Top Ten Security and Privacy Challenges for Big Data and Smartgrids. Arnab Roy Fujitsu Laboratories of America

Size: px
Start display at page:

Download "Top Ten Security and Privacy Challenges for Big Data and Smartgrids. Arnab Roy Fujitsu Laboratories of America"

Transcription

1 1 Top Ten Security and Privacy Challenges for Big Data and Smartgrids Arnab Roy Fujitsu Laboratories of America

2 2 User Roles and Security Concerns [SKCP11] Users and Security Concerns [SKCP10] Utilities: Consumers 3 rd Party Service Providers Data Leakage Consumer trust, Regulatory compliance Data Leakage Behavior monitoring, industrial espionage Data/Platform Sharing Internal algorithms, Data Data Modification Power billing, Grid operation Data Modification Power usage measurement, Pricing Access Diversity Regulatory compliance, Platform integration Data Platform Sharing Pricing/Forecast algorithms

3 3 Data Characteristics & S&P Issues [SKCP11] Data Characteristics & Security/Privacy Issues Data Diversity Data Granularity Data Transformation Data Access & Sharing Data Archival Direct & Indirect Data Types Data Size Multi-owner data aggregation Shared repositories Data size growth Distributed Sources Data Collection Rates Integrating private & public data Individual access control Policy & technology evolution Diverse Ownership Access Control Granularity Current & legacy data sources Dynamic policies & latency Longer, wider attack exposure Heterogeneous Cloud Storage Services Security enforcement cost/latencies Intent of use & Audit trail Multiple jurisdiction

4 4 Top 10 Challenges Identified by CSA BDWG 1) Secure computations in distributed programming frameworks 2) Security best practices for non-relational datastores 3) Secure data storage and transactions logs 4) End-point input validation/filtering 5) Real time security monitoring 6) Scalable and composable privacy-preserving data mining and analytics 7) Cryptographically enforced access control and secure communication 8) Granular access control 9) Granular audits 10) Data provenance 4, 10 4, 8, 9 1, 3, 5, 6, 7, 8, 9, 10 Data Storage Public/Private/Hybrid Cloud 5, 7, 8, , 3, 5, 8, 9

5 5 Top 10 Big Data S&P Challenges Infrastructure security Data Privacy Data Management Integrity and Reactive Security Secure Computations in Distributed Programming Frameworks Privacy Preserving Data Mining and Analytics Secure Data Storage and Transaction Logs End-point validation and filtering Security Best Practices for Non- Relational Data Stores Cryptographically Enforced Data Centric Security Granular Audits Real time Security Monitoring Granular Access Control Data Provenance

6 Secure Computation in Distributed Programming Frameworks 6 Application Computation Infrastructure Malfunctioning compute worker nodes Access to sensitive data Trust establishment: initiation, periodic trust update Mandatory access control Privacy of output information Privacy preserving transformations

7 7 Security Best Practices for Non Relational Data Stores Data from Diverse Appliances and Sensors Lack of stringent authentication and authorization mechanisms Lack of secure communication between compute nodes Enforcement through middleware layer Passwords should never be held in clear Encrypted data at rest Protect communication using SSL/TLS Copyright 2013 FUJITSU LIMITED

8 8 Secure data storage and transaction logs Consumer Data Archive Data Confidentiality and Integrity Availability Consistency Collusion Encryption and Signatures Proof of data possession Periodic audit and hash chains Policy based encryption

9 9 End-point Input Validation / Filtering Adversary may tamper with device or software Tamper-proof Software Data Poisoning Adversary may clone fake devices Adversary may directly control source of data Trust Certificate and Trusted Devices Analytics to detect outliers Adversary may compromise data in transmission Cryptographic Protocols Copyright 2013 FUJITSU LIMITED

10 10 Real-time Security Monitoring Fraud Detection Security of the infrastructure Security of the monitoring code itself Security of the input sources Adversary may cause data poisoning Discussed before Secure coding practices Discussed before Analytics to detect outliers Copyright 2013 FUJITSU LIMITED

11 Scalable and Composable Privacy-Preserving Data Mining and Analytics 11 Consumer Data Privacy Exploiting vulnerability at host Insider threat Outsourcing analytics to untrusted partners Unintended leakage through sharing of data Encryption of data at rest, access control and authorization mechanisms Separation of duty principles, clear policy for logging access to datasets Awareness of reidentification issues, differential privacy Copyright 2013 FUJITSU LIMITED

