SlideShare a Scribd company logo

295256_Security_Problem_Whitepaper.Web

D
Deron Grzetich, CISSP, CISM, GCIH

This document discusses strategies for managing the growing volume of security data. It identifies four key problems caused by the abundance of security data: collecting the right data, storing data accessibly, dealing with different data formats, and controlling data access. The document recommends creating a Security Data Acquisition Strategy to determine high-value data to collect and centralize. It also suggests using log management technology to make security data accessible across programs in different formats while limiting access to centralized data.

1 of 12
Download to read offline
Information security’s data overload problem Strategies for managing the “security data” explosion kpmg.com
© 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Printed in the U.S.A.The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International. NDPPS 295256
Contents There is no doubt about it: Data is making a big impact on information security................................................ 2 Why mastering security data management matters................... 3 The problem of security data collection........................................ 4 The problem of security data storage............................................ 5 The problem of security data formats........................................... 6 The problem of security data access............................................. 7 Four key steps to realizing value from security data volume.......................................................................... 8 © 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Printed in the U.S.A.The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International. NDPPS 295256 Information security’s data overload problem 1
There is no doubt about it: Data is making a big impact on information security. Recent advances in big data technologies and the low cost of cloud storage make it possible for organizations to collect, process, store, and analyze massive amounts of so-called “security data”—from firewall logs, to server logs, to intrusion detection and protection system alerts, to computer and mobile device forensics, to traffic information, to identity information, and even to e-mails and transactions. A critical part of securing the information technology infrastructure is analyzing this network, user, and server data to enhance how the organization prevents, detects, and responds to data breaches, hacking attacks, viruses, and insider threats. But all of this data can also be a big problem for information security efforts. Four particular issues are especially troubling: The problem of security data collection: Not all security data may be useful to collect. The problem of security data storage: Data must be stored in a way that makes it actionable for information protection, risk management, and other security functions. The problem of security data formats: Data stored in different formats may not be accessible to all relevant security programs. The problem of security data access: Organizations must maintain control over access to security data. Organizations require a well-thought-out, enterprise-wide security data strategy to address these critical questions. Drawing on our experience guiding some of the world’s leading organizations to enhance their IT security operations, in the following pages we will explore some of the key technical issues related to today’s abundance of security data, and offer recommendations for organizations to turn security data management from a big challenge to a big opportunity. © 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Printed in the U.S.A.The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International. NDPPS 295256 Information security’s data overload problem2
• Increase effectiveness in preventing and detecting security issues • Create more meaningful metrics and improve reporting accuracy and granularity • Align security defensive mechanisms and overall architecture with the current security threat environment • Improve fraud detection and management and advance fraud analysis Why mastering security data management matters About the authors Deron Grzetich is a director in KPMG LLP’s IT Advisory practice and the firm’s national practice leader for incident response and security monitoring. He has more than 14 years of experience advising organizations on information security, security management, and regulatory compliance. Prior to KPMG, he led the incident response team and security monitoring function of a global law firm. Deron has taught and presented at universities and conferences on network security and privacy. Tony Buffomante is a principal in KPMG’s Information Protection and Business Resilience (IPBR) practice in the Chicago office. Over the past 20 years, he has managed and executed InformationTechnology security strategies, assessments and implementations for some of the largest global organizations.Tony is the firm’s US leader for Cyber Security Strategy and Governance Services, and is a recognized industry leader in Information Protection, speaking at industry conferences and instructing training seminars. © 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Printed in the U.S.A.The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International. NDPPS 295256 Information security’s data overload problem 3
KPMG recommendations The problem ofsecurity data collection Cyber Threat Intelligence Alert Handling/IR IT Operations and Service Management Compliance/ GRC Fig 1.The overlap of multiprogram security data requirements Too much or too little security data are equally detrimental issues for IT organizations—and they are both major concerns in the big data era. Too much data can result in an overload, leaving many security programs with the task of filtering and analyzing the data that actually matters to them, and transforming it into useable and actionable information. Organizing the “right” data in this way, and producing periodic reports, can be very helpful for certain activities, such as compliance and reporting processes. However, it can seriously hinder other activities that require instant access to on-demand data from across the ecosystem of security programs, such as security alert investigation or incident response. In addition, organizations now store so much data that many real-time search tools cannot handle the capacity with efficiency. In other organizations, the reverse scenario exists—a virtual security data desert. In these organizations, data is collected in an ad hoc manner. Pockets of individual systems hold the data locally.When data sources are isolated, it likewise thwarts an organization from its ultimate goal of collecting the “right” security data to support enterprise-wide use. To determine what data is strategic to collect, organizations should define a Security Data Acquisition Strategy (S-DAS). The S-DAS should take into account the data requirements of all programs that use the security data, or may use it in the future. By examining the overlap between the requirements, organizations can pinpoint the most high-value data—data that should be centrally accessible. For example, by comparing the security data needs of compliance, governance, risk management, and compliance programs; cyber threat intelligence programs; IT operations and service management programs; and alert handling and incident response programs, an organization will understand which security data impacts all of these programs.While other high- value data for each individual program may not overlap with all programs, this perspective gives organizations a strong indication of priority data to be acquired and centralized. And while it is important to keep in mind that organizations should identify and centralize high-value data sources, today’s log management technology makes it possible for organizations to store and manage all required security data. © 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Printed in the U.S.A.The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International. NDPPS 295256 Information security’s data overload problem4
