trademark
2c2kIhh
2c2kIhh
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
6.0 Scalable and Composable Privacy-Preserving Analytics (cont.)<br />
the plaintext. Users should utilize techniques such as unpadded RSA for implementing<br />
partially homomorphic cryptosystems.<br />
6.3 Maintain software infrastructure<br />
6.3.1 Why?<br />
To avoid exploitation of improperly maintained software, a major vulnerability.<br />
6.3.2 How?<br />
Maintain software infrastructure patched with up-to-date security solutions.<br />
6.4 Use separation of duty principle<br />
6.4.1 Why?<br />
To provide robust internal control as well as information security. The separation of duty<br />
principle—coupled with the enforcement of the principle of least privilege—provides<br />
both attributes.<br />
6.4.2 How?<br />
Implement security controls which enforce strict separation of duties so that each<br />
operator has access to a specific set of minimal data and is only able to perform a<br />
specified set of actions on that data. Institute auditing of user actions on the system. To<br />
enforce reliable separation, access to shared resources should be carefully monitored<br />
or controlled to detect and/or block covert channels.<br />
6.5 Be aware of re-identification techniques<br />
6.5.1 Why?<br />
To protect the privacy interests of consumers. Re-identification is the process<br />
by which anonymized personal data is matched with its true owner. Personal<br />
identifiers—such as names and social security numbers—are often removed<br />
from databases containing sensitive information. However, re-identification<br />
compromises consumer privacy.<br />
CLOUD SECURITY ALLIANCE Big Data Working Group Guidance<br />
© Copyright 2016, Cloud Security Alliance. All rights reserved.<br />
33