Page 184 - Big data - Concept and application for telecommunications
P. 184

4                                Big data - Concept and application for telecommunications



                                                      Appendix I


                                       Guidelines for using security controls
                            (This appendix does not form an integral part of this Recommendation.)


            Table I.1 provides example sets of controls that could be used to meet the guidelines for some example data
            scenarios based on data classification and lifecycle stage.


                                            Table I.1 – Example sets of controls

                                                              Data lifecycle

                 Type                                                                               Backup
                           Creation   Transmission   Storage      Use     Migration   Destruction    and
                                                                                                  restoration
                             7.1         7.2           7.3         7.4       7.5         7.6          7.7
                 IaaS      a), b), c)   a), b), c)   a), b), c), d),   a), b), c)   a), b), c),   a), b), c), d),   a), c), d),
                                                     e), h), i)             d), e)    e), f), g), h)   e), f)
                             7.1         7.2           7.3         7.4       7.5         7.6          7.7
                 PaaS      a), b), c)   a), b), c)   a), b), c), d),   a), b), c)   a), b), c),   a), b), c), d),   a), b), c),
                                                     e), f), i)             d), e)    e), f), g), h)   d), e), f)
                             7.1         7.2           7.3         7.4       7.5         7.6          7.7
                 SaaS      a), b), c)   a), b), c)   a), b), c), d),   a), b), c)   a), b), c),   a), b), c), d),   a), b), c),
                                                   e),f), g), h), i)        d), e)    e), f), g), h)   d), e), f)






                                                     Bibliography




            [b-ITU-T Y.3500]     Recommendation ITU-T Y.3500 (2014) | ISO/IEC 17788:2014, Information technology
                                – Cloud computing – Overview and vocabulary.

            [b-ISO/IEC 27000]   ISO/IEC  27000:2014,  Information  technology  –  Security  techniques  –  Information
                                security management systems – Overview and vocabulary.

            [b-ISO/IEC 29100]   ISO/IEC  29100:2011,  Information  technology  –  Security  techniques  –  Privacy
                                framework.
            [b-NIST-SP-800-53]   NIST Special Publication 800-53 Revision 4 (2015), Security and privacy controls for
                                Federal  information  systems  and  organizations,  Available  [viewed  2016-12-10]  at:
                                <http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf>

















            176      Security, privacy and data protection
   179   180   181   182   183   184   185   186   187   188   189