12 12 Cryptographically Enforced Data Centric Security How do we enforce the protection of data end to end? Enforcing access control Identity and Attribute-based encryptions Data Integrity and Privacy Search and filter Outsourcing of computation Encryption techniques supporting search and filter Fully Homomorphic Encryption Integrity of data and preservation of anonymity Group signatures with trusted third parties Copyright 2013 FUJITSU LIMITED

13 13 Granular Access Control Keeping track of secrecy requirements of individual data elements Pick right level of granularity: row level, column level, cell level Data Privacy Maintaining access labels across analytical transformations At the minimum, conform to lattice of access restrictions. More sophisticated data transforms are being considered in active research Keeping track of roles and authorities of users Authentication, authorization, mandatory access control Copyright 2013 FUJITSU LIMITED

14 14 Granular Audits Audit of usage, pricing, billing Completeness of audit information Timely access to audit information Integrity of audit information Authorized access to audit information Infrastructure solutions as discussed before. Scaling of SIEM tools. Copyright 2013 FUJITSU LIMITED

15 15 Data Provenance Secure collection of data Authentication techniques Keeping track of ownership of data pricing, audit Consistency of data and metadata Insider threats Message digests Access Control through systems and cryptography Copyright 2013 FUJITSU LIMITED

16 Thank You 16

Arnab Roy Fujitsu Laboratories of America and CSA Big Data WG

Arnab Roy Fujitsu Laboratories of America and CSA Big Data WG Arnab Roy Fujitsu Laboratories of America and CSA Big Data WG 1 The Big Data Working Group (BDWG) will be identifying scalable techniques for data-centric security and privacy problems. BDWG s investigation

More information

Arnab Roy Fujitsu Laboratories of America and CSA Big Data WG

Arnab Roy Fujitsu Laboratories of America and CSA Big Data WG Arnab Roy Fujitsu Laboratories of America and CSA Big Data WG 1 Security Analytics Crypto and Privacy Technologies Infrastructure Security 60+ members Framework and Taxonomy Chair - Sree Rajan, Fujitsu

More information

NIST Big Data Public Working Group

NIST Big Data Public Working Group NIST Big Data Public Working Group Requirements May 13, 2014 Arnab Roy, Fujitsu On behalf of the NIST BDWG S&P Subgroup S&P Requirements Emerging due to Big Data Characteristics Variety: Traditional encryption

More information

Moderator: Panelists: Panel #2 Big Data: Application Security and Privacy. Keith Swenson, VP of Research and Development, Fujitsu America, Inc.

Moderator: Panelists: Panel #2 Big Data: Application Security and Privacy. Keith Swenson, VP of Research and Development, Fujitsu America, Inc. Panel #2 Big Data: Application Security and Privacy 2:15 PM 3:00 PM Moderator: Keith Swenson, VP of Research and Development, Fujitsu America, Inc. Panelists: Taka Matsutsuka, Researcher, Fujitsu Laboratories

More information

A Study on Security and Privacy in Big Data Processing

A Study on Security and Privacy in Big Data Processing A Study on Security and Privacy in Big Data Processing C.Yosepu P Srinivasulu Bathala Subbarayudu Assistant Professor, Dept of CSE, St.Martin's Engineering College, Hyderabad, India Assistant Professor,

More information

Top Ten Big Data Security and Privacy Challenges

Top Ten Big Data Security and Privacy Challenges Top Ten Big Data Security and Privacy Challenges November 2012 2012 Cloud Security Alliance All Rights Reserved All rights reserved. You may download, store, display on your computer, view, print, and

More information

Cloud Data Security. Sol Cates CSO @solcates scates@vormetric.com

Cloud Data Security. Sol Cates CSO @solcates scates@vormetric.com Cloud Data Security Sol Cates CSO @solcates scates@vormetric.com Agenda The Cloud Securing your data, in someone else s house Explore IT s Dirty Little Secret Why is Data so Vulnerable? A bit about Vormetric

More information

Security Infrastructure for Trusted Offloading in Mobile Cloud Computing

Security Infrastructure for Trusted Offloading in Mobile Cloud Computing Security Infrastructure for Trusted Offloading in Mobile Cloud Computing Professor Kai Hwang University of Southern California Presentation at Huawei Forum, Santa Clara, Nov. 8, 2014 Mobile Cloud Security

