Page 169 - Big data - Concept and application for telecommunications
P. 169
Big data - Concept and application for telecommunications 4
a) local reporting of the event;
b) remote reporting of the event;
c) logging of the event; and
d) recovery action.
Examples of such security-relevant events are:
a) a specific security violation;
b) a specific selected event; and
c) an overflow on a count of the number of occurrences.
Standardization in this field will take into consideration the transmission of relevant information for event
reporting and event logging and the syntactic and semantic definition to be used for the transmission of
event reporting and event logging.
The event detection function could help to detect the security violations of the big data analysis and usage
among the data pre-processing entity, data collection entity, the data analysis entity and the data application
entity.
11.6 Key exchange
The key exchange function allows for key sharing in encipherment implementations, especially that of the
symmetric encipherment algorithm.
11.7 Security audit trail
Security audit trails provide a valuable security mechanism as potentially they permit detection and
investigation of breaches of security by permitting a subsequent security audit. A security audit is an
independent review and examination of system records and activities in order to test for adequacy of system
controls, to ensure compliance with established policy and operational procedures, to aid in damage
assessment and to recommend any indicated changes in controls, policy and procedures. A security audit
requires the recording of security-relevant information in a security audit trail and the analysis and reporting
of information from the security audit trail. As logging or recording is considered to be a security mechanism
it is described in this clause. The analysis and report generation is considered a security management
function.
Collection of security audit trail information may be adapted to various requirements by specifying the kind
of security-relevant events to be recorded (e.g., apparent security violations or completion of successful
operations).
The known existence of a security audit trail may serve as a deterrent to some potential sources of security
attacks.
OSI security audit trail considerations consider what information shall optionally be logged, under what
conditions that information shall be logged and the syntactic and semantic definition to be used for the
interchange of the security audit trail information.
This function could be used to audit the behaviour of the entities when analysing and using big data
set/analysis results in mobile Internet services.
11.8 Security recovery
Security recovery deals with requests from mechanisms such as event handling and management functions
and takes recovery actions as the result of applying a set of rules. These recovery actions may be of three
kinds:
– immediate, where the system should be recovered as soon as possible, commonly within one day;
– temporary, where the system needs to be recovered within a few days, such as a week;
Security, privacy and data protection 161
