Critical Data Security Model: Gap Security Identification and Risk Analysis In Financial Sector

Cesar Humberto Ortiz Huaman, Nilcer Fernandez Fuster, Ademir Cuadros Luyo, Jimmy Armas-Aguirre
{"title":"Critical Data Security Model: Gap Security Identification and Risk Analysis In Financial Sector","authors":"Cesar Humberto Ortiz Huaman, Nilcer Fernandez Fuster, Ademir Cuadros Luyo, Jimmy Armas-Aguirre","doi":"10.23919/cisti54924.2022.9820547","DOIUrl":null,"url":null,"abstract":"In this paper, we proposed a data security model of a big data analytical environment in the financial sector. Big Data can be seen as a trend in the advancement of technology that has opened the door to a new approach to understanding and decision making that is used to describe the vast amount of data (structured, unstructured and semi-structured) that is too time consuming and costly to load a relational database for analysis. The increase in cybercriminal attacks on an organization’s assets results in organizations beginning to invest in and care more about their cybersecurity points and controls. The management of business-critical data is an important point for which robust cybersecurity controls should be considered. The proposed model is applied in a datalake and allows the identification of security gaps on an analytical repository, a cybersecurity risk analysis, design of security components and an assessment of inherent risks on high criticality data in a repository of a regulated financial institution. The proposal was validated in financial entities in Lima, Peru. Proofs of concept of the model were carried out to measure the level of maturity focused on: leadership and commitment, risk management, protection control, event detection and risk management. Preliminary results allowed placing the entities in level 3 of the model, knowing their greatest weaknesses, strengths and how these can affect the fulfillment of business objectives.","PeriodicalId":187896,"journal":{"name":"2022 17th Iberian Conference on Information Systems and Technologies (CISTI)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 17th Iberian Conference on Information Systems and Technologies (CISTI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.23919/cisti54924.2022.9820547","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2

Abstract

In this paper, we proposed a data security model of a big data analytical environment in the financial sector. Big Data can be seen as a trend in the advancement of technology that has opened the door to a new approach to understanding and decision making that is used to describe the vast amount of data (structured, unstructured and semi-structured) that is too time consuming and costly to load a relational database for analysis. The increase in cybercriminal attacks on an organization’s assets results in organizations beginning to invest in and care more about their cybersecurity points and controls. The management of business-critical data is an important point for which robust cybersecurity controls should be considered. The proposed model is applied in a datalake and allows the identification of security gaps on an analytical repository, a cybersecurity risk analysis, design of security components and an assessment of inherent risks on high criticality data in a repository of a regulated financial institution. The proposal was validated in financial entities in Lima, Peru. Proofs of concept of the model were carried out to measure the level of maturity focused on: leadership and commitment, risk management, protection control, event detection and risk management. Preliminary results allowed placing the entities in level 3 of the model, knowing their greatest weaknesses, strengths and how these can affect the fulfillment of business objectives.
关键数据安全模型:金融部门缺口安全识别与风险分析
本文提出了金融领域大数据分析环境下的数据安全模型。大数据可以被视为技术进步的一种趋势,它为理解和决策的新方法打开了大门,这种方法用于描述大量数据(结构化、非结构化和半结构化),这些数据过于耗时和昂贵,无法加载关系数据库进行分析。针对组织资产的网络犯罪攻击的增加导致组织开始投资并更多地关注他们的网络安全点和控制。对业务关键型数据的管理是应该考虑健壮的网络安全控制的一个重要方面。所建议的模型应用于数据湖中,允许识别分析存储库上的安全漏洞,进行网络安全风险分析,设计安全组件,并评估受监管金融机构存储库中高度关键数据的固有风险。该建议在秘鲁利马的金融实体中得到验证。对模型的概念进行了证明,以衡量成熟度的水平,重点是:领导和承诺、风险管理、保护控制、事件检测和风险管理。初步结果允许将实体置于模型的第3层,了解它们最大的弱点、优势以及它们如何影响业务目标的实现。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信