The problem ofsecurity data storage The next issue to be addressed is how to store the data. In some cases, organizations may store the same security data in multiple, disjointed systems. In others, data that would be of value to other programs resides in another disparate single data source. These methods of storage lead to dual problems: data duplication, or storing multiple copies of the same data; and data dispersion, unconnected abstract data from various source systems. In addition, regardless of the chosen data storage solution, one technical hurdle that stands in the way is a program’s ability to build “data connectors” to obtain the required data for analysis.The concept of the data connector allows a program to extract the specific data sets for analysis, reporting, or presentation. For example, cyber threat intelligence activities may require discrete data sets that may or may not be centralized, in addition to centralized security data. KPMG recommendations First, organizations should assess how and at what frequency various programs need to access the security data in order to determine where and how to store it. For example, if certain security data needs to be accessed on a continuous basis for analysis or real-time alerting, then a centralized approach makes the most sense for that data. However, for data that is periodically accessed for reporting or compliance on weekly, monthly, or quarterly bases, it may make sense to consider leaving the data on the isolated source systems. In some cases, even data that may be required only periodically will be part of the centralized security data system due to its use by other programs that require real-time information feeds. It is important to note that not“all” security data needs to be centralized, as it is likely that as various programs accessing this data grow in maturity, noncentralized data may need to be accessed. Second, organizations should build data connectors to optimize analysis and decision making.The more centralized the data, the less time and developmental effort will be spent on building and maintaining connectors. Otherwise, data connectors are needed to ingest whatever data is required for different activities from wherever it is located—i.e., a disjointed source or a central location. © 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Printed in the U.S.A.The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International. NDPPS 295256 Information security’s data overload problem 5
The problem ofsecurity data formats Organizations traditionally collect and store security data with specific programs for specific purposes—in the format that works for that particular program. For example, the data stored in vulnerability scanners, which is used for reporting on patch and configuration compliance, may be in a different format from the data stored in security information and event management (SIEM) technology, which is used for security alert generation and response activities.The programs operate in silos, ingesting, parsing, normalizing, and indexing log data in its preferred format before storing it in a database or data structure in the same format where it can be processed by the same program at a later date. While this approach may serve certain security needs very well—and while isolated security programs are certainly an important part of the security equation—organizations often find the need to transfer critical security data seamlessly between adjacent programs, which may require other data formats. Therefore, organizations need to collect and store security data in a format that is both accessible and useable to multiple programs. KPMG recommendations A solution to the silo approach includes installing a central log management infrastructure that has the ability to feed other tools, programs, or solutions in a filtered or selective manner.With log management technology, organizations can collect and store all security data across the network.These technologies have the ability to scale horizontally to fit the needs of the program. It is also possible to dual-feed systems and applications that sit behind this infrastructure and filter the output for various data uses. For example, this architecture allows storage to scale up retention in log management and scale down storage or capacity of SIEM, which effectively reduces data duplication levels. It also allows near real-time alerting through the SIEM, and historical search and analysis through the log management platform. © 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Printed in the U.S.A.The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International. NDPPS 295256 Information security’s data overload problem6
This discussion of data consolidation and centralization raises the issue of data access. Who should have access to what types of data? How do we control data access? From the internal perspective, organizations should be concerned with conflict of interest issues and with maintaining control over reporting elements. From an external perspective, businesses should be concerned with preventing hackers from gaining access to security data—a virtual treasure trove of information—and using it to their advantage.* KPMG recommendations The centralized data repository should be read-only and any modification or enrichment of the data should occur in the systems or applications that use this data. If any data enrichment does occur in the centralized location—which may be useful for various purposes—the strategy needs to be carefully vetted prior to implementation to ensure that any change in the data or storage schema will not affect other programs or uses. Other ways of controlling access may be to deputize a security data access team that accepts service requests from consumers to integrate with tools and applications, or limits access to data sets based on data type or source only. The problem ofsecurity data access * Navigating Big Data’s Privacy and Security Challenges, KPMG LLP, 2014 © 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Printed in the U.S.A.The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International. NDPPS 295256 Information security’s data overload problem 7
4Key Steps to Realizing Value from Security Data Volume Closely examine security data requirements, including intended use, format, frequency of access, etc. to determine proper storage requirements and format. Build data connectors between programs to enable of analysis of data from disparate sources. Create a Security Data Acquisition Strategy (S-DAS), which takes into account data uses for traditional information security as well as other business functions, such as cyber threat intelligence and compliance, and IT operations and service management. Use log management technology to make security data in different formats accessible across programs. Limit access to data, especially high value centralized data, and prevent data enrichment in centralized data sources. © 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Printed in the U.S.A.The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International. NDPPS 295256 Information security’s data overload problem8
© 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Printed in the U.S.A.The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International. NDPPS 295256 Information security’s data overload problem 9
To learn more about how KPMG can help you enhance information protection and business resilience, please contact: Greg Bell National Practice Leader Information Protection and Business Resilience KPMG LLP T: 404-222-7197 E: rgregbell@kpmg.com Tony Buffomante Principal,Advisory Information Protection and Business Resilience KPMG LLP T: 312-665-1748 E: abuffomante@kpmg.com Deron Grzetich Director,Advisory Information Protection and Business Resilience KPMG LLP T: 312-665-1113 E: dgrzetich@kpmg.com kpmg.com The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the particular situation. © 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Printed in the U.S.A.The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International. NDPPS 295256 About KPMG’s Information Protection and Business Resilience practice KPMG’s Information Protection and Business Resilience services help clients effectively manage and control corporate information assets across a broad spectrum of evolving threats and scenarios.We help companies identify their most high value data and information, maximize the value that can be obtained from their data, and protect key business processes, information assets, and the company’s brand and reputation.