More information

CPSC 467: Cryptography and Computer Security

CPSC 467: Cryptography and Computer Security CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 1 September 2, 2015 CPSC 467, Lecture 1 1/13 Protecting Information Information security Security principles Crypto as a security

More information

BlackRidge Technology Transport Access Control: Overview

BlackRidge Technology Transport Access Control: Overview 2011 BlackRidge Technology Transport Access Control: Overview 1 Introduction Enterprises and government agencies are under repeated cyber attack. Attacks range in scope from distributed denial of service

More information

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But it s

More information

Securing Big Data Learning and Differences from Cloud Security

Securing Big Data Learning and Differences from Cloud Security Securing Big Data Learning and Differences from Cloud Security Samir Saklikar RSA, The Security Division of EMC Session ID: DAS-108 Session Classification: Advanced Agenda Cloud Computing & Big Data Similarities

More information

A Highlight of Security Challenges in Big Data

A Highlight of Security Challenges in Big Data A Highlight of Security Challenges in Big Data Eweka Raphael Osawaru MSc-MBIS Student School of Engineering & Computing Sciences University of East London - FTMS College Technology Park Malaysia Bukit

More information

Using Data Encryption to Achieve HIPAA Safe Harbor in the Cloud

Using Data Encryption to Achieve HIPAA Safe Harbor in the Cloud Using Data Encryption to Achieve HIPAA Safe Harbor in the Cloud 1 Contents The Obligation to Protect Patient Data in the Cloud................................................... Complying with the HIPAA

More information

NSF Workshop on Big Data Security and Privacy

NSF Workshop on Big Data Security and Privacy NSF Workshop on Big Data Security and Privacy Report Summary Bhavani Thuraisingham The University of Texas at Dallas (UTD) February 19, 2015 Acknowledgement NSF SaTC Program for support Chris Clifton and

More information

Agenda 4/21/2015. 1. Big Data Level Set 2. Who are we? 3. What do we do? 4. What have we done so far? 5. What are we working on? 6.

Agenda 4/21/2015. 1. Big Data Level Set 2. Who are we? 3. What do we do? 4. What have we done so far? 5. What are we working on? 6. Wilco van Ginkel, Co-Chair BDWG Agenda 1. Big Data Level Set 2. Who are we? 3. What do we do? 4. What have we done so far? 5. What are we working on? 6. Q&A 1 Big Data Level Set 2 Word on the street Sliding

More information

Information Security Basic Concepts

Information Security Basic Concepts Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,

More information

MANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE

MANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But

More information

Information Security in Big Data using Encryption and Decryption

Information Security in Big Data using Encryption and Decryption International Research Journal of Computer Science (IRJCS) ISSN: 2393-9842 Information Security in Big Data using Encryption and Decryption SHASHANK -PG Student II year MCA S.K.Saravanan, Assistant Professor

More information

FileCloud Security FAQ

FileCloud Security FAQ is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file

More information

NoSQL Database Systems and their Security Challenges

NoSQL Database Systems and their Security Challenges NoSQL Database Systems and their Security Challenges Morteza Amini amini@sharif.edu Data & Network Security Lab (DNSL) Department of Computer Engineering Sharif University of Technology September 25 2

More information

CLOUD STORAGE SECURITY INTRODUCTION. Gordon Arnold, IBM

CLOUD STORAGE SECURITY INTRODUCTION. Gordon Arnold, IBM CLOUD STORAGE SECURITY INTRODUCTION Gordon Arnold, IBM SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members may use this material

More information

The Next Generation of Security Leaders

The Next Generation of Security Leaders The Next Generation of Security Leaders In an increasingly complex cyber world, there is a growing need for information security leaders who possess the breadth and depth of expertise necessary to establish

More information

Organizational Impact of Big Data on Privacy & Security

Organizational Impact of Big Data on Privacy & Security Organizational Impact of Big Data on Privacy & Security Marijn Janssen, Agung Wahyudi Delft University of Technology EdCon Puerto Rico, 12 August 2015 OUTLINE 01 Privacy & Security in Organization 02 Big

More information

INFORMATION TECHNOLOGY SECURITY STANDARDS

INFORMATION TECHNOLOGY SECURITY STANDARDS INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL

More information

Big Data Research Sponsorship

Big Data Research Sponsorship Big Data Research Sponsorship Overview The term Big Data refers to the massive amounts of digital information companies and governments collect about us and our surroundings. Providing security and privacy

