TY - GEN
T1 - Critical Data Security Model
T2 - 17th Iberian Conference on Information Systems and Technologies, CISTI 2022
AU - Ortiz Huamán, Cesar Humberto
AU - Fuster, Nilcer Fernandez
AU - Luyo, Ademir Cuadros
AU - Armas-Aguirre, Jimmy
N1 - Publisher Copyright:
© 2022 IEEE Computer Society. All rights reserved.
PY - 2022
Y1 - 2022
N2 - In this paper, we proposed a data security model of a big data analytical environment in the financial sector. Big Data can be seen as a trend in the advancement of technology that has opened the door to a new approach to understanding and decision making that is used to describe the vast amount of data (structured, unstructured and semi-structured) that is too time consuming and costly to load a relational database for analysis. The increase in cybercriminal attacks on an organization's assets results in organizations beginning to invest in and care more about their cybersecurity points and controls. The management of business-critical data is an important point for which robust cybersecurity controls should be considered. The proposed model is applied in a datalake and allows the identification of security gaps on an analytical repository, a cybersecurity risk analysis, design of security components and an assessment of inherent risks on high criticality data in a repository of a regulated financial institution. The proposal was validated in financial entities in Lima, Peru. Proofs of concept of the model were carried out to measure the level of maturity focused on: leadership and commitment, risk management, protection control, event detection and risk management. Preliminary results allowed placing the entities in level 3 of the model, knowing their greatest weaknesses, strengths and how these can affect the fulfillment of business objectives.
AB - In this paper, we proposed a data security model of a big data analytical environment in the financial sector. Big Data can be seen as a trend in the advancement of technology that has opened the door to a new approach to understanding and decision making that is used to describe the vast amount of data (structured, unstructured and semi-structured) that is too time consuming and costly to load a relational database for analysis. The increase in cybercriminal attacks on an organization's assets results in organizations beginning to invest in and care more about their cybersecurity points and controls. The management of business-critical data is an important point for which robust cybersecurity controls should be considered. The proposed model is applied in a datalake and allows the identification of security gaps on an analytical repository, a cybersecurity risk analysis, design of security components and an assessment of inherent risks on high criticality data in a repository of a regulated financial institution. The proposal was validated in financial entities in Lima, Peru. Proofs of concept of the model were carried out to measure the level of maturity focused on: leadership and commitment, risk management, protection control, event detection and risk management. Preliminary results allowed placing the entities in level 3 of the model, knowing their greatest weaknesses, strengths and how these can affect the fulfillment of business objectives.
KW - Access Control
KW - Bank, Data Security
KW - Big Data
KW - Data Breach
KW - PII
UR - https://www.scopus.com/pages/publications/85134806287
U2 - 10.23919/CISTI54924.2022.9820547
DO - 10.23919/CISTI54924.2022.9820547
M3 - Contribución a la conferencia
AN - SCOPUS:85134806287
T3 - Iberian Conference on Information Systems and Technologies, CISTI
BT - Proceedings of 2022 17th Iberian Conference on Information Systems and Technologies, CISTI 2022
A2 - Rocha, Alvaro
A2 - Bordel, Borja
A2 - Penalvo, Francisco Garcia
A2 - Goncalves, Ramiro
PB - IEEE Computer Society
Y2 - 22 June 2022 through 25 June 2022
ER -