Recommended

Opteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix LLC
 
Cyber Resilience - Welcoming New Normal - Eryk
Cyber Resilience - Welcoming New Normal - ErykCyber Resilience - Welcoming New Normal - Eryk
Cyber Resilience - Welcoming New Normal - ErykEryk Budi Pratama
 
The Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarThe Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarEryk Budi Pratama
 
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDEryk Budi Pratama
 
clearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochureclearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochureLee Dalton
 
Data privacy and security in uae
Data privacy and security in uaeData privacy and security in uae
Data privacy and security in uaeRishalHalid1
 
Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsKen M. Shaurette
 
Protecting the Core of Your Network
Protecting the Core of Your Network Protecting the Core of Your Network
Protecting the Core of Your Network Mighty Guides, Inc.
 

Recommended

Opteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix LLC
 
Cyber Resilience - Welcoming New Normal - Eryk
Cyber Resilience - Welcoming New Normal - ErykCyber Resilience - Welcoming New Normal - Eryk
Cyber Resilience - Welcoming New Normal - ErykEryk Budi Pratama
 
The Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarThe Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarEryk Budi Pratama
 
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDEryk Budi Pratama
 
clearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochureclearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochureLee Dalton
 
Data privacy and security in uae
Data privacy and security in uaeData privacy and security in uae
Data privacy and security in uaeRishalHalid1
 
Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsKen M. Shaurette
 
Protecting the Core of Your Network
Protecting the Core of Your Network Protecting the Core of Your Network
Protecting the Core of Your Network Mighty Guides, Inc.
 
Guardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & AnalyticsGuardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & AnalyticsEryk Budi Pratama
 
Data_Protection_WP - Jon Toigo
Data_Protection_WP - Jon ToigoData_Protection_WP - Jon Toigo
Data_Protection_WP - Jon ToigoEd Ahl
 
Challenges & Opportunities the Data Privacy Act Brings
Challenges & Opportunities the Data Privacy Act BringsChallenges & Opportunities the Data Privacy Act Brings
Challenges & Opportunities the Data Privacy Act BringsRobert 'Bob' Reyes
 
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEnabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEryk Budi Pratama
 
Where in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incWhere in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incDruva
 
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...Tenable: Economic, Operational and Strategic Benefits of Security Framework A...
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...Mighty Guides, Inc.
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykEryk Budi Pratama
 