More information

ISO 27001 Controls and Objectives

ISO 27001 Controls and Objectives ISO 27001 s and Objectives A.5 Security policy A.5.1 Information security policy Objective: To provide management direction and support for information security in accordance with business requirements

More information

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Protect the data that drives our customers business. Data Security. Imperva s mission is simple: The Imperva Story Who We Are Imperva is the global leader in data security. Thousands of the world s leading businesses, government organizations, and service providers rely on Imperva solutions to prevent

More information

Chap. 1: Introduction

Chap. 1: Introduction Chap. 1: Introduction Introduction Services, Mechanisms, and Attacks The OSI Security Architecture Cryptography 1 1 Introduction Computer Security the generic name for the collection of tools designed

More information

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security Technical Paper Plain talk about security When it comes to Cloud deployment, security is top of mind for all concerned. The Infor CloudSuite team uses best-practice protocols and a thorough, continuous

More information

Cryptography and Network Security

Cryptography and Network Security Cryptography and Network Security Third Edition by William Stallings Lecture slides by Shinu Mathew John http://shinu.info/ Chapter 1 Introduction http://shinu.info/ 2 Background Information Security requirements

More information

E-Democracy and e-voting

E-Democracy and e-voting E-Democracy and e-voting How to make them secure and transparent August 2013 Jordi Puiggali CSO and SVP R&D Jordi.puiggali@scytl.com Index Introduction e-democracy Security and Transparency in e-voting

More information

Policy-based Pre-Processing in Hadoop

Policy-based Pre-Processing in Hadoop Policy-based Pre-Processing in Hadoop Yi Cheng, Christian Schaefer Ericsson Research Stockholm, Sweden yi.cheng@ericsson.com, christian.schaefer@ericsson.com Abstract While big data analytics provides

More information

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225

More information

Enterprise Security Solutions

Enterprise Security Solutions Enterprise Security Solutions World-class technical solutions, professional services and training from experts you can trust ISOCORP is a Value-Added Reseller (VAR) and services provider for best in class

More information

Chapter 10. Cloud Security Mechanisms

Chapter 10. Cloud Security Mechanisms Chapter 10. Cloud Security Mechanisms 10.1 Encryption 10.2 Hashing 10.3 Digital Signature 10.4 Public Key Infrastructure (PKI) 10.5 Identity and Access Management (IAM) 10.6 Single Sign-On (SSO) 10.7 Cloud-Based

More information

LogRhythm and PCI Compliance

LogRhythm and PCI Compliance LogRhythm and PCI Compliance The Payment Card Industry (PCI) Data Security Standard (DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent

More information

Secure Thinking Bigger Data. Bigger risk?

Secure Thinking Bigger Data. Bigger risk? Secure Thinking Bigger Data. Bigger risk? MALWARE HACKERS REPUTATION PROTECTION RISK THEFT There has always been data. What is different now is the scale and speed of data growth. Every day we create 2.5

More information

Secure cloud access system using JAR ABSTRACT:

Secure cloud access system using JAR ABSTRACT: Secure cloud access system using JAR ABSTRACT: Cloud computing enables highly scalable services to be easily consumed over the Internet on an as-needed basis. A major feature of the cloud services is that

More information

preliminary experiment conducted on Amazon EC2 instance further demonstrates the fast performance of the design.

preliminary experiment conducted on Amazon EC2 instance further demonstrates the fast performance of the design. Privacy-Preserving Public Auditing For Secure Cloud Storage ABSTRACT: Using cloud storage, users can remotely store their data and enjoy the on-demand high-quality applications and services from a shared

More information

Cloud security architecture

Cloud security architecture ericsson White paper Uen 284 23-3244 January 2015 Cloud security architecture from process to deployment The Trust Engine concept and logical cloud security architecture presented in this paper provide

More information

Advanced File Integrity Monitoring for IT Security, Integrity and Compliance: What you need to know

Advanced File Integrity Monitoring for IT Security, Integrity and Compliance: What you need to know Whitepaper Advanced File Integrity Monitoring for IT Security, Integrity and Compliance: What you need to know Phone (0) 161 914 7798 www.distology.com info@distology.com detecting the unknown Integrity

