SlideShare uma empresa Scribd logo
1 de 50
Baixar para ler offline
The Value of Big Data
Robin Basham,
Director Integrated Audit, Ellie Mae, Inc.
CISA, CGEIT, CRISC, M.Ed, M.IT, VRP, CRP, HISP
Prepared for ISACA SV and IMA Palo Alto
With reference to “Infonomics: The Practice of Information Economics” Doug Laney and
“Big data for the Masses The Unique Challenge of Big Data Integration” A Talend White
Paper
AGENDA
 The characteristics of
Big Data – It’s just data
◦ Limits and Benefits in use
◦ Why we use Big Data
◦ How we use Big Data
 Structured v.
Unstructured Data
◦ Web 3.0
◦ So, is it big or just more
BI?
 Overview of new
technologies
◦ Hiring these skills and
creating these skills
◦ Simply, what they do, how
they fit into any solution
◦ Complexity and
interpretation risk, you get
what you pay for
 Is Social Data on the
Balance Sheet?
◦ Risks in using social data
◦ Problems caused by
investing in social data
◦ Gartner guidance to
question data on the
balance sheet
2
As Director, Integrated Audit at Ellie Mae, is
accountable to creating and using a GRC
program, conducting SOX, SOC, ISMS and
various program specific audits including and
FDIC examination.
As creator of Facilitated Compliance
Management Software (4Point GRC), and
founder of EnterpriseGRC Solutions and
Phoenix Business and Systems Process, Inc.
- ISACA SV Conference Director, an ITPreneurs
partner, and board advisor for Holistic
Information Security Practitioners, provides
Cloud Security & Virtualization Controls
Management training in the San Francisco and
Bay Area. She’s known for successful GRC
implementations, supplying overall design,
development and training to companies ranging
from start up to fortune five hundred. Past
president for the Association for Certified Green
Technology Auditors, ACGTA, a frequent
committee contributor to the ISACA Silicon
Valley Chapter and liaison to the ITSMF SV
chapter, as well as frequent participant in Cloud
Security Alliance local chapter. EnterpriseGRC
Solutions is recently added to the Cloud
Credential Council and is named to the
certification committee of The Holistic
Information Security Practitioner Institute
(HISPI). EnterpriseGRC Solutions® is an active
sponsor to Information Systems Audit and
Control Association, ISACA®, listed as
corporate sponsor and many time CobiT®
trainer for the ITGI.
Visit http://enterprisegrc.com
Robin Basham, M.ED, M.IT, CISA, CGEIT, CRISC,
ACC, CRP, VRP, and HISP, founder EnterpriseGRC
Solutions Inc.®
Director Integrated Audit, Ellie Mae, Inc.
What is Big Data?
 When data sets became so large and complex that
they could no longer be managed using on-hand
database management tools, we saw an
emergence of Big data technologies.
 This new generation of technologies and
architectures were designed to extract economic
value from data sets by enabling high-velocity
capture, discovery and analysis.
 As a result of their invention, we now experience an
entirely new information economy, “Infonomics: The
Practice of Information Economics”
 Inadequately monitored and largely unregulated,
this presentation will highlight ways that this Big
Data puts our business strategy and Bay Area
economy at Big Risk.
©EnterpriseGRC Solutions, Inc.® 2012, All Rights
Reserved 4
What is the Value of our Big Data
 Facebook “likes” and Twitter
“tweets” are reported to
represent $14 per “share”
and $5 per “tweet”. *
 Either a company will report
an increase of revenue, or a
company will pay for that
tracked human behavior.
 Either we prove that a human
committed that behavior, we
prove that the activity had a
sales result, or we stop
accepting false claims.
 We need to do at least one.
©EnterpriseGRC Solutions, Inc.® 2012, All Rights
Reserved 5
When is
information
an asset?
When is it
data, as
opposed to
information?
How We Use Big Data
 Marketing Campaign Analysis
 Recommendation Engine
 Customer Retention and Churn Analysis
 Social Graph Analysis
 Capital Markets Analysis
 Predictive Analytics
 Risk Management
 Rogue Trading
 Fraud Detection
 Retail Banking
 Network Monitoring
 Research And Development
 Archiving Please read more at the source
http://info.talend.com ©EnterpriseGRC Solutions, Inc.® 2012, All Rights
Reserved 6
Found in “Big
data for the
Masses
The Unique
Challenge of
Big Data
Integration”
A Talend White
Paper
Download the
white paper
Deep analytics that correlate accounting
data with position tracking and order
management systems can provide
valuable insights that are not available
using traditional data management
tools. In order to identify these issues,
an immense amount of near real time
data needs to be crunched from
multiple, inconsistent
sources. This computationally intense
function can now be accomplished
using big data technologies.
How Should We Use Big Data?
 While Business Intelligence
has had some time to
mature, Big “social” data
projects are new to the
requirements of
governance.
 It appears we may not be
equipped for rapidly