IT Security and Compliance Program Plan for Maxistar Medical Supplies Company
IT Security and Compliance Program Plan for Maxistar Medical Supplies CompanyIT Security and Compliance Program Plan for Maxistar Medical Supplies Company
IT Security and Compliance Program Plan for Maxistar Medical Supplies CompanyJames Konderla
 
The Security and Compliance Plan for Maxistar Medical Supplies Company
The Security and Compliance Plan for Maxistar Medical Supplies Company The Security and Compliance Plan for Maxistar Medical Supplies Company
The Security and Compliance Plan for Maxistar Medical Supplies Company Abdulrahman Alamri
 
Introduction to Information Governance and eDiscovery in the Cloud
Introduction to Information Governance and eDiscovery in the CloudIntroduction to Information Governance and eDiscovery in the Cloud
Introduction to Information Governance and eDiscovery in the CloudeDiscoveryConsultant
 
Wp security-data-safe
Wp security-data-safeWp security-data-safe
Wp security-data-safeALI ANWAR, OCP®
 
Fundamentals of Information Systems Security Chapter 12
Fundamentals of Information Systems Security Chapter 12Fundamentals of Information Systems Security Chapter 12
Fundamentals of Information Systems Security Chapter 12Dr. Ahmed Al Zaidy
 
Extending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsExtending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsLindaWatson19
 
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...Ulf Mattsson
 
Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants- Mark - Fullbright
 
Threat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the OutsideThreat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the OutsideDLT Solutions
 
Urgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data PribadiUrgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data PribadiEryk Budi Pratama
 
Michael Josephs
Michael JosephsMichael Josephs
Michael JosephsdaveGBE
 
Information Governance
Information GovernanceInformation Governance
Information GovernanceAtle Skjekkeland
 
Planning Information Governance and Litigation Readiness
Planning Information Governance and Litigation ReadinessPlanning Information Governance and Litigation Readiness
Planning Information Governance and Litigation ReadinessRich Medina
 
Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)Iftikhar Ali Iqbal
 
Bridging the Data Security Gap
Bridging the Data Security GapBridging the Data Security Gap
Bridging the Data Security Gapxband
 

More Related Content

What's hot

Guardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & AnalyticsGuardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & AnalyticsEryk Budi Pratama
 
Data_Protection_WP - Jon Toigo
Data_Protection_WP - Jon ToigoData_Protection_WP - Jon Toigo
Data_Protection_WP - Jon ToigoEd Ahl
 
Challenges & Opportunities the Data Privacy Act Brings
Challenges & Opportunities the Data Privacy Act BringsChallenges & Opportunities the Data Privacy Act Brings
Challenges & Opportunities the Data Privacy Act BringsRobert 'Bob' Reyes
 
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEnabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEryk Budi Pratama
 
Where in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incWhere in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incDruva
 
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...Tenable: Economic, Operational and Strategic Benefits of Security Framework A...
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...Mighty Guides, Inc.
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykEryk Budi Pratama
 
IT Security and Compliance Program Plan for Maxistar Medical Supplies Company
IT Security and Compliance Program Plan for Maxistar Medical Supplies CompanyIT Security and Compliance Program Plan for Maxistar Medical Supplies Company
IT Security and Compliance Program Plan for Maxistar Medical Supplies CompanyJames Konderla
 
The Security and Compliance Plan for Maxistar Medical Supplies Company
The Security and Compliance Plan for Maxistar Medical Supplies Company The Security and Compliance Plan for Maxistar Medical Supplies Company
The Security and Compliance Plan for Maxistar Medical Supplies Company Abdulrahman Alamri
 
Introduction to Information Governance and eDiscovery in the Cloud
Introduction to Information Governance and eDiscovery in the CloudIntroduction to Information Governance and eDiscovery in the Cloud
Introduction to Information Governance and eDiscovery in the CloudeDiscoveryConsultant
 
Fundamentals of Information Systems Security Chapter 12
Fundamentals of Information Systems Security Chapter 12Fundamentals of Information Systems Security Chapter 12
Fundamentals of Information Systems Security Chapter 12Dr. Ahmed Al Zaidy
 
Extending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsExtending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsLindaWatson19
 
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...Ulf Mattsson
 
Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants- Mark - Fullbright
 
Threat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the OutsideThreat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the OutsideDLT Solutions
 
Urgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data PribadiUrgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data PribadiEryk Budi Pratama
 
