Big Data Security: 5 Questions You Need to Ask


Big data offers a wealth of information, valuable insights and hidden treasures that can help businesses make better decisions and increase profits. However, this type of technology is wide open to significant security risks, ranging from disastrous data breaches to issues with compliance and incident management.

To help enterprises address the emerging risks associated with big data, ISACA, a global organization that provides guidance for enterprises that use information systems, issued Privacy and Big Data: An ISACA White Paper. The free report outlines critical governance and considerations to help chief information officers (CIOs) balance the benefits of big data with the risks it poses to companies.

[What is Big Data?]

"CIOs are often under pressure from the board and senior leadership to implement big data before proper risk management and controls are in place, in order to compete in the marketplace," Richard Chew, a member of the project development team of the ISACA paper and senior information security analyst at Emerald Management Group, said in a statement. "Big data provides an important opportunity to deliver value from information, but an enterprise will be more successful in the long run if policies and frameworks, such as Control Objectives for Information and Related Technology (COBIT), are put into place first."

To guide CIOs, ISACA identified 16 important questions enterprises must answer to assess their environments. In particular, these key five questions, if left unanswered, could expose their companies to greater risk and damage:

  • Can the company trust its sources of big data?
  • What information is the company collecting without exposing the enterprise to legal and regulatory battles?
  • How will the company protect its sources, processes and decisions from theft and corruption?
  • What policies are in place to ensure that employees keep stakeholder information confidential during and after employment?
  • What actions is the company taking that create trends that can be exploited by its rivals?

By answering these questions, enterprises can determine the necessary tools that will help prevent breaches and enforce security. For a robust data-privacy solution, ISACA recommends the COBIT 5 framework, which is available for free at

"To streamline the governance, risk management and effective delivery of big data implementation projects, many enterprises are implementing COBIT, a customizable framework developed by global subject-matter experts," said Yves LeRoux, chairman of ISACA's Data Privacy Task Force and technology strategist at CA Technologies, an IT management solutions firm.

Using COBIT, enterprises will be able to identify all sensitive data and ensure they are secured, as well as demonstrate compliance with applicable laws and regulations, proactively monitor their environment, and react and respond more quickly to any privacy breaches, LeRoux said.

ISACA is an independent, nonprofit, global association for professionals involved in information security, risk management and governance. The organization engages in the development, adoption and use of globally accepted practices for information systems, and helps businesses and IT leaders manage the risks associated with information and technology.

Originally published on BusinessNewsDaily.