evolving changes to
enterprise management
and data governance.
 Limited Big Data
Resources
 Poor Data Quality = Big
Risks
 Project Governance not
Fully Understood
 What is a user worth?
(Valuation)
 What is a good user
(Validity)
 What is a real user vs.
a fake user?
(Accuracy, Fraud)
©EnterpriseGRC Solutions, Inc.® 2012, All Rights
Reserved 7
Open Container V. Closed Container
The concept of tampering is
critical to valid data sources.
Science, Manufacturing,
Forensics, Law, all consider
the source of information
and the capacity that others
would have had to alter
them.
Big data has moved the
emphasis of business
intelligence from closed to
open containers.
How should this affect our
willingness and decisions to
use that body of data?
Which companies will
analyze and compile results
and scores based on that
information?
What will be our grounds to
select those vendors and
how will that selection be
controlled by contract and
SLA?
©EnterpriseGRC Solutions, Inc.® 2012, All Rights
Reserved 8
What is
the
Basis
to Trust
Those
Who
Measur
e
Social
Data?
http://blog.bac
kupify.com/201
2/04/05/what-
is-social-data-
worth/
©EnterpriseGRC Solutions, Inc.® 2012, All Rights
Reserved 9
Why Would We Use Big Data?
 Marketing Campaign
Analysis, a target
audience that identifies
the “right” person for the
“right” products.
 Big Data allows
marketing teams to
evaluate large volumes
from new data sources,
like click-stream data
and call detail records,
to increase the
accuracy of analysis.
©EnterpriseGRC Solutions, Inc.® 2012, All Rights
Reserved 10
Web 3.0: With over a billion users, today's Internet is
arguably the most successful human artifact ever
created
This 6 minute video outlines the
basic themes of the European
Union's Future Internet initiative.
These include: an Internet of
Services, where services are
ubiquitous; an Internet of Things
where in principle every physical
object becomes an online
addressable resource; a Mobile
Internet where 24/7 seamless
connectivity over multiple devices
is the norm; and the need for
semantics in order to meet the
challenges presented by the
dramatic increase in the scale of
content and users."
©EnterpriseGRC Solutions, Inc.® 2012, All Rights
Reserved 11
http://www.youtube.com/watch?v
=off08As3siM&feature=player_e
mbedded#at=97
Isn’t Big Data, Just More Data?
 What attributes would alert us to the use
of Big Data? Aren’t we just using OLTP
(On-Line Transactional Processing) and
OLAP (On-Line Analytical Processing)?
 Big Data describes large volumes of a
wide variety of data collected from
various sources across the enterprise
including transactional data from
 Enterprise applications
 Databases
 Social media data
 Mobile device data
 Unstructured data/documents,
 Machine-generated data
©EnterpriseGRC Solutions, Inc.® 2012, All Rights
Reserved 12
http://beautifuldata.net/wp
-
content/uploads/2012/02/
BigDataVentures.png
is created by Benedikt
Koehler
Structured V. Unstructured – Keeping Up
 We, as auditors and business advisors, need to
gain comfort with these new technologies,
understanding their benefits and risks, adding
capabilities to our workforce, and establishing
ground rules for both application and project
governance.
 Traditionally, “Structured” Data is getting faster
and bigger. Machines can’t keep up
 Traditionally “Unstructured” Data leads the
technologies that would allow their management
and distribution; News and Research
©EnterpriseGRC Solutions, Inc.® 2012, All Rights
Reserved 13
What are the New Technologies?
MapReduce
framework
Hadoop
Pig Hive
HBase Hcatalog
Flume Mahout
Oozie
NoSQL(Not
only SQL)
Sqoop …more
©EnterpriseGRC Solutions, Inc.® 2012, All Rights
Reserved 14
MapReduce as a framework, enables big data
technology such as Hadoop to function.
For instance, the Hadoop File System (HDFS) uses
these components to persist data, execute functions
against it and then find results.
The NoSQL
databases, such as
MongoDB and
Cassandra use the
functions to store and
retrieve data for the
respective services.
Hive uses this
framework as the
baseline for a data
warehouse.
Reference Slide: Hadoop
 Hadoop was built to address the challenge of indexing the
entire World Wide Web every
 2004 - Google developed a paradigm called MapReduce
 2005 - Yahoo! started Hadoop as an implementation of
MapReduce, 2007 - open source project
 Hadoop has the basic constructs needed to perform computing:
 It has a file system, a language to write programs, a way of
managing the distribution of those programs over a distributed
cluster, and a way of accepting the results of those programs.
Ultimately the goal is to create a single result set.
With Hadoop, big data is distributed into pieces that are spread
over a series of nodes running on commodity hardware.
©EnterpriseGRC Solutions, Inc.® 2012, All Rights
Reserved 15
Reference Slide: Pig
 The Apache Pig project is a high-level data-flow
programming language and execution framework
for creating MapReduce programs used with