Michael Josephs
Michael JosephsMichael Josephs
Michael JosephsdaveGBE
 
Planning Information Governance and Litigation Readiness
Planning Information Governance and Litigation ReadinessPlanning Information Governance and Litigation Readiness
Planning Information Governance and Litigation ReadinessRich Medina
 

What's hot (20)

Guardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & AnalyticsGuardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & Analytics
 
Data_Protection_WP - Jon Toigo
Data_Protection_WP - Jon ToigoData_Protection_WP - Jon Toigo
Data_Protection_WP - Jon Toigo
 
Challenges & Opportunities the Data Privacy Act Brings
Challenges & Opportunities the Data Privacy Act BringsChallenges & Opportunities the Data Privacy Act Brings
Challenges & Opportunities the Data Privacy Act Brings
 
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEnabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
 
Where in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incWhere in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva inc
 
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...Tenable: Economic, Operational and Strategic Benefits of Security Framework A...
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
 
IT Security and Compliance Program Plan for Maxistar Medical Supplies Company
IT Security and Compliance Program Plan for Maxistar Medical Supplies CompanyIT Security and Compliance Program Plan for Maxistar Medical Supplies Company
IT Security and Compliance Program Plan for Maxistar Medical Supplies Company
 
The Security and Compliance Plan for Maxistar Medical Supplies Company
The Security and Compliance Plan for Maxistar Medical Supplies Company The Security and Compliance Plan for Maxistar Medical Supplies Company
The Security and Compliance Plan for Maxistar Medical Supplies Company
 
Introduction to Information Governance and eDiscovery in the Cloud
Introduction to Information Governance and eDiscovery in the CloudIntroduction to Information Governance and eDiscovery in the Cloud
Introduction to Information Governance and eDiscovery in the Cloud
 
Wp security-data-safe
Wp security-data-safeWp security-data-safe
Wp security-data-safe
 
Fundamentals of Information Systems Security Chapter 12
Fundamentals of Information Systems Security Chapter 12Fundamentals of Information Systems Security Chapter 12
Fundamentals of Information Systems Security Chapter 12
 
Extending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsExtending Information Security to Non-Production Environments
Extending Information Security to Non-Production Environments
 
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
 
Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants
 
Threat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the OutsideThreat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the Outside
 
Urgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data PribadiUrgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data Pribadi
 
Michael Josephs
Michael JosephsMichael Josephs
Michael Josephs
 
Information Governance
Information GovernanceInformation Governance
Information Governance
 
Planning Information Governance and Litigation Readiness
Planning Information Governance and Litigation ReadinessPlanning Information Governance and Litigation Readiness
Planning Information Governance and Litigation Readiness
 

Similar to 295256_Security_Problem_Whitepaper.Web

Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)Iftikhar Ali Iqbal
 
Bridging the Data Security Gap
Bridging the Data Security GapBridging the Data Security Gap
Bridging the Data Security Gapxband
 
Ciso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityCiso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityPriyanka Aash
 
27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docx27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docxlorainedeserre
 
27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docx27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docxjesusamckone
 
BSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessBSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessJoel Cardella
 
Data protection services lifecycle approach to critical information protection
Data protection services lifecycle approach to critical information protectionData protection services lifecycle approach to critical information protection
Data protection services lifecycle approach to critical information protectionAujas Networks Pvt. Ltd.
 
Microsoft DATA Protection To Put secure.
Microsoft DATA Protection To Put secure.Microsoft DATA Protection To Put secure.
Microsoft DATA Protection To Put secure.jayceewong1
 
Data_Security_Guide_Everything_You_Need_to_Know.pdf
Data_Security_Guide_Everything_You_Need_to_Know.pdfData_Security_Guide_Everything_You_Need_to_Know.pdf
Data_Security_Guide_Everything_You_Need_to_Know.pdfMehdi Ahmadi
 
State of Security McAfee Study
State of Security McAfee StudyState of Security McAfee Study
State of Security McAfee StudyHiten Sethi
 
The Three Pitfalls of Data Security
The Three Pitfalls of Data SecurityThe Three Pitfalls of Data Security
The Three Pitfalls of Data SecurityMarkLogic
 
FS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data Assets
FS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data AssetsFS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data Assets
FS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data AssetsPuneet Kukreja
 
Expanded top ten_big_data_security_and_privacy_challenges
Expanded top ten_big_data_security_and_privacy_challengesExpanded top ten_big_data_security_and_privacy_challenges
Expanded top ten_big_data_security_and_privacy_challengesTom Kirby
 
