2020 Soft Exam Information Security Engineer (Second Edition) Study Summary [22]

Chapter 26 Big Data Security Requirements Analysis and Security Protection Engineering

Big data security threat and demand analysis

Big data security threat analysis

• Big data concepts and characteristics
  • Big data refers to data sets of non-traditional data processing tools
  • Features:
    • Massive data scale
    • Fast data flow
    • Various data types
    • Low value density
• Big data security issues
  • "Data set" security boundaries are increasingly blurred, and security protection is becoming more difficult
  • Increased security risk of sensitive data leakage
  • Data distortion and big data pollution security risks
  • Big data processing platform business continuity and denial of service
  • Personal data is widely distributed on multiple data platforms, making privacy protection more difficult
  • Data transaction security risks
  • Big data abuse

Big data security needs analysis

• Basic data security requirements: data authenticity, real-time, confidentiality, integrity, availability, traceability

• Big data itself is safe: Big data applications depend on trusted data

• Big data security compliance:

• Big data cross-border security:

• Big data privacy protection

• Big data processing platform security

• Big data business security

• Big data security operation

Big data security protection mechanism and technical solutions

Big data security protection mechanism

• Basic security mechanism:
  • Data classification
  • Data source certification
  • Data source
  • Data user identification and authentication
  • Data resource access control
  • Data privacy protection
  • Data backup and recovery
  • Data security audit and monitoring
  • Data security management

Big data platform security protection technology

• safety technology:
  • Safe partition
  • Firewall
  • System security hardening
  • Data leakage prevention

Big data business security protection technology

• Security content:
  • Business authorization: role-based access control technology
  • Business logic security: security control for business processes
  • Business compliance: The business meets the requirements of policies, regulations and safety standards, and the technology includes valuable data security inspection, system security configuration benchmark data monitoring

Big data privacy security protection technology

• Main technique:
  • Data identity anonymity
  • Data differential privacy
  • Data masking
  • data encryption
  • Data access control

Big data operation security protection technology

• Security Maintenance of Big Data Processing System
• Big data processing system security policy update
• Big data processing system security equipment configuration
• Big data processing system security event monitoring and emergency response
• Big data processing system intrusion detection and network security situation awareness
• Big data processing system cyber attack forensics
• Big data processing system security audit, security fortress machine
• Disaster recovery and backup of big data processing system

Commonly used technologies: network intrusion monitoring, network security situation awareness, network attack forensics, network threat intelligence analysis, security fortress machine

Big Data Security Standard Specification

• "Information Security Technology Personal Information Security Specification"
• "Data Service Security Capability Requirements for Information Security Technology"
• "Information Security Technology Big Data Security Management Guide"
• "Information Security Technical Data Transaction Service Security Requirements"
• "Guidelines for De-identification of Personal Information in Information Security Technology"

Case Study of Comprehensive Application of Big Data

• Big data security platform and solution analysis

  • Ali, JD, Huawei big data system

• Understanding of data security management methods

  • Regulations 25-29 of the Measures for the Administration of Scientific Data

• Data Security Specification for Payment Card Industry

  PCI-DSS (Payment Card Industry Data Security Standard)

  • Build and maintain a secure network
  • Protect cardholder data
  • Maintain vulnerability management procedures
  • Implement strict storage control measures
  • Regularly monitor and test the network
  • Maintain information security policy