Rec. ITU-T X.1750 (09/2020) Guidelines on security of big data as a service for big data service providers
Summary
History
FOREWORD
Table of Contents
1 Scope
2 References
3 Definitions
     3.1 Terms defined elsewhere
     3.2 Terms defined in this Recommendation
4 Abbreviations and acronyms
5 Conventions
6 Security threats and challenges to big data as a service
     6.1 Security challenges to a big data infrastructure
     6.2 Security challenges to big data applications
     6.3 Security challenges to data
     6.4 Security challenges to big data as a service ecosystem
7 High-level concepts of big data as a service – security considerations and role of BDSPs
8 Security measures of big data as a service
     8.1 Security measures for a big data infrastructure
          8.1.1 System asset security
               8.1.1.1 General requirements
               8.1.1.2 Enhancement requirements
          8.1.2 Data asset security
               8.1.2.1 General requirements
               8.1.2.2 Enhancement requirements
          8.1.3 Data supply chain process security
               8.1.3.1 General requirements
               8.1.3.2 Enhancement requirements
          8.1.4 Metadata security
               8.1.4.1 General requirements
               8.1.4.2 Enhancement requirements
     8.2 Security measures for big data applications
          8.2.1 Platform resource acquisition
               8.2.1.1 General requirements
               8.2.1.2 Enhanced requirements
          8.2.2 Authorization and access control
               8.2.2.1 General requirements
               8.2.2.2 Enhanced requirements
          8.2.3 Application behaviour monitoring
               8.2.3.1 General requirements
               8.2.3.2 Enhanced requirements
          8.2.4 Application security strategies and procedures
          8.2.5 Credential storage
               8.2.5.1 General requirements
               8.2.5.2 Enhanced requirements
          8.2.6 Identity and authentication
               8.2.6.1 General requirements
               8.2.6.2 Enhanced requirements
          8.2.7 Default configuration security
          8.2.8 Data import and export
               8.2.8.1 General requirements
               8.2.8.2 Enhancement requirements
     8.3 Security measures for interface
          8.3.1 General requirements
          8.3.2 Enhanced requirements
     8.4 Security measures for big data as a service ecosystem
          8.4.1 Security planning
               8.4.1.1 Requirement analysis
                    8.4.1.1.1 General requirements
                    8.4.1.1.2 Enhanced requirements
               8.4.1.2 Solution design
                    8.4.1.2.1 General requirements
                    8.4.1.2.2 Enhanced requirements
               8.4.1.3 Solution evaluation
                    8.4.1.3.1 General requirements
                    8.4.1.3.2 Enhanced requirements
          8.4.2 Security construction
               8.4.2.1 Security architecture
                    8.4.2.1.1 General requirements
                    8.4.2.1.2 Enhancement requirements
               8.4.2.2 Functional specification
                    8.4.2.2.1 General requirements
               8.4.2.3 Security deployment
                    8.4.2.3.1 General requirements
               8.4.2.4 Boundary protection
                    8.4.2.4.1 General requirements
                    8.4.2.4.2 Enhancement requirements
               8.4.2.5 Document management
                    8.4.2.5.1 General requirements
                    8.4.2.5.2 Enhancement requirements
          8.4.3 Security operation
               8.4.3.1 System configuration management
                    8.4.3.1.1 General requirements
                    8.4.3.1.2 Enhancement requirements
               8.4.3.2 Employment of third party services
                    8.4.3.2.1 General requirements
                    8.4.3.2.2 Enhancement requirements
               8.4.3.3 Information technology supply chain security
                    8.4.3.3.1 General requirements
                    8.4.3.3.2 Enhancement requirements
               8.4.3.4 System patch management
                    8.4.3.4.1 General requirements
                    8.4.3.4.2 Enhancement requirements
               8.4.3.5 Business continuity plan
                    8.4.3.5.1 General requirements
                    8.4.3.5.2 Enhancement requirements
          8.4.4 Security audit
               8.4.4.1 Audit strategy management
                    8.4.4.1.1 General requirements
                    8.4.4.1.2 Enhancement requirements
               8.4.4.2 Audit data generation
                    8.4.4.2.1 General requirements
                    8.4.4.2.2 Enhancement requirements
               8.4.4.3 Audit data protection
                    8.4.4.3.1 General requirements
                    8.4.4.3.2 Enhancement requirements
               8.4.4.4 Audit analysis report
                    8.4.4.4.1 General requirements
                    8.4.4.4.2 Enhancement requirements
Bibliography