Hadoop.
 The abstract language for this platform is called
Pig Latin and it abstracts the programming into a
notation, which makes MapReduce programming
similar to that of SQL for RDBMS systems.
 Pig Latin is extended using UDF (User Defined
Functions), which the user can write in Java and
then call directly from the language.
©EnterpriseGRC Solutions, Inc.® 2012, All Rights
Reserved 16
Reference Slide: Job Tracker
 A Job Tracker is the entry point for a “map job” or process
to be applied to the data. A map job is typically a query
written in java and is the first step in the MapReduce
process. The Job
 Tracker asks the name node to identify and locate the
necessary data to complete the job. Once it has this
information it submits the query to the relevant named
nodes.
 Any required processing of the data occurs within each
named node, which provides the massively parallel
characteristic of Map Reduce. When each node has
finished processing, it stores the results. The client then
initiates a "Reduce" job.
 The results are then aggregated to determine the
“answer” to the original query.. The client then accesses
these results on the filesystem and can use them for©EnterpriseGRC Solutions, Inc.® 2012, All Rights
Reserved 17
Reference Slide: Hive and HiveQL
 Apache Hive is a data warehouse infrastructure
built on top of Hadoop (originally by Facebook) for
providing data summarization, ad-hoc query, and
analysis of large datasets.
 Hive provides a mechanism to project structure
onto this data and query the data using a SQL-like
language called HiveQL.
 HiveQL is used for business intelligence and
visualization tools.
©EnterpriseGRC Solutions, Inc.® 2012, All Rights
Reserved 18
Reference Slide: HBase, HCatalog
 HBase is a non-relational database that runs on top
of the Hadoop file system (HDFS). It is columnar and
provides fault-tolerant storage and quick access to
large quantities of sparse data. It also adds
transactional capabilities to Hadoop, allowing users
to conduct updates, inserts and deletes. It was
originally developed by Facebook to serve their
messaging systems and is used heavily by eBay as
well.
 HCatalog is a table and storage management service
for data created using Apache Hadoop. It allows
interoperability across data processing tools such as
Pig, Map Reduce, Streaming, and Hive and a shared
schema and data type mechanism.
©EnterpriseGRC Solutions, Inc.® 2012, All Rights
Reserved 19
Reference Slide: Flume, Oozie
 Flume - is a system of agents that populate a
Hadoop cluster. These agents are deployed across
an IT infrastructure and collect data and integrate it
back into Hadoop.
 Oozie - coordinates jobs written in multiple
languages such as Map Reduce, Pig and Hive. It
is a workflow system that links these jobs and
allows specification of order and dependencies
between them.
©EnterpriseGRC Solutions, Inc.® 2012, All Rights
Reserved 20
Reference Slide: Mahout Sqoop
 Mahout - is a data mining library that implements
popular algorithms for clustering and statistical
modeling in MapReduce.
 Sqoop - is a set of data integration tools that allow
non-Hadoop data stores to interact with traditional
relational databases and data warehouses.
©EnterpriseGRC Solutions, Inc.® 2012, All Rights
Reserved 21
Reference Slide: NoSQL
 NoSQL(Not only SQL) -
refers to a large class of
data storage
mechanisms that differ
significantly from the
well-known, traditional
relational data stores
(RDBMS). These
technologies implement
their own query
language and are
typically built on
advanced programming
structures for key/value
relationships, defined
objects, tabular methods
or tuples.
 NoSQL as a term is used
to describe the wide
range of data stores
classified as big data.
Some of the major
flavors adopted within
the big data world today
include
 Cassandra,
 MongoDB,
 NuoDB,
 Couchbase and
 VoltDB.
©EnterpriseGRC Solutions, Inc.® 2012, All Rights
Reserved 22
True or False: Social Data is a part of
our Corporate Assets? “The Value of our
Data” Where is Data? Who’s
using it?
 What is Data Quality?
What is Data Integrity?
 How do we Enforce Data
Retention?
 What Is our Data
Liability?
 Can we spot the
difference between an
Illusion of Influence and
Actual Influence
 What was my data cost
in researching this or any
topic? ©EnterpriseGRC Solutions, Inc.® 2012, All Rights
Reserved 23
http://news.cnet.com/8301-1001_3-
57434736-92/big-data-is-worth-
nothing-without-big-science/
Cloud will create 14 Millions Jobs by
2014
Twitter
- tweet
Digg
LinkedIn
Share
Login
Questionnaire
Like
Bury
Login
Login
Login
Digg
Like
New
Threats
New
Fraud
New
Markets
Understanding Big Data Risk is Complex
 Where is the data?
 Can we trust the data?
 (False negatives
eventually self correct,
but do we have the
time?)
©EnterpriseGRC Solutions, Inc.® 2012, All Rights
Reserved 25
Tracking, Liable, Exploit is Complex
 Something on this page is “blocked”.
 I am on the fence about buying that very dresser. I wonder if McAfee caught
