Control Mechanisms for Robust Data Security
Citation
Chandan Kumar Barman , Pankaj Gupta. "Control Mechanisms for Robust Data Security", International Journal of Computer & organization Trends (IJCOT), V4(2):42-46 Mar - Apr 2014, ISSN:2249-2593, www.ijcotjournal.org. Published by Seventh Sense Research Group.
Abstract
Data undoubtedly is at the core of IT value chain in any organization. The evolution of technology responsible for storing, managing and processing data has noticeably taken giant strides in recent times with the inception of technologies like Big Data, In Memory Computing etc. With wide scale business process automation initiatives taken by organizations of different sizes, more and more data are getting generated each passing day. The modern day data handling information systems are quite different from their traditional counterparts where RDBMS was the de-facto standard for data management. Today we need to deal with various structured, semi-structured and unstructured data classes like email, image, video, blogs, documents, live stream, xml/json data file etc. Security on the other hand till recently was considered to be a subject matter of network administrator where the primary goal was to protect the IT infrastructure perimeter. With increased adaptation and dependence on different data classes, data security has gained special interest in IT security landscape. In this paper we have defined different facets of data security vulnerabilities that are common to any data-store or data aware application. Later. we have defined and highlighted various control mechanisms required to be put in place to mitigate these data security vulnerabilities. The three controls namely the procedural control, technical control and physical control as discussed below may be referred and deployed by any organization for robust data security.
References
[1] Risk Management Guide for Information Technology Systems, NIST, US Deptt. Of Commerce
[2] ISO/IEC 27000:2009
[3] ISACA, 2008, www.isaca.org
[4]National Cyber Security Policy 2013. http://deity.gov.in/content/national-cyber-security-policy-2013-1
[5]PCI-DSS, HIPAA, SOX guidelines.
https://www.pcisecuritystandards.org/security_standards/
http://www.hhs.gov/ocr/privacy/
www.soxlaw.com
[6]Security Issues in NoSQL Databases, Lior Okman, Nurit Gal-Oz, Yaron Gonen, Ehud Gudes, Jenny Abramov 2011 International Joint Conference of IEEE TrustCom-11/IEEE ICESS-11/FCST-11.
[7]Database Security: A Historical Perspective, University of Minnesota CS 8701, Fall 2008
[8]Survey on Data Mining Techniques to Enhance Intrusion Detection, Deepthy K Denatious & Anita John 2012 International Conference on Computer Communication and Informatics (ICCCI -2012), Jan. 10 – 12, 2012, Coimbatore, INDIA, 978-1-4577-1583-9/ 12/ © 2012 IEEE
[9] Introduction to NoSQL w3resource.com
[10] Storage Infrastructure Behind Facebook Messages, Kannan Muthukkaruppan, Software Engineer, facebook.com Big Data Experiences & Scars, HPTS 2011
[11]Understanding Holistic Database Security, Whitepaper, IBM.COM
[12]Oracle Security Solutions, Oracle.com
[13]www.iri.com
[14]Symantac Internet Security Threat Report 2013, Symantec.com
[15]McAfee Real-Time Database Monitoring, Auditing, and Intrusion Prevention
[16] Mongodb Documentation. MongoDB Documentation Project mongodb.com
[17]The Need for Real-Time Database Monitoring, Auditing and Intrusion Prevention. Analytics.InformationWeek.com
[18]Securing Unstructured Data, Analytics.InformationWeek.com
[19]Data Mining for Intrusion Detection, Department of Computer Science University of Minnesota Tutorial on the Pacific-Asia Conference on Knowledge Discovery in Databases 2003
Keywords
Data Security, Security Controls, IT Security, Data Governance.