More information

Brainloop Cloud Security

Brainloop Cloud Security Whitepaper Brainloop Cloud Security Guide to secure collaboration in the cloud www.brainloop.com Sharing information over the internet The internet is the ideal platform for sharing data globally and communicating

More information

EFFICIENT AND SECURE DATA PRESERVING IN CLOUD USING ENHANCED SECURITY

EFFICIENT AND SECURE DATA PRESERVING IN CLOUD USING ENHANCED SECURITY EFFICIENT AND SECURE DATA PRESERVING IN CLOUD USING ENHANCED SECURITY Siliveru Ashok kumar* S.G. Nawaz ## and M.Harathi # * Student of M.Tech, Sri Krishna Devaraya Engineering College, Gooty # Department

More information

Seven Things To Consider When Evaluating Privileged Account Security Solutions

Seven Things To Consider When Evaluating Privileged Account Security Solutions Seven Things To Consider When Evaluating Privileged Account Security Solutions Contents Introduction 1 Seven questions to ask every privileged account security provider 4 1. Is the solution really secure?

More information

Privileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery

Privileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery Overview Password Manager Pro offers a complete solution to control, manage, monitor and audit the entire life-cycle of privileged access. In a single package it offers three solutions - privileged account

More information

STORAGE SECURITY TUTORIAL With a focus on Cloud Storage. Gordon Arnold, IBM

STORAGE SECURITY TUTORIAL With a focus on Cloud Storage. Gordon Arnold, IBM STORAGE SECURITY TUTORIAL With a focus on Cloud Storage Gordon Arnold, IBM SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members

More information

Security and Privacy Controls for Federal Information Systems and Organizations

Security and Privacy Controls for Federal Information Systems and Organizations NIST Special Publication 800-53 Revision 4 Security and Privacy Controls for Federal Information Systems JOINT TASK FORCE TRANSFORMATION INITIATIVE This document contains excerpts from NIST Special Publication

More information

COSC 472 Network Security

COSC 472 Network Security COSC 472 Network Security Instructor: Dr. Enyue (Annie) Lu Office hours: http://faculty.salisbury.edu/~ealu/schedule.htm Office room: HS114 Email: ealu@salisbury.edu Course information: http://faculty.salisbury.edu/~ealu/cosc472/cosc472.html

More information

USB Portable Storage Device: Security Problem Definition Summary

USB Portable Storage Device: Security Problem Definition Summary USB Portable Storage Device: Security Problem Definition Summary Introduction The USB Portable Storage Device (hereafter referred to as the device or the TOE ) is a portable storage device that provides

More information

A Survey of the Security Use Cases in Big Data

A Survey of the Security Use Cases in Big Data A Survey of the Security in Big Data Kudakwashe Zvarevashe 1, Mainford Mutandavari 2, Trust Gotora 3 M Tech Student, Dept of CSE, Jawaharlal Nehru Technological University, Hyderabad, India 1 M Tech Student,

More information

Cryptography and Network Security Chapter 1

Cryptography and Network Security Chapter 1 Cryptography and Network Security Chapter 1 Acknowledgments Lecture slides are based on the slides created by Lawrie Brown Chapter 1 Introduction The art of war teaches us to rely not on the likelihood

More information

9.Web Based Customer Favorite vehicle Search Engine. 10.Step by Step Monitoring for Product Purchasing System

9.Web Based Customer Favorite vehicle Search Engine. 10.Step by Step Monitoring for Product Purchasing System 1.Data Mining Analysis on EB bill system 2.Graph Based Share Market Data Updations 3.Web Based Book Publishing System 4.Online product opinion and Ranking system 5. Online Dynamic Form creation for Non-IT

More information

ISO 27002:2013 Version Change Summary

ISO 27002:2013 Version Change Summary Information Shield www.informationshield.com 888.641.0500 sales@informationshield.com Information Security Policies Made Easy ISO 27002:2013 Version Change Summary This table highlights the control category

More information

Developing the Corporate Security Architecture. www.avient.ca Alex Woda July 22, 2009

Developing the Corporate Security Architecture. www.avient.ca Alex Woda July 22, 2009 Developing the Corporate Security Architecture www.avient.ca Alex Woda July 22, 2009 Avient Solutions Group Avient Solutions Group is based in Markham and is a professional services firm specializing in

More information

Govt. of Karnataka, Department of Technical Education Diploma in Computer Science & Engineering. Sixth Semester

Govt. of Karnataka, Department of Technical Education Diploma in Computer Science & Engineering. Sixth Semester Govt. of Karnataka, Department of Technical Education Diploma in Computer Science & Engineering Sixth Semester Subject: Network Security & Management Contact Hrs / week: 4 Total hrs: 64 Table of Contents

More information

Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH. White Paper February 2010 www.alvandsolutions.

Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH. White Paper February 2010 www.alvandsolutions. Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH White Paper February 2010 www.alvandsolutions.com Overview Today s increasing security threats and regulatory

More information

Oracle 1Z0-528 Exam Questions & Answers

Oracle 1Z0-528 Exam Questions & Answers Oracle 1Z0-528 Exam Questions & Answers Number: 1Z0-528 Passing Score: 660 Time Limit: 120 min File Version: 21.1 http://www.gratisexam.com/ Oracle 1Z0-528 Exam Questions & Answers Exam Name: Oracle Database

More information

Associate Prof. Dr. Victor Onomza Waziri

Associate Prof. Dr. Victor Onomza Waziri BIG DATA ANALYTICS AND DATA SECURITY IN THE CLOUD VIA FULLY HOMOMORPHIC ENCRYPTION Associate Prof. Dr. Victor Onomza Waziri Department of Cyber Security Science, School of ICT, Federal University of Technology,

More information

CHAPTER 1 INTRODUCTION

CHAPTER 1 INTRODUCTION 1 CHAPTER 1 INTRODUCTION 1.1 Introduction Cloud computing as a new paradigm of information technology that offers tremendous advantages in economic aspects such as reduced time to market, flexible computing

More information

Intrusion Detection for Grid and Cloud Computing

Intrusion Detection for Grid and Cloud Computing Intrusion Detection for Grid and Cloud Computing Author Kleber Vieira, Alexandre Schulter, Carlos Becker Westphall, and Carla Merkle Westphall Federal University of Santa Catarina, Brazil Content Type

More information

Big Data Working Group. Comment on Big Data and the Future of Privacy

Big Data Working Group. Comment on Big Data and the Future of Privacy Big Data Working Group Comment on Big Data and the Future of Priacy March 2014 2014 Cloud Security Alliance All Rights Resered All rights resered. You may download, store, display on your computer, iew,

More information

Public Key Applications & Usage A Brief Insight

Public Key Applications & Usage A Brief Insight Public Key Applications & Usage A Brief Insight Scenario :: Identification, Authentication & Non- Repudiation :: Confidentiality :: Authenticity, requirements and e-business Integrity for electronic transaction

More information

Global Soft Solutions JAVA IEEE PROJECT TITLES - 2015

Global Soft Solutions JAVA IEEE PROJECT TITLES - 2015 Global Soft Solutions No : 6, III Floor Chitra Complex Chatram Bus Stand Trichy 620 002 www.globalsoftsolutions.in Email : gsstrichy@gmail.com Ph : 0431 4544308 / Cell : 94431 22110 JAVA IEEE PROJECT TITLES

More information

PRIVACY-PRESERVING PUBLIC AUDITING FOR SECURE CLOUD STORAGE

PRIVACY-PRESERVING PUBLIC AUDITING FOR SECURE CLOUD STORAGE PRIVACY-PRESERVING PUBLIC AUDITING FOR SECURE CLOUD STORAGE Abstract: Using Cloud Storage, users can remotely store their data and enjoy the on-demand high quality applications and services from a shared

More information

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Copyright 2013, Oracle and/or its affiliates. All rights reserved. 1 Security Inside-Out with Oracle Database 12c Denise Mallin, CISSP Oracle Enterprise Architect - Security The following is intended to outline our general product direction. It is intended for information

More information

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA Advanced Visibility Moving Beyond a Log Centric View Matthew Gardiner, RSA & Richard Nichols, RSA 1 Security is getting measurability worse Percent of breaches where time to compromise (red)/time to Discovery

More information

ISO27001 Controls and Objectives

ISO27001 Controls and Objectives Introduction This reference document for the University of Birmingham lists the control objectives, specific controls and background information, as given in Annex A to ISO/IEC 27001:2005. As such, the

More information

Security/Privacy Models for "Internet of things": What should be studied from RFID schemes? Daisuke Moriyama and Shin ichiro Matsuo NICT, Japan