that I was being tracked by an unsafe source? For this exercise, I elect to
unblock. ©EnterpriseGRC Solutions, Inc.® 2012, All Rights
Reserved 26
Perhaps Data Governance Should
Consider Source – Or Not use the Word
“Governance”
©EnterpriseGRC Solutions, Inc.® 2012, All Rights
Reserved 27
 Should the
information we
commingle with
news differ from the
information used for
advertising?
What Is Our Reputational Risk?
©EnterpriseGRC Solutions, Inc.® 2012, All Rights
Reserved 28
How Will The
Market Feel
When they See
What We Paid
and What We
Made?
How will we
differentiate the
use of big data,
as opposed to
big distraction?
Test if Functionality is Limited by
Restricting Cookies – Know the Risk to
Reader
©EnterpriseGRC Solutions, Inc.® 2012, All Rights
Reserved 29
 This test shows that we can examine rank without being
tracked
Can We Trust the Media to
Recommend a Product?
©EnterpriseGRC Solutions, Inc.® 2012, All Rights
Reserved 30
If results favor a
company’s
investments isn’t this
a step along the path
to fraud? This is not a
dig on CNET. It’s a
question about doing
what everyone else is
doing.
For example, New
York Times, and Wall
Street Journal have
set privacy and
governance that
would restrict this
GPS Act – Example Law
The GPS Act, short for the Geolocation Privacy and
Surveillance Act, is a bill co-sponsored by Senator Ron
Wyden (D-OR) and Rep. Jason Chaffetz (R-UT) and
introduced to the Senate and House in June 2011.
The bill would impose tighter restrictions on how and in
what instances law enforcement agencies could legally
obtain cell user location information, requiring a warrant in
all cases exception a few narrowly-defined emergency
situations, such as when an officer “reasonably
determines,” that there is risk of “immediate danger of death
or serious physical injury to any person,” or “conspiratorial
activities” relating to national security or “characteristic of
organized crime.”
The bill has been read twice and is stalled in committee.
©EnterpriseGRC Solutions, Inc.® 2012, All Rights
Reserved 31
The GPS Act Supports Legitimate Investigations and Protects Privacy
Facebook Resolves User Right of Publicity Claims
Concerning Sponsored Stories Advertising
Facebook recently settled a class-action lawsuit stemming from Facebook’s
alleged unauthorized use of users’ photographs in ‘sponsored stories’
advertisements on its site. The class action plaintiffs alleged that Facebook’s
use of their images in “Sponsored Stories” advertisements violated the
plaintiffs’ rights under the California right of publicity statute, which reserves to
the individual the right to control their image for commercial purposes. Under
the terms of the settlement, Facebook agreed to pay a total of $20 million, with
half of the settlement funds donated to charities and law schools, and the other
half going to plaintiffs’ attorneys. Other than the three class representatives, no
Facebook users will receive any funds from the settlement.
Facebook users had been serving as unwitting brand promoters on the site,
appearing without their permission or knowledge in promotional ‘stories’
featuring advertised products and services. Merely ‘liking’ a company or brand
functioned as an effective opt-in that allowed Facebook to use the user’s
image in that company or brand’s advertising on the site. The only means of
withdrawing from promotional use of one’s image was to ‘unlike’ the brand,
which, prior to this settlement, was not an easy feat. […]
Published In: Civil Remedies Updates, Communications & Media Law
Updates, Personal Injury Updates, Privacy Updates © Kilpatrick Townsend
2012 | Attorney Advertising
©EnterpriseGRC Solutions, Inc.® 2012, All Rights
Reserved 32
 Kilpatrick Townsend on 7/11/2012 authors: Barry M. Benjamin; Andrew I. Gerber
When We Use Social Data for A Business Decision,
Are We Protected Under CDA 230?
 Section 230 of Title 47 of the United States Code (47 U.S.C. §
230) was passed as part of the much-maligned Communication
Decency Act of 1996. Many aspects of the CDA were
unconstitutional restrictions of freedom of speech, but this
section survived and has been a valuable defense for Internet
intermediaries ever since. "By its plain language, § 230 creates
a federal immunity to any cause of action that would make
service providers liable for information originating with a third-
party user of the service”. Zeran v. America Online, Inc., 129
F.3d 327, 330 (4th Cir. 1997), cert. denied, 524 U.S. 937 (1998)
 EFF maintains an archive of CDA cases:
http://www.eff.org/legal/ISP_liability/CDA230/
 http://ilt.eff.org/index.php/Table_of_Contents
©EnterpriseGRC Solutions, Inc.® 2012, All Rights
Reserved 33
Defamation: CDA Cases – consider Yelp and other reputation
data
How Might Social Data Open a Company to
Hate?
©EnterpriseGRC Solutions, Inc.® 2012, All Rights
Reserved 34
 Is this a crowdsourcing benefit or a liability?
Risks in Life Logging - ENISA
 R1 – Breach of privacy