Top ten big data security and privacy challenges
Top ten big data security and privacy challengesTop ten big data security and privacy challenges
Top ten big data security and privacy challengesBee_Ware
 
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFGT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFLaurie Mosca-Cocca
 
Veritas corporate brochure emea
Veritas corporate brochure emeaVeritas corporate brochure emea
Veritas corporate brochure emeaHayatollah Ayoubi
 

Similar to 295256_Security_Problem_Whitepaper.Web (20)

Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)
 
Bridging the Data Security Gap
Bridging the Data Security GapBridging the Data Security Gap
Bridging the Data Security Gap
 
Ciso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityCiso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data security
 
Encrypt-Everything-eB.pdf
Encrypt-Everything-eB.pdfEncrypt-Everything-eB.pdf
Encrypt-Everything-eB.pdf
 
27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docx27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docx
 
27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docx27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docx
 
BSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessBSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing business
 
A data-centric program
A data-centric program A data-centric program
A data-centric program
 
Data protection services lifecycle approach to critical information protection
Data protection services lifecycle approach to critical information protectionData protection services lifecycle approach to critical information protection
Data protection services lifecycle approach to critical information protection
 
Microsoft DATA Protection To Put secure.
Microsoft DATA Protection To Put secure.Microsoft DATA Protection To Put secure.
Microsoft DATA Protection To Put secure.
 
Data_Security_Guide_Everything_You_Need_to_Know.pdf
Data_Security_Guide_Everything_You_Need_to_Know.pdfData_Security_Guide_Everything_You_Need_to_Know.pdf
Data_Security_Guide_Everything_You_Need_to_Know.pdf
 
State of Security McAfee Study
State of Security McAfee StudyState of Security McAfee Study
State of Security McAfee Study
 
The Three Pitfalls of Data Security
The Three Pitfalls of Data SecurityThe Three Pitfalls of Data Security
The Three Pitfalls of Data Security
 
FS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data Assets
FS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data AssetsFS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data Assets
FS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data Assets
 
Expanded top ten_big_data_security_and_privacy_challenges
Expanded top ten_big_data_security_and_privacy_challengesExpanded top ten_big_data_security_and_privacy_challenges
Expanded top ten_big_data_security_and_privacy_challenges
 
Top ten big data security and privacy challenges
Top ten big data security and privacy challengesTop ten big data security and privacy challenges
Top ten big data security and privacy challenges
 
Internal Audit
Internal AuditInternal Audit
Internal Audit
 
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFGT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
 
Veritas corporate brochure emea
Veritas corporate brochure emeaVeritas corporate brochure emea
Veritas corporate brochure emea
 
