1 / 6

Enhancing Big Data Security & Privacy Governance: A Lay Reader's Guide

This document serves as a lay reader's guide to navigating the complex world of big data security and privacy governance, focusing on key areas such as variety, regulation, compliance, and security tradeoffs. It introduces concepts like access to Personally Identifiable Information (PII), veracity, role-specific literacy, and domain-specific semantics. The goal is to better integrate lay and technical concerns, provide relevant S&P references, and improve the targeting of validation and verification dimensions. Additional specialized topics are to be moved to an appendix for a more streamlined reading experience.

ojal
Download Presentation

Enhancing Big Data Security & Privacy Governance: A Lay Reader's Guide

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Scope | Introduction Update from Big Data Security & Privacy Subgroup

  2. Introduction • Lay reader tone and content • No explicit introductory reference to “fabric” construct • Introduces: • Variety and Governance, Regulation & Compliance (GRC) • Security & GRC tradeoffs • Access to PII • S&P Beyond Velocity, Variety & Volume • Volatility (“temporality”) • Veracity (or “Validity”, Provenance) • Role-specific literacy • Domain-specific semantics • Other signposts for practitioners

  3. Hoped-for Improvements • Better integration of lay and technical concerns • Additional relevant S&P references • Better targeting of V&V&V+ dimensions to distinguish from other NIST and third party S&P documents • Milieu of specialized topics moved to an Appendix • Completed for Appendix 1 (Roles) • Pending for Appendix 2 (Specialized Topics, etc.)

  4. Remaining Tasks • Subdocument navigation aids • Direct users to sections that are most relevant to their needs, enabling specialists to skip sections they already understand, and directing lay readers to specific users they may not have considered. • Taxonomy / RA Integration • Appendix 2* • Light work of conceptual structure to match fabric language • Mirror outlines in RA and Taxonomy where it makes sense • Include additional role / role axes *Facilitated by technical writer assistance?

  5. Additional Role Content Pending Role Categories in Scope Section • Stakeholders and “Users” • Ratifiers • Attackers & Unwitting Collaborators • Governors

  6. Role Framework Axes* • IT Operators • Governance | Regulation | Compliance Officers • Business | Data Consumers Example: Auditors are both stakeholders and ratifiers. *Approach suggested by Roy D’Souza

More Related