 R2 – Inappropriate secondary use of data
 R3 – Malicious attacks on smart devices
increase as their value to authenticate
individuals and store personal data increases
 R4 – Compliance with and enforcement of
data protection legislation made more difficult
 R5 – Discrimination and exclusion
 R6 – Monitoring, cyber-stalking, child
grooming and “friendly” surveillance
 R7 – Unanticipated changes in citizens’
behavior and creation of an “obedient” citizen
 R8 – Poor decision making / inability to make
decisions
 R9 – Psychological harm
 R10 – Physical theft of property or private
information from home environment
 R11 – Reduction of choices available to
individuals as consumers and user lock-in
 R12 – Decrease of productivity
To log or not to log? - Risks and benefits
of emerging life-logging applications
http://www.enisa.europa.eu/activities/risk-management/emerging-and-future-
risk/deliverables/life-logging-risk-assessment/to-log-or-not-to-log-risks-and-benefits-of-
emerging-life-logging-applications
Security and
Legal
Aspects
Issues
Affecting
Privacy
©EnterpriseGRC Solutions, Inc.® 2012, All Rights
Reserved 36
Should We Show Off our Connections?
 April 28th , 2012 “Look at Me, me, me”
©EnterpriseGRC Solutions, Inc.® 2012, All Rights
Reserved 37
Who Are We Hurting When We Give Information
Away?
 Why don’t we regulate companies that exceed a million user
threshold?
©EnterpriseGRC Solutions, Inc.® 2012, All Rights
Reserved 38
Why Are We So Willing to Give Away our
Data?
©EnterpriseGRC Solutions, Inc.® 2012, All Rights
Reserved 39
 After ten minutes of viewing Collusion, I decide to block all
tracking sites.
What Happens When We Turn Off
Tracking?
©EnterpriseGRC Solutions, Inc.® 2012, All Rights
Reserved 40
What Do We Lose When We Turn Off Tracking?
If a follower is worth $118, I lost $35K (I lost
nothing)
©EnterpriseGRC Solutions, Inc.® 2012, All Rights
Reserved 41
Can We Act On the Advice of Others?
©EnterpriseGRC Solutions, Inc.® 2012, All Rights
Reserved 42
 What are the
implications of
driving
business
decisions that
involve access
or use of the
web?
 If followers are
assets, then
isn’t the
discouraging of
traffic a form of
Who Are the Contributors to the
Information We Trust? Can they have a
Paid Agenda?
 Should we better qualify contributors in our big data
sets?
©EnterpriseGRC Solutions, Inc.® 2012, All Rights
Reserved 43
Bad Rating V. Buying a High Score
 Affiliate Programs SHOULD NOT be represented as Community
Rating
©EnterpriseGRC Solutions, Inc.® 2012, All Rights
Reserved 44
© Gartner, Doug Laney on Value of Data
Infonomics: The Practice of Information Economics
 The Value of Information
 Why Put a Value on
Information?
 Information is a Unique Asset
 Where Are Information Assets
on the Balance Sheet?
 Reasons to Acknowledge and
Account for Information as an
Asset
 Measuring the Value of Your
Information
 Understanding Your True
Information ROI
 Securing Your Information
 Influencing Your Corporate
Valuation
 Assessing Contractual Risks
 Borrowing Against Information
 Bartering With Information
 Selling Information
Doug Laney is research
vice president for Gartner
©EnterpriseGRC Solutions, Inc.® 2012, All Rights
Reserved 45
“Information assets cannot be formally recognized according to
accounting standards, but in time that may change”
What is the Basis for Posting Value?
 The sample shows a small business site valued at one MILLIONTH the
other companies, that topped placement in a financially valued list. The
company in first place has made no revenue as a result of that
placement.
©EnterpriseGRC Solutions, Inc.® 2012, All Rights
Reserved 46
Unless We Enforce Standards in
User Engagement Reporting We
May Destroy Our Information
Economy
 What Are The Incentives to Lie?
 How do we define Propaganda?
 What constitutes illegal protest?
©EnterpriseGRC Solutions, Inc.® 2012, All Rights
Reserved 47
We Have to Define Free Speech
and our Rights to Influence Others
 Free speech is not for pay
 Free speech is not automated in a batch of hundreds
or thousands of communicated response
 We have to safeguard our rights to be counted
 Instead of making it illegal to track me, perhaps it
should be illegal to MISTRACK me.
©EnterpriseGRC Solutions, Inc.® 2012, All Rights
Reserved 48
Wash Your Hands Before You Eat
 What are some of the things we should clean or
delete?
 Competitors from your first connections
 Private Phone messages stored for playback on
the internet
 Facebook applications (unless the product is well
understood and serves specific scope and function)
 Anonymous identities (oxymoron?)
 Connections representing bias or undue influence
 Hateful comments, explicit content, personal
content
 Anything that stores your password and shares
your identity with other applications
©EnterpriseGRC Solutions, Inc.® 2012, All Rights
Reserved 49
Questions?
 Yeah, me too.
 I use social media to track the security flaws in
social media
©EnterpriseGRC Solutions, Inc.® 2012, All Rights
Reserved 50