Unit 5 v2
Unit 5 v2Unit 5 v2
Unit 5 v2
 

295256_Security_Problem_Whitepaper.Web

  • 1. Information security’s data overload problem Strategies for managing the “security data” explosion kpmg.com
  • 2. © 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Printed in the U.S.A.The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International. NDPPS 295256
  • 3. Contents There is no doubt about it: Data is making a big impact on information security................................................ 2 Why mastering security data management matters................... 3 The problem of security data collection........................................ 4 The problem of security data storage............................................ 5 The problem of security data formats........................................... 6 The problem of security data access............................................. 7 Four key steps to realizing value from security data volume.......................................................................... 8 © 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Printed in the U.S.A.The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International. NDPPS 295256 Information security’s data overload problem 1
  • 4. There is no doubt about it: Data is making a big impact on information security. Recent advances in big data technologies and the low cost of cloud storage make it possible for organizations to collect, process, store, and analyze massive amounts of so-called “security data”—from firewall logs, to server logs, to intrusion detection and protection system alerts, to computer and mobile device forensics, to traffic information, to identity information, and even to e-mails and transactions. A critical part of securing the information technology infrastructure is analyzing this network, user, and server data to enhance how the organization prevents, detects, and responds to data breaches, hacking attacks, viruses, and insider threats. But all of this data can also be a big problem for information security efforts. Four particular issues are especially troubling: The problem of security data collection: Not all security data may be useful to collect. The problem of security data storage: Data must be stored in a way that makes it actionable for information protection, risk management, and other security functions. The problem of security data formats: Data stored in different formats may not be accessible to all relevant security programs. The problem of security data access: Organizations must maintain control over access to security data. Organizations require a well-thought-out, enterprise-wide security data strategy to address these critical questions. Drawing on our experience guiding some of the world’s leading organizations to enhance their IT security operations, in the following pages we will explore some of the key technical issues related to today’s abundance of security data, and offer recommendations for organizations to turn security data management from a big challenge to a big opportunity. © 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Printed in the U.S.A.The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International. NDPPS 295256 Information security’s data overload problem2
  • 5. • Increase effectiveness in preventing and detecting security issues • Create more meaningful metrics and improve reporting accuracy and granularity • Align security defensive mechanisms and overall architecture with the current security threat environment • Improve fraud detection and management and advance fraud analysis Why mastering security data management matters About the authors Deron Grzetich is a director in KPMG LLP’s IT Advisory practice and the firm’s national practice leader for incident response and security monitoring. He has more than 14 years of experience advising organizations on information security, security management, and regulatory compliance. Prior to KPMG, he led the incident response team and security monitoring function of a global law firm. Deron has taught and presented at universities and conferences on network security and privacy. Tony Buffomante is a principal in KPMG’s Information Protection and Business Resilience (IPBR) practice in the Chicago office. Over the past 20 years, he has managed and executed InformationTechnology security strategies, assessments and implementations for some of the largest global organizations.Tony is the firm’s US leader for Cyber Security Strategy and Governance Services, and is a recognized industry leader in Information Protection, speaking at industry conferences and instructing training seminars. © 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Printed in the U.S.A.The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International. NDPPS 295256 Information security’s data overload problem 3
  • 6. KPMG recommendations The problem ofsecurity data collection Cyber Threat Intelligence Alert Handling/IR IT Operations and Service Management Compliance/ GRC Fig 1.The overlap of multiprogram security data requirements Too much or too little security data are equally detrimental issues for IT organizations—and they are both major concerns in the big data era. Too much data can result in an overload, leaving many security programs with the task of filtering and analyzing the data that actually matters to them, and transforming it into useable and actionable information. Organizing the “right” data in this way, and producing periodic reports, can be very helpful for certain activities, such as compliance and reporting processes. However, it can seriously hinder other activities that require instant access to on-demand data from across the ecosystem of security programs, such as security alert investigation or incident response. In addition, organizations now store so much data that many real-time search tools cannot handle the capacity with efficiency. In other organizations, the reverse scenario exists—a virtual security data desert. In these organizations, data is collected in an ad hoc manner. Pockets of individual systems hold the data locally.When data sources are isolated, it likewise thwarts an organization from its ultimate goal of collecting the “right” security data to support enterprise-wide use. To determine what data is strategic to collect, organizations should define a Security Data Acquisition Strategy (S-DAS). The S-DAS should take into account the data requirements of all programs that use the security data, or may use it in the future. By examining the overlap between the requirements, organizations can pinpoint the most high-value data—data that should be centrally accessible. For example, by comparing the security data needs of compliance, governance, risk management, and compliance programs; cyber threat intelligence programs; IT operations and service management programs; and alert handling and incident response programs, an organization will understand which security data impacts all of these programs.While other high- value data for each individual program may not overlap with all programs, this perspective gives organizations a strong indication of priority data to be acquired and centralized. And while it is important to keep in mind that organizations should identify and centralize high-value data sources, today’s log management technology makes it possible for organizations to store and manage all required security data. © 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Printed in the U.S.A.The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International. NDPPS 295256 Information security’s data overload problem4
