InfoSec should Shield the Business from Big Data

That’s where the methods of OSINT enter the equation. OSINT is an acronym three-letter agencies introduced in the field of intelligence to label information they haven’t stolen, meaning Open-Source Intelligence. Traditional examples range from monitoring the cars in a parking lot to a thorough review of the trash container.

If Big Data is where you need to protect your information position, OSINT is the how to do it. It is best illustrated by how contemporary spies do their work: behind a huge computer. Search engines on the web are one such tool for mapping a target, which may reveal sensitive data such as passwords, open ports and e-mail ID’s, illustrated by a technique named Google Dorking.[5]

Other sources of input include local or national governments, where it is generally possible to- when appropriate- file a FOIA request (or its local equivalent), e.g. resulting in indications on city planning prospects that impact your disaster recovery planning.

Developing automated tools specifically purposed to mine, aggregate, and enrich useful information may seem like a quantum leap, however, workable models may be found in algorithmic trading used for today’s stock trading agents. [6] Similarly, businesses outside of the financial sector will intensify deployment of technology capable of translating complex landscapes into actionable outcomes.

On Top

Some, if not all, of these methods and tactics can and will be used for evil, therefore security practitioners better seize the initiative to apply them to good causes. Recognizing it isn’t total war out there, should scope a distinct vision of the arms race that is currently being lost every day. The basic commonsensical advice to target a level of security right above the one of your neighbors acknowledges that reality.

Collecting intelligence on the competition may raise some eyebrows at first, though once the business rationale settles that similarly drives establishing trust relationships for federations, or financial health checks surrounding corporate takeovers, a pool of data wealth is waiting to be interpreted.

The type of information position that shapes a competitive edge does not directly equate with more successful business integration. Given sufficient information, it is still courtesy of the Generalship to lead the mission to its optimal conclusions, and, quite plausibly, that’s where the process falters.

All the while, this is not an encouragement to abandon the basics of data security, as long as information systems operate, these need hardening. Alongside, building a roadmap that pitches the effort to get your house in order and the business assets in line with all the benefits it likely accrues, will in itself raise awareness and drive business needs.

Will this be the completion of the open-ended vision of the Jericho group? In its rigorous operationalization, it will yield the end of the primate of internal information. Even more so, it will elevate information security closer to the heart of the business, ultimately informing decision-making of its budget allocations, strategy and even operations.

Ahead lies rocky territory, and being a guide to the business avoids obstacles supremely better than getting dragged along by it.

 

Traxion is a unique and independent information security specialist in identity & access management based in Belgium and The Netherlands. With our strategic, tactical and operational consultancy and services, we work aligned with our clients towards robust and flexible security solutions. For further enquiries please visit http://www.Traxion.com. 

[1] http://www-01.ibm.com/support/knowledgecenter/ssw_ibm_i_71/rzaj4/rzaj4fwfirewallconcept.htm

[2] https://collaboration.opengroup.org/jericho/vision_wp.pdf

[3] http://www.zdnet.com/blog/threatchaos/de-perimeterization-is-dead/479

[4] http://www.forbes.com/sites/lisaarthur/2012/02/08/five-years-from-now-cmos-will-spend-more-on-it-than-cios-do/

[5] http://resources.infosecinstitute.com/google-hacking-for-fun-and-profit-i/

[6] http://www.investopedia.com/terms/a/algorithmictrading.asp