Mais conteúdo relacionado

Mais procurados

Csa summit argentina-reavis
Csa summit   argentina-reavisCsa summit   argentina-reavis
Csa summit argentina-reavisCSA Argentina
 
Leveraging Identity to Manage Change and Complexity
Leveraging Identity to Manage Change and ComplexityLeveraging Identity to Manage Change and Complexity
Leveraging Identity to Manage Change and ComplexityNetIQ
 
Csa summit seguridad en el sddc
Csa summit   seguridad en el sddcCsa summit   seguridad en el sddc
Csa summit seguridad en el sddcCSA Argentina
 
From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...NetIQ
 
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...Cohesive Networks
 
Total Digital Security Introduction 4.2
Total Digital Security Introduction 4.2Total Digital Security Introduction 4.2
Total Digital Security Introduction 4.2Brad Deflin
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...PECB
 
Csa summit cualquier aplicación, desde cualquier dispositivo, en cualquier ...
Csa summit   cualquier aplicación, desde cualquier dispositivo, en cualquier ...Csa summit   cualquier aplicación, desde cualquier dispositivo, en cualquier ...
Csa summit cualquier aplicación, desde cualquier dispositivo, en cualquier ...CSA Argentina
 
Protecting What Matters...An Enterprise Approach to Cloud Security
Protecting What Matters...An Enterprise Approach to Cloud SecurityProtecting What Matters...An Enterprise Approach to Cloud Security
Protecting What Matters...An Enterprise Approach to Cloud SecurityInnoTech
 
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Doeren Mayhew
 
I Own Your Building (Management System)
I Own Your Building (Management System)I Own Your Building (Management System)
I Own Your Building (Management System)Zero Science Lab
 
Risk management for cloud computing hb final
Risk management for cloud computing hb finalRisk management for cloud computing hb final
Risk management for cloud computing hb finalChristophe Monnier
 
Protecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersProtecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersJack Nichelson
 
Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)Iftikhar Ali Iqbal
 
Qubole GDPR Security and Compliance Whitepaper
Qubole GDPR Security and Compliance Whitepaper Qubole GDPR Security and Compliance Whitepaper
Qubole GDPR Security and Compliance Whitepaper Vasu S
 
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
2011 FCC CSRIC WG2A Cyber Security Best Practices Final ReportPhil Agcaoili
 
New CISO - The First 90 Days
New CISO - The First 90 DaysNew CISO - The First 90 Days
New CISO - The First 90 DaysResilient Systems
 
FS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data Assets
FS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data AssetsFS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data Assets
FS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data AssetsPuneet Kukreja
 
Hdcs Overview Final
Hdcs Overview FinalHdcs Overview Final
Hdcs Overview Finalrjt01
 
There's No Such Thing As "Downtime" In a Hospital
There's No Such Thing As "Downtime" In a HospitalThere's No Such Thing As "Downtime" In a Hospital
There's No Such Thing As "Downtime" In a HospitalNETSCOUT
 

Mais procurados (20)

Csa summit argentina-reavis
Csa summit   argentina-reavisCsa summit   argentina-reavis
Csa summit argentina-reavis
 
Leveraging Identity to Manage Change and Complexity
Leveraging Identity to Manage Change and ComplexityLeveraging Identity to Manage Change and Complexity
Leveraging Identity to Manage Change and Complexity
 
Csa summit seguridad en el sddc
Csa summit   seguridad en el sddcCsa summit   seguridad en el sddc
Csa summit seguridad en el sddc
 
From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...
 
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
 
Total Digital Security Introduction 4.2
Total Digital Security Introduction 4.2Total Digital Security Introduction 4.2
Total Digital Security Introduction 4.2
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
 
Csa summit cualquier aplicación, desde cualquier dispositivo, en cualquier ...
Csa summit   cualquier aplicación, desde cualquier dispositivo, en cualquier ...Csa summit   cualquier aplicación, desde cualquier dispositivo, en cualquier ...
Csa summit cualquier aplicación, desde cualquier dispositivo, en cualquier ...
 
Protecting What Matters...An Enterprise Approach to Cloud Security
Protecting What Matters...An Enterprise Approach to Cloud SecurityProtecting What Matters...An Enterprise Approach to Cloud Security
Protecting What Matters...An Enterprise Approach to Cloud Security
 
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
 
I Own Your Building (Management System)
I Own Your Building (Management System)I Own Your Building (Management System)
I Own Your Building (Management System)
 
Risk management for cloud computing hb final
Risk management for cloud computing hb finalRisk management for cloud computing hb final
Risk management for cloud computing hb final
 
Protecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersProtecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the Beefeaters
 
Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)
 
Qubole GDPR Security and Compliance Whitepaper
Qubole GDPR Security and Compliance Whitepaper Qubole GDPR Security and Compliance Whitepaper
Qubole GDPR Security and Compliance Whitepaper
 
