865 KB | 3 files | DOC, PDF
Large databases bring large risks. U.S. CERT examines the issues and strategies inherent in managing such data.
In their ongoing quest for improved operational efficiency, organizations have come to rely on the ability to collect, access, and process large volumes of electronic data (aggregated data). This reliance has evolved with the development of sophisticated database software and the growing availability of hardware with storage capacity measured in terabytes. By possessing such large volumes of data, however, organizations assume certain risks and responsibilities.
The purpose of this paper is to discuss the security issues, business impacts, and potential strategies of U.S. industry, government, and academic organizations that create and maintain large aggregations of data, such as digital repositories, databases, data warehouses, and aggregated information systems. The paper first examines characteristics of data and information with respect to how they create security management challenges when information is compiled and aggregated. The paper highlights consequences, negative impacts and ramifications to organizations, partners, and users due to data compromise including manipulations, disruptions, disclosures, thefts, and loss. Finally, the paper discusses effective security management approaches and strategies to address the issues and to mitigate risks.
The attached Zip file includes:
This publication provides a set of procedures for conducting assessments of security controls and privacy controls employed within federal information systems and organizations. ... More >>
This three-volume report presents an analytical framework that organizations can use to develop effective cybersecurity strategies tailored to their particular combinations of smart grid-related characteristics, risks, and vulnerabilities. ... More >>
In this excerpt from chapter 20, the author briefly discusses the challenges and success factors that the organization must be aware of to maintain compliance and achieve optimum information security for the enterprise. ... More >>