Nist special Publication XXX-XXX draft nist big Data Interoperability Framework: Volume 4, Security and Privacy



Yüklə 317,65 Kb.
səhifə15/19
tarix02.08.2018
ölçüsü317,65 Kb.
#66313
1   ...   11   12   13   14   15   16   17   18   19

7.5Genetic Privacy


Mapping is under development.

Table 6: Mapping Genetic Privacy to the Reference Architecture

NBDRA-SP Component

Security and Privacy Topic

Use Case Mapping

Data Provider → Application Provider

End-point input validation




Real-time security monitoring




Data discovery and classification




Secure data aggregation




Application Provider → Data Consumer

Privacy-preserving data analytics




Compliance with regulations




Government access to data and freedom of expression concerns




Data Provider ↔

Framework Provider
Data-centric security such as identity/policy-based encryption




Policy management for access control




Computing on the encrypted data: searching/ filtering/ deduplicate/ fully homomorphic encryption




Audits




Framework Provider

Securing data storage and transaction logs




Key management




Security best practices for non-relational data stores




Security against DoS attacks




Data provenance




Fabric

Analytics for security intelligence




Event detection




Forensics





7.6Pharma Clinical Trial Data Sharing


Under an industry trade group proposal, clinical trial data for new drugs will be shared outside intra-enterprise warehouses. Regulatory submissions commonly exceed “millions of pages.”

Table 7: Mapping Pharma Clinical Trial Data Sharing to the Reference Architecture



NBDRA Component and Interfaces

Security & Privacy Topic

Use Case Mapping

Data Provider → Application Provider

End-point input validation

Opaque—company-specific.

Real-time security monitoring

None.

Data discovery and classification

Opaque—company-specific.

Secure data aggregation

Third-party aggregator.

Application Provider → Data Consumer

Privacy-preserving data analytics

Data to be reported in aggregate but preserving potentially small-cell demographics.

Compliance with regulations

Responsible developer and third-party custodian.

Government access to data and freedom of expression concerns

Limited use in research community, but there are possible future public health data concerns. Clinical study reports only, but possibly selectively at the study- and patient-levels.

Data Provider ↔

Framework Provider
Data-centric security such as identity/policy-based encryption

TBD

Policy management for access control

Internal roles; third-party custodian roles; researcher roles; participating patients’ physicians.

Computing on the encrypted data: searching/filtering/deduplicate/fully homomorphic encryption

TBD

Audits

Release audit by a third party.

Framework Provider

Securing data storage and transaction logs

TBD

Key management

Internal varies by firm; external TBD.

Security best practices for non-relational data stores

TBD

Security against DoS attacks

Unlikely to become public.

Data provenance

TBD—critical issue.

Fabric

Analytics for security intelligence

TBD

Event detection

TBD

Forensics




Yüklə 317,65 Kb.

Dostları ilə paylaş:
1   ...   11   12   13   14   15   16   17   18   19



Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©muhaz.org 2024
rəhbərliyinə müraciət
gir | qeydiyyatdan keç
    Ana səhifə
Dərs
Dərslik
Guide
Kompozisiya
Mücərrəd
Mühazirə
Qaydalar
Referat
Report
Request
Review

yükləyin