  • 7. The problem ofsecurity data storage The next issue to be addressed is how to store the data. In some cases, organizations may store the same security data in multiple, disjointed systems. In others, data that would be of value to other programs resides in another disparate single data source. These methods of storage lead to dual problems: data duplication, or storing multiple copies of the same data; and data dispersion, unconnected abstract data from various source systems. In addition, regardless of the chosen data storage solution, one technical hurdle that stands in the way is a program’s ability to build “data connectors” to obtain the required data for analysis.The concept of the data connector allows a program to extract the specific data sets for analysis, reporting, or presentation. For example, cyber threat intelligence activities may require discrete data sets that may or may not be centralized, in addition to centralized security data. KPMG recommendations First, organizations should assess how and at what frequency various programs need to access the security data in order to determine where and how to store it. For example, if certain security data needs to be accessed on a continuous basis for analysis or real-time alerting, then a centralized approach makes the most sense for that data. However, for data that is periodically accessed for reporting or compliance on weekly, monthly, or quarterly bases, it may make sense to consider leaving the data on the isolated source systems. In some cases, even data that may be required only periodically will be part of the centralized security data system due to its use by other programs that require real-time information feeds. It is important to note that not“all” security data needs to be centralized, as it is likely that as various programs accessing this data grow in maturity, noncentralized data may need to be accessed. Second, organizations should build data connectors to optimize analysis and decision making.The more centralized the data, the less time and developmental effort will be spent on building and maintaining connectors. Otherwise, data connectors are needed to ingest whatever data is required for different activities from wherever it is located—i.e., a disjointed source or a central location. © 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Printed in the U.S.A.The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International. NDPPS 295256 Information security’s data overload problem 5
  • 8. The problem ofsecurity data formats Organizations traditionally collect and store security data with specific programs for specific purposes—in the format that works for that particular program. For example, the data stored in vulnerability scanners, which is used for reporting on patch and configuration compliance, may be in a different format from the data stored in security information and event management (SIEM) technology, which is used for security alert generation and response activities.The programs operate in silos, ingesting, parsing, normalizing, and indexing log data in its preferred format before storing it in a database or data structure in the same format where it can be processed by the same program at a later date. While this approach may serve certain security needs very well—and while isolated security programs are certainly an important part of the security equation—organizations often find the need to transfer critical security data seamlessly between adjacent programs, which may require other data formats. Therefore, organizations need to collect and store security data in a format that is both accessible and useable to multiple programs. KPMG recommendations A solution to the silo approach includes installing a central log management infrastructure that has the ability to feed other tools, programs, or solutions in a filtered or selective manner.With log management technology, organizations can collect and store all security data across the network.These technologies have the ability to scale horizontally to fit the needs of the program. It is also possible to dual-feed systems and applications that sit behind this infrastructure and filter the output for various data uses. For example, this architecture allows storage to scale up retention in log management and scale down storage or capacity of SIEM, which effectively reduces data duplication levels. It also allows near real-time alerting through the SIEM, and historical search and analysis through the log management platform. © 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Printed in the U.S.A.The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International. NDPPS 295256 Information security’s data overload problem6
  • 9. This discussion of data consolidation and centralization raises the issue of data access. Who should have access to what types of data? How do we control data access? From the internal perspective, organizations should be concerned with conflict of interest issues and with maintaining control over reporting elements. From an external perspective, businesses should be concerned with preventing hackers from gaining access to security data—a virtual treasure trove of information—and using it to their advantage.* KPMG recommendations The centralized data repository should be read-only and any modification or enrichment of the data should occur in the systems or applications that use this data. If any data enrichment does occur in the centralized location—which may be useful for various purposes—the strategy needs to be carefully vetted prior to implementation to ensure that any change in the data or storage schema will not affect other programs or uses. Other ways of controlling access may be to deputize a security data access team that accepts service requests from consumers to integrate with tools and applications, or limits access to data sets based on data type or source only. The problem ofsecurity data access * Navigating Big Data’s Privacy and Security Challenges, KPMG LLP, 2014 © 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Printed in the U.S.A.The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International. NDPPS 295256 Information security’s data overload problem 7
  • 10. 4Key Steps to Realizing Value from Security Data Volume Closely examine security data requirements, including intended use, format, frequency of access, etc. to determine proper storage requirements and format. Build data connectors between programs to enable of analysis of data from disparate sources. Create a Security Data Acquisition Strategy (S-DAS), which takes into account data uses for traditional information security as well as other business functions, such as cyber threat intelligence and compliance, and IT operations and service management. Use log management technology to make security data in different formats accessible across programs. Limit access to data, especially high value centralized data, and prevent data enrichment in centralized data sources. © 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Printed in the U.S.A.The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International. NDPPS 295256 Information security’s data overload problem8
  • 11. © 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Printed in the U.S.A.The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International. NDPPS 295256 Information security’s data overload problem 9
  • 12. To learn more about how KPMG can help you enhance information protection and business resilience, please contact: Greg Bell National Practice Leader Information Protection and Business Resilience KPMG LLP T: 404-222-7197 E: rgregbell@kpmg.com Tony Buffomante Principal,Advisory Information Protection and Business Resilience KPMG LLP T: 312-665-1748 E: abuffomante@kpmg.com Deron Grzetich Director,Advisory Information Protection and Business Resilience KPMG LLP T: 312-665-1113 E: dgrzetich@kpmg.com kpmg.com The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the particular situation. © 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Printed in the U.S.A.The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International. NDPPS 295256 About KPMG’s Information Protection and Business Resilience practice KPMG’s Information Protection and Business Resilience services help clients effectively manage and control corporate information assets across a broad spectrum of evolving threats and scenarios.We help companies identify their most high value data and information, maximize the value that can be obtained from their data, and protect key business processes, information assets, and the company’s brand and reputation.