Security/Privacy Models for Internet of things: What should be studied from RFID schemes? Daisuke Moriyama and Shin ichiro Matsuo NICT, Japan Security/Privacy Models for "Internet of things": What should be studied from RFID schemes? Daisuke Moriyama and Shin ichiro Matsuo NICT, Japan 1 Internet of Things (IoT) CASAGRAS defined that: A global

More information

syslog-ng Product Line

syslog-ng Product Line www.balabit.com syslog-ng Product Line syslog-ng Description www.balabit.com IT environments constantly generate important data in log messages syslog-ng Collects Filters Classifies Normalizes Stores Transfers

More information

Big Data - Security and Privacy

Big Data - Security and Privacy Big Data - Security and Privacy Elisa Bertino CS Department, Cyber Center, and CERIAS Purdue University Cyber Center! Big Data EveryWhere! Lots of data is being collected, warehoused, and mined Web data,

More information

Westcon Presentation on Security Innovation, Opportunity, and Compromise

Westcon Presentation on Security Innovation, Opportunity, and Compromise Westcon Presentation on Security Innovation, Opportunity, and Compromise Christian A. Christiansen Program Vice President IDC Security Products & Services What s Happening with Threats? 1.5B 80% 33% $1.3M

More information

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Copyright 2013, Oracle and/or its affiliates. All rights reserved. 1 Security Inside Out Latest Innovations in Oracle Database 12c Jukka Männistö Database Architect Oracle Nordic Coretech Presales The 1995-2014 Security Landscape Regulatory Landscape HIPAA, SOX (2002),

More information

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)

More information

SELECTING AN ENTERPRISE-READY CLOUD SERVICE

SELECTING AN ENTERPRISE-READY CLOUD SERVICE 21 Point Checklist for SELECTING AN ENTERPRISE-READY CLOUD SERVICE Brought to you by Introduction The journey to the cloud is well underway, and it s easy to see why when 84% of CIOs report cutting application

More information

Cloud Computing: A Question of Trust Maintaining Control and Compliance with Data-centric Information Security

Cloud Computing: A Question of Trust Maintaining Control and Compliance with Data-centric Information Security Russ Dietz Vice President & Chief Technology Officer Cloud Computing: A Question of Trust Maintaining Control and Compliance with Data-centric Information Security By Russ Dietz Vice President & Chief

More information

Teradata and Protegrity High-Value Protection for High-Value Data

Teradata and Protegrity High-Value Protection for High-Value Data Teradata and Protegrity High-Value Protection for High-Value Data 03.16 EB7178 DATA SECURITY Table of Contents 2 Data-Centric Security: Providing High-Value Protection for High-Value Data 3 Visibility:

More information

BalaBit IT Security Insight Singaporean Internet Banking and Technology Risk Management Guidelines Compliance

BalaBit IT Security Insight Singaporean Internet Banking and Technology Risk Management Guidelines Compliance GUARDING YOUR BUSINESS BalaBit IT Security Insight Singaporean Internet Banking and Technology Risk Management Guidelines Compliance www.balabit.com In 2008, the Monetary Authority of Singapore (MAS),

More information

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶 Network Security 網 路 安 全 Lecture 1 February 20, 2012 洪 國 寶 1 Outline Course information Motivation Introduction to security Basic network concepts Network security models Outline of the course 2 Course

More information

IBM Security Privileged Identity Manager helps prevent insider threats

IBM Security Privileged Identity Manager helps prevent insider threats IBM Security Privileged Identity Manager helps prevent insider threats Securely provision, manage, automate and track privileged access to critical enterprise resources Highlights Centrally manage privileged

More information

Big Data Trust and Reputation, Privacy Cyber Threat Intelligence

Big Data Trust and Reputation, Privacy Cyber Threat Intelligence Big Data Trust and Reputation, Privacy Cyber Threat Intelligence October 27, 2015 Start Time: 9 am US Pacific / 12 noon US Eastern / 5 pm London Time #ISSAWebConf Big Data Trust and Reputation, Privacy

More information

Cryptography and Network Security Sixth Edition by William Stallings

Cryptography and Network Security Sixth Edition by William Stallings Cryptography and Network Security Sixth Edition by William Stallings Chapter 1 Overview The combination of space, time, and strength that must be considered as the basic elements of this theory of defense

More information

Digital Pathways. Harlow Enterprise Hub, Edinburgh Way, Harlow CM20 2NQ. 0844 586 0040 intouch@digitalpathways.co.uk www.digpath.co.

