ENISA. It also talks about the most significant threat among the rest. This report points out the main threat agents (Kao et al. 2014).The case study’s overview is provided along with the security infrastructure of ENISA. Risk or threat minimization methods have also been discussed here. Improvement process of ETL is explained in brief. At the end of the report it says gives an explanation why ENISA is satisfied with its existing security infrastructure or not.
Big data is used in ENISA. Big data contains a collection of information. Data is integrated from several functional departments in order to point out any type of commonality so that customer or consumer preferences can be identified. In this case of ENISA, there are many threats of top level that are playing role (Patil & Seshadri, 2014). Big data analytics figures out the risk exposure area. Threats occur due to presence of key agents of threat. Risk management is needed for the risk mitigation purpose. There are five main groups of threats. The privacy factor of big data plays a major role which focuses on the model for potential development of risk mitigation and analysis (Patil & Seshadri, 2014). The effectiveness of ENISA will reach the highest level if they deploy proper strategy for big data analysis. Solutions that are based on information and communication technology are implemented for the purpose of minimizing the risk factor in ENISA. The operations will become effective if data and threats are managed in a proper way (Vatsalan et al., 2017). There is a gap analysis presented in this case study of ENISA. The comparison of threats with their countermeasures is done in gap analysis. Data is oriented in the traditional data threats. There needs to be replacement of the legacy system with big data. The big data architecture, environment, assets as well as taxonomy are discussed in this case study. The key agents of threats are pointed out. Cryptography is the main mitigation scheme that is deployed by ENISA. These mitigation scheme falls under the category of good practices that are present in the case study.
The main aim for protecting data is to bring about four main characteristics of data like integrity, non repudiation, availability as well as confidentiality.
Figure 1: ENISA Big Data security infrastructure diagram
(Source: Created by the author in Ms-Visio)
The diagram that is presented above depicts the security infrastructure of the big data security of ENISA. The purpose of any infrastructure of security is to process information in an efficient and safe manner (Patil & Seshadri, 2014). There are structured, unstructured as well as semi structured data. Structured data are the records in the database. Messages and logs fall under the category of messages and logs. Other forms of data are volatile and streaming data. The infrastructure consists of virtualized components, devices and hardware resources. The infrastructural model for computing and storage deals with the computational as well as storage mechanism respectively. Big data analytics deal with algorithms and protocols that help in analyzing data in an effective manner. The privacy and security techniques are used for securing the different types of asset involved in ENISA. The key agents are responsible for occurrence of threat. The security infrastructure consists of the various threat mitigation strategies that can be deployed in the organization. Cryptography is considered to be the most vital type of measure that can be taken to overcome any security issues. Encryption can be considered to be the best security method where the information is modified so that it cannot be accessed by any unauthenticated source. This plays role in the data storage layer of ENISA. Another security method is firewall. Firewall can be implemented for protecting the network of an organization from any outsider attacks (Sagiroglu & Sinanc, 2013). It plays role in the presentation layer.
The case study of ENISA has pointed out five top threat groups that are present (Wu et al., 2014). The different groups of threats are unintentional, legal, organizational, and intentional as well as hijacking and interception. The description of top threats is given as follows:
Information leakage: These type threats are unintentional in nature. There are no wrong intentions behind the leak of information in the system. The employees of a company can make a wrong entry in the database or there can be a deletion of data by mistake. This can cause problem in the future. Sometimes there can be major problem when the updated version of software is not used (Erl, Khattak & Buhler, 2016). The system administration also needs to be carried out properly to maintain system in a proper manner. Most of the threat agents are involved in this category. Data assets are affected. If the sensitive data are disclosed then this leads to major issues in organization.
Data leak via Web application: All the key threat agents are involved in this threat category. Unsecure APIs are the main cause of this type of security threat. Disclosure of sensitive data to the outside world can lead to major issues. There can be deletion as well as modification of data that can take place here.
Inappropriate Design: If any system is not designed in a proper way then it has a high probability of attracting various types of dangerous threats. There must be proper planning for the designing of infrastructure. Adaptations that are not proper can also lead to major issue. Data leakage probability increases in this manner (Kim, Trimi & Chung, 2014). Affected assets are storage infrastructure, data, software, big data as well as computational infrastructure. This can be considered to be a typical threat category in big data.
Indentify Fraud: Big data stores various information integrated from different departments. Financial information is extremely important to the organization. Big data also stores personal details. Hackers generally target this type of data to steal sensitive information for the purpose of exploiting the users. The hackers or attackers can even achieve huge power or control over the organization in this type of fraud activity. Applications and services that are associated with back end are the affected assets.