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
 
New CISO - The First 90 Days
New CISO - The First 90 DaysNew CISO - The First 90 Days
New CISO - The First 90 Days
 
FS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data Assets
FS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data AssetsFS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data Assets
FS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data Assets
 
Hdcs Overview Final
Hdcs Overview FinalHdcs Overview Final
Hdcs Overview Final
 
There's No Such Thing As "Downtime" In a Hospital
There's No Such Thing As "Downtime" In a HospitalThere's No Such Thing As "Downtime" In a Hospital
There's No Such Thing As "Downtime" In a Hospital
 

Destaque

Networking and communications security – network architecture design
Networking and communications security – network architecture designNetworking and communications security – network architecture design
Networking and communications security – network architecture designEnterpriseGRC Solutions, Inc.
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleWalk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleEnterpriseGRC Solutions, Inc.
 
Top learnings from evaluating and implementing a DLP Solution
Top learnings from evaluating and implementing a DLP Solution Top learnings from evaluating and implementing a DLP Solution
Top learnings from evaluating and implementing a DLP Solution Priyanka Aash
 
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial  systemsCybersecurity for modern industrial  systems
Cybersecurity for modern industrial systemsItex Solutions
 
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 James Nesbitt
 
CISSP Study Exercises, Just some good will to help my peers with their studies
CISSP Study Exercises, Just some good will to help my peers with their studiesCISSP Study Exercises, Just some good will to help my peers with their studies
CISSP Study Exercises, Just some good will to help my peers with their studiesEnterpriseGRC Solutions, Inc.
 
Data Loss Prevention: Challenges, Impacts & Effective Strategies
Data Loss Prevention: Challenges, Impacts & Effective StrategiesData Loss Prevention: Challenges, Impacts & Effective Strategies
Data Loss Prevention: Challenges, Impacts & Effective StrategiesSeccuris Inc.
 
Startupy w Pałacu - prezentacja Elmodis
Startupy w Pałacu - prezentacja ElmodisStartupy w Pałacu - prezentacja Elmodis
Startupy w Pałacu - prezentacja ElmodisELMODIS Inc.
 
Overview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyOverview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyLiwei Ren任力偉
 
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security   02   Ics Scada Cyber Security Standards, Solution Tips...Dubai Cyber Security   02   Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...Ahmed Al Enizi
 

Destaque (20)

Networking and communications security – network architecture design
Networking and communications security – network architecture designNetworking and communications security – network architecture design
Networking and communications security – network architecture design
 
Cryptographic lifecycle security training
Cryptographic lifecycle security trainingCryptographic lifecycle security training
Cryptographic lifecycle security training
 
CobiT Foundation Free Training
CobiT Foundation Free TrainingCobiT Foundation Free Training
CobiT Foundation Free Training
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleWalk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
 
RUSSELL EMWS 2013
RUSSELL EMWS 2013RUSSELL EMWS 2013
RUSSELL EMWS 2013
 
Davis-Bacon Law Act
Davis-Bacon Law ActDavis-Bacon Law Act
Davis-Bacon Law Act
 
IETC EMWS Russell 2015 V02
IETC EMWS Russell 2015 V02IETC EMWS Russell 2015 V02
IETC EMWS Russell 2015 V02
 
Top learnings from evaluating and implementing a DLP Solution
Top learnings from evaluating and implementing a DLP Solution Top learnings from evaluating and implementing a DLP Solution
Top learnings from evaluating and implementing a DLP Solution
 
Erm talking points
Erm talking pointsErm talking points
Erm talking points
 
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial  systemsCybersecurity for modern industrial  systems
Cybersecurity for modern industrial systems
 
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015
 
ISACA SV 2013 Winter Conference Brochure
ISACA SV 2013 Winter Conference BrochureISACA SV 2013 Winter Conference Brochure
ISACA SV 2013 Winter Conference Brochure
 
CISSP Study Exercises, Just some good will to help my peers with their studies
CISSP Study Exercises, Just some good will to help my peers with their studiesCISSP Study Exercises, Just some good will to help my peers with their studies
CISSP Study Exercises, Just some good will to help my peers with their studies
 
The Perils of Mount Must Read
The Perils of Mount Must ReadThe Perils of Mount Must Read
The Perils of Mount Must Read
 
Data Loss Prevention: Challenges, Impacts & Effective Strategies
Data Loss Prevention: Challenges, Impacts & Effective StrategiesData Loss Prevention: Challenges, Impacts & Effective Strategies
Data Loss Prevention: Challenges, Impacts & Effective Strategies
 
Procedures and Controls Documentation Guidelines
Procedures and Controls Documentation GuidelinesProcedures and Controls Documentation Guidelines
Procedures and Controls Documentation Guidelines
 
Startupy w Pałacu - prezentacja Elmodis
Startupy w Pałacu - prezentacja ElmodisStartupy w Pałacu - prezentacja Elmodis
Startupy w Pałacu - prezentacja Elmodis
 
Enterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slidesEnterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slides
 
