Page 164 - Big data - Concept and application for telecommunications
P. 164

4                                Big data - Concept and application for telecommunications



                                       Table 1 – Relationship of security threats to entities

                            Entities
                                    The data collection   The data pre-    The data analysis    The data

                                          entity        processing entity      entity       application entity
             Threats

             Over analysis                                                       Y

             Trojan and viruses             Y
             Unauthorized access            Y                  Y                 Y                 Y
             Unauthorized analysis                                               Y
             Unauthorized analytical                                             Y                 Y
             application


            9       Security requirements


            9.1     Analysis algorithm(s) check
            The accuracy and integrity of the analysis algorithm(s) is required to be checked.


            9.2     Authentication
            Authentication is required to confirm the identities of the entities. Authentication ensures the validity of the
            claimed identities of the entities participating in big data analysis and provides assurance that an entity is not
            attempting to masquerade as an authorized entity. Authentication techniques may be required as part of the
            authorization process, and can be augmented by single sign on capabilities.

            9.3     Authorization

            Authorization capabilities are required to ensure that only authorized users or entities are allowed to access
            the original data or the results of big data analysis.

            9.4     Data minimization
            The categories of data that are subject to collection are required to be strictly limited to those that are
            necessary to fulfil the stated purpose of use of the system. This purpose of use must be disclosed to the user
            in the course of obtaining consent.

            9.5     Data retention limits

            Stored data, including outputs of big data analysis, are required to be subject to clearly defined retention
            periods that include maximum limits. These periods must be set according to the purpose of use. The data
            retention period should be disclosed to users in the course of obtaining consent.

            9.6     Data source check

            The data source is required to be identified, to ensure that the data analysis entity has the proper privilege
            to analyse it.


            9.7     Incident response for malware
            Incident response process for malware detection is required to pre-deploy security mechanisms in response
            to and to deal with an attack in a timely manner.








            156      Security, privacy and data protection
   159   160   161   162   163   164   165   166   167   168   169