Denial of Services: This is one of the main threats of the big data. The main attacker of this threat is to consume the resources of the server by keeping it busy in different activities that are not useful in nature. The server slows down affecting the performance of the server
Malware: Malware stands for malicious software. These malicious programs are responsible for affecting the information and communication technology process and components. These malicious programs are built in order to inject in a system and harm the system. There are different types of malware like viruses, worms as well as Trojan horses. Remote attackers get the scope to access the data of a system by using the Trojan horse. Sometimes the attacker can hide their own identity to get access or control over certain credentials of the system. It has been seen that there are points that are undocumented. Attackers treat these points as backdoors to enter the system and harm the system. Web attacks are extremely harmful category of threats. Sometimes the users download a file from a website. This file can contain virus that can harm the system.
Business Process and its failure: If the business processes are mismanaged then this can cause failure of the entire process of business.
Among the top threats that have been discussed above. Most significant of all the threats is the malicious program. It is an extremely harmful type of software. It injects in the system and modifies or removes the sensitive data present there (Kshetri, 2014). Web attacks are extremely harmful category of threats. Sometimes the users download a file from a website. This file can contain virus that can harm the system. There are different types of malware like viruses, worms as well as Trojan horses. Remote attackers get the scope to access the data of a system by using the Trojan horse. Sometimes the attacker can hide their own identity to get access or control over certain credentials of the system. It has been seen that there are points that are undocumented. Attackers treat these points as backdoors to enter the system and harm the system. The worms have the capability to duplicate an existing file from the system and sending it to another system or network. This malicious attack is considered to be significant because there is a complete wrong intention behind this threat. The attacker aims to delete or misuse the information of a system or network for its own advantage. The degree of risk in this case is extremely high. This category of threat is extremely dangerous in nature. Proper implementation of protective as well as preventive measures can be incorporated in the system to resolve such issues.
The origin of any threat is due to the presence of the threat agents. The threat agents form the origin for security threats (Lu et al., 2014). Threat agents can take advantage of the weakness of the system. There are several key agents like:
Cyber criminals: These are hostile agents. They aim to access sensitive financial data of the system or network.
Cyber terrorists: They are influenced by some regional or political issue. They are responsible for harming public infrastructures as well as other sectors like telecommunication.
Corporation: Organizations that use wrong tactics become a key agent of threat.
Employees: They fall under the category of insider threat. Sometimes the employees of the company use the sensitive data and pass the data to other company or network.
Script kiddies: Scripts are developed by several attackers in order to attack the system.
Hacktivists: Some people gain motivation from political issues and try to target websites and institutes for their benefit.
Nation: Sometimes nations as well as states cause harm to any company or system.
Minimization of Impact: The most effective method for mitigating the impact is use of encryption. Algorithms of cryptography play a major role in protecting any system. Plain texts can be encrypted to protect it from other attacks. Integrity checks must be performed on a regular basis (Thuraisingham, 2015). Implementation and incorporation of security policies can be effective. The methods for controlling the access of data should be made for secured by authentication (Cardenas, Manadhata & Rajan, 2013).
Threat Probability Trend: The case study shows that every threat is associated with a probability trend. Employees are a threat agent that can cause information leak as well as other types of problem for business process failure. Corporations as well as cyber criminals are responsible for interception information (Chen, Mao & Liu, 2014). The probability of identity threat can be associated with every agents of threat. Effective organizational functioning is dependent on risk management strategy (Demchenko et al., 2013). The threat probability is increasing very fast with time.
Big data is storage of huge quantity of data. Extract, transform and load can be improved in many ways (Bansal, 2014). ETL helps in the analysis of big data. Following steps need to be taken in order to improve the process of ETL:
In case of processing data in batch leads to wastage of database storage. Storing important data can utilize the database in an optimal manner (Bansal & Kagemann, 2015). Extracting most important data will result in the improvement of the performance.
To improve the performance the method of lookup that is done one row at a time can be avoided (Baumer, 2017). This is an efficient method in comparison to bulk loading.
The satisfaction level of ENISA regarding its IT security is low. The presence of the top security threats are the main reason behind this dissatisfaction. There are many key agents of threat present in ENISA. There are unintentional and intentional threats in the system. Indentify fraud can take place where they target financial information. Other threats also exist like malware, denial of service, insider threat and legal threats. The most efficient and useful solution that can be applicable in case of ENISA is cryptography. Encrypting the important information will improve the existing security policies of the system. Implementation of firewalls can prevent the entry of any unwanted threat in the private network and also will not allow any outsider to steal data. Infiltration of network can be done by IPS. This will disallow the access of unauthorized user to access the database.
