From US-CERT | Oct 1, 2009
In their ongoing quest for improved operational efficiency, organizations have come
to rely on the ability to collect, access, and process large volumes of electronic data
(aggregated data). This reliance has evolved with the development of sophisticated
database software and the growing availability of hardware with storage capacity
measured in terabytes. By possessing such large volumes of data, however, organizations
assume certain risks and responsibilities.
The purpose of this paper is to discuss the security issues, business impacts, and
potential strategies of U.S. industry, government, and academic organizations that
create and maintain large aggregations of data, such as digital repositories,
databases, data warehouses, and aggregated information systems. The paper first
examines characteristics of data and information with respect to how they create
security management challenges when information is compiled and aggregated. The paper
highlights consequences, negative impacts and ramifications to organizations, partners,
and users due to data compromise including manipulations, disruptions, disclosures,
thefts, and loss. Finally, the paper discusses effective security management approaches
and strategies to address the issues and to mitigate risks.
The attached Zip file includes:
- Intro Page.doc
- Cover Sheet and Terms.pdf
- Protecting Aggregated Data.pdf