Digital Pathways. Harlow Enterprise Hub, Edinburgh Way, Harlow CM20 2NQ. 0844 586 0040 intouch@digitalpathways.co.uk www.digpath.co. Harlow Enterprise Hub, Edinburgh Way, Harlow CM20 2NQ 0844 586 0040 intouch@digitalpathways.co.uk Security Services Menu has a full range of Security Services, some of which are also offered as a fully

More information

Advanced Topics in Distributed Systems. Dr. Ayman Abdel-Hamid Computer Science Department Virginia Tech

Advanced Topics in Distributed Systems. Dr. Ayman Abdel-Hamid Computer Science Department Virginia Tech Advanced Topics in Distributed Systems Dr. Ayman Abdel-Hamid Computer Science Department Virginia Tech Security Introduction Based on Ch1, Cryptography and Network Security 4 th Ed Security Dr. Ayman Abdel-Hamid,

More information

Are your multi-function printers a security risk? Here are five key strategies for safeguarding your data

Are your multi-function printers a security risk? Here are five key strategies for safeguarding your data Are your multi-function printers a security risk? Here are five key strategies for safeguarding your data Printer Security Challenges Executive Summary Security breaches can damage both your operations

More information

Big Data, Big Risk, Big Rewards. Hussein Syed

Big Data, Big Risk, Big Rewards. Hussein Syed Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data

More information

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved. Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control

More information

Secrecy Maintaining Public Inspecting For Secure Cloud Storage

Secrecy Maintaining Public Inspecting For Secure Cloud Storage Secrecy Maintaining Public Inspecting For Secure Cloud Storage K.Sangamithra 1, S.Tamilselvan 2 M.E, M.P.Nachimuthu.M.Jaganathan Engineering College, Tamilnadu, India 1 Asst. Professor, M.P.Nachimuthu.M.Jaganathan

More information

Juniper Networks Secure

Juniper Networks Secure White Paper Juniper Networks Secure Development Lifecycle Six Practices for Improving Product Security Copyright 2013, Juniper Networks, Inc. 1 Table of Contents Executive Summary...3 Introduction...3

More information

The Challenge of Data and Application Security and Privacy (DASPY): Are We Up to It?

The Challenge of Data and Application Security and Privacy (DASPY): Are We Up to It? Institute for Cyber Security The Challenge of Data and Application Security and Privacy (DASPY): Are We Up to It? Ravi Sandhu Executive Director and Endowed Professor February 21, 2011 ravi.sandhu@utsa.edu

More information

The Benefits of SSL Content Inspection ABSTRACT

The Benefits of SSL Content Inspection ABSTRACT The Benefits of SSL Content Inspection ABSTRACT SSL encryption is the de-facto encryption technology for delivering secure Web browsing and the benefits it provides is driving the levels of SSL traffic

More information

05.0 Application Development

05.0 Application Development Number 5.0 Policy Owner Information Security and Technology Policy Application Development Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 5. Application Development

More information

Data Protection: From PKI to Virtualization & Cloud

Data Protection: From PKI to Virtualization & Cloud Data Protection: From PKI to Virtualization & Cloud Raymond Yeung CISSP, CISA Senior Regional Director, HK/TW, ASEAN & A/NZ SafeNet Inc. Agenda What is PKI? And Value? Traditional PKI Usage Cloud Security

More information

March 2012 www.tufin.com

March 2012 www.tufin.com SecureTrack Supporting Compliance with PCI DSS 2.0 March 2012 www.tufin.com Table of Contents Introduction... 3 The Importance of Network Security Operations... 3 Supporting PCI DSS with Automated Solutions...

More information

Newcastle University Information Security Procedures Version 3

Newcastle University Information Security Procedures Version 3 Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations

More information

Cyber Security and Privacy

Cyber Security and Privacy Cyber Security and Privacy Jovan Golić CySeP Winter School, Stockholm, 2014 EIT ICT Labs EIT ICT Labs is one of the first Knowledge and Innovation Communities set up in 2010 by the European Institute of

More information

External Penetration Assessment and Database Access Review

External Penetration Assessment and Database Access Review External Penetration Assessment and Database Access Review Performed by Protiviti, Inc. At the request of Internal Audit April 25, 2012 Note: This presentation is intended solely for the use of the management

More information