Conclusion:
This report concludes that there are many top threats that exist in ENISA. Cryptography and strong security policies can be used in order to avoid the chances of threats. This report pointed out the main threat agents. The case study’s overview is provided along with the security infrastructure of ENISA. Risk or threat minimization methods have also been discussed here.
References:
Bansal, S. K. (2014, June). Towards a semantic extract-transform-load (ETL) framework for big data integration. In Big Data (BigData Congress), 2014 IEEE International Congress on (pp. 522-529). IEEE.
Bansal, S. K., & Kagemann, S. (2015). Integrating big data: A semantic extract-transform-load framework. Computer, 48(3), 42-50.
Baumer, B. S. (2017). A Grammar for Reproducible and Painless Extract-Transform-Load Operations on Medium Data. arXiv preprint arXiv:1708.07073.
Cardenas, A. A., Manadhata, P. K., & Rajan, S. P. (2013). Big data analytics for security. IEEE Security & Privacy, 11(6), 74-76.
Chen, C. P., & Zhang, C. Y. (2014). Data-intensive applications, challenges, techniques and technologies: A survey on Big Data. Information Sciences, 275, 314-347.
Chen, M., Mao, S., & Liu, Y. (2014). Big data: A survey. Mobile Networks and Applications, 19(2), 171-209.
Demchenko, Y., Grosso, P., De Laat, C., & Membrey, P. (2013, May). Addressing big data issues in scientific data infrastructure. In Collaboration Technologies and Systems (CTS), 2013 International Conference on (pp. 48-55). IEEE.
Enisa.europa.eu. (2017). Big Data Threat Landscape — ENISA. [online] Available at: https://www.enisa.europa.eu/publications/bigdata-threat-landscape [Accessed 5 Sep. 2017].
Erl, T., Khattak, W., & Buhler, P. (2016). Big data fundamentals: concepts, drivers & techniques. Prentice Hall Press.
Guo, L., Wenqi, H., Xiaokai, Y., Fuzheng, Z., Chengzhi, C., & Shitao, C. (2016). Research and realization of improved extract–transform–load scheduler in China Southern Power Grid. Advances in Mechanical Engineering, 8(11), 1687814016679055.
Hashem, I. A. T., Yaqoob, I., Anuar, N. B., Mokhtar, S., Gani, A., & Khan, S. U. (2015). The rise of “big data” on cloud computing: Review and open research issues. Information Systems, 47, 98-115.
Kao, R. R., Haydon, D. T., Lycett, S. J., & Murcia, P. R. (2014). Supersize me: how whole-genome sequencing and big data are transforming epidemiology. Trends in microbiology, 22(5), 282-291.
Kim, G. H., Trimi, S., & Chung, J. H. (2014). Big-data applications in the government sector. Communications of the ACM, 57(3), 78-85.
Kshetri, N. (2014). Big data? s impact on privacy, security and consumer welfare. Telecommunications Policy, 38(11), 1134-1145.
Lu, R., Zhu, H., Liu, X., Liu, J. K., & Shao, J. (2014). Toward efficient and privacy-preserving computing in big data era. IEEE Network, 28(4), 46-50.
Mahajan, P., Gaba, G., & Chauhan, N. S. (2016). Big Data Security. IITM Journal of Management and IT, 7(1), 89-94.
Patil, H. K., & Seshadri, R. (2014, June). Big data security and privacy issues in healthcare. In Big Data (BigData Congress), 2014 IEEE International Congress on (pp. 762-765). IEEE.
Sagiroglu, S., & Sinanc, D. (2013, May). Big data: A review. In Collaboration Technologies and Systems (CTS), 2013 International Conference on (pp. 42-47). IEEE.
Thuraisingham, B. (2015, March). Big data security and privacy. In Proceedings of the 5th ACM Conference on Data and Application Security and Privacy (pp. 279-280). ACM.
Vatsalan, D., Sehili, Z., Christen, P., & Rahm, E. (2017). Privacy-Preserving Record Linkage for Big Data: Current Approaches and Research Challenges. In Handbook of Big Data Technologies (pp. 851-895). Springer International Publishing.
Wu, X., Zhu, X., Wu, G. Q., & Ding, W. (2014). Data mining with big data. IEEE transactions on knowledge and data engineering, 26(1), 97-107.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download