Overview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyOverview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) Technology
 
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security   02   Ics Scada Cyber Security Standards, Solution Tips...Dubai Cyber Security   02   Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
 

Semelhante a The value of our data

Why Everything You Know About bigdata Is A Lie
Why Everything You Know About bigdata Is A LieWhy Everything You Know About bigdata Is A Lie
Why Everything You Know About bigdata Is A LieSunil Ranka
 
Big Data : From HindSight to Insight to Foresight
Big Data : From HindSight to Insight to ForesightBig Data : From HindSight to Insight to Foresight
Big Data : From HindSight to Insight to ForesightSunil Ranka
 
Di in the age of digital disruptions v1.0
Di in the age of digital disruptions v1.0Di in the age of digital disruptions v1.0
Di in the age of digital disruptions v1.0Amar Roy
 
Big Data Trends and Challenges Report - Whitepaper
Big Data Trends and Challenges Report - WhitepaperBig Data Trends and Challenges Report - Whitepaper
Big Data Trends and Challenges Report - WhitepaperVasu S
 
Ab cs of big data
Ab cs of big dataAb cs of big data
Ab cs of big dataDigimark
 
Understanding Big Data so you can act with confidence
Understanding Big Data so you can act with confidenceUnderstanding Big Data so you can act with confidence
Understanding Big Data so you can act with confidenceIBM Software India
 
An Overview of BigData
An Overview of BigDataAn Overview of BigData
An Overview of BigDataValarmathi V
 
Big Data Management: A Unified Approach to Drive Business Results
Big Data Management: A Unified Approach to Drive Business ResultsBig Data Management: A Unified Approach to Drive Business Results
Big Data Management: A Unified Approach to Drive Business ResultsCA Technologies
 
Information Management Strategy to power Big Data
Information Management Strategy to power Big DataInformation Management Strategy to power Big Data
Information Management Strategy to power Big DataLeo Barella
 
Top Trends & Predictions That Will Drive Data Science in 2022.pdf
Top Trends & Predictions That Will Drive Data Science in 2022.pdfTop Trends & Predictions That Will Drive Data Science in 2022.pdf
Top Trends & Predictions That Will Drive Data Science in 2022.pdfData Science Council of America
 
Hudson Kayak Case Summary
Hudson Kayak Case SummaryHudson Kayak Case Summary
Hudson Kayak Case SummaryKate Loge
 
BIG Data & Hadoop Applications in Finance
BIG Data & Hadoop Applications in FinanceBIG Data & Hadoop Applications in Finance
BIG Data & Hadoop Applications in FinanceSkillspeed
 
Big data an elephant business opportunities
Big data an elephant   business opportunitiesBig data an elephant   business opportunities
Big data an elephant business opportunitiesBigdata Meetup Kochi
 

Semelhante a The value of our data (20)

Why Everything You Know About bigdata Is A Lie
Why Everything You Know About bigdata Is A LieWhy Everything You Know About bigdata Is A Lie
Why Everything You Know About bigdata Is A Lie
 
Big Data : From HindSight to Insight to Foresight
Big Data : From HindSight to Insight to ForesightBig Data : From HindSight to Insight to Foresight
Big Data : From HindSight to Insight to Foresight
 
Di in the age of digital disruptions v1.0
Di in the age of digital disruptions v1.0Di in the age of digital disruptions v1.0
Di in the age of digital disruptions v1.0
 
Big Data Trends and Challenges Report - Whitepaper
Big Data Trends and Challenges Report - WhitepaperBig Data Trends and Challenges Report - Whitepaper
Big Data Trends and Challenges Report - Whitepaper
 
Presentation on Big Data
Presentation on Big DataPresentation on Big Data
Presentation on Big Data
 
Ab cs of big data
Ab cs of big dataAb cs of big data
Ab cs of big data
 
Understanding Big Data so you can act with confidence
Understanding Big Data so you can act with confidenceUnderstanding Big Data so you can act with confidence
Understanding Big Data so you can act with confidence
 
An Overview of BigData
An Overview of BigDataAn Overview of BigData
An Overview of BigData
 
Big data Readiness white paper
Big data  Readiness white paperBig data  Readiness white paper
Big data Readiness white paper
 
Big Data Management: A Unified Approach to Drive Business Results
Big Data Management: A Unified Approach to Drive Business ResultsBig Data Management: A Unified Approach to Drive Business Results
Big Data Management: A Unified Approach to Drive Business Results
 
Information Management Strategy to power Big Data
Information Management Strategy to power Big DataInformation Management Strategy to power Big Data
Information Management Strategy to power Big Data
 
Top Trends & Predictions That Will Drive Data Science in 2022.pdf
Top Trends & Predictions That Will Drive Data Science in 2022.pdfTop Trends & Predictions That Will Drive Data Science in 2022.pdf
Top Trends & Predictions That Will Drive Data Science in 2022.pdf
 
iri-highres
iri-highresiri-highres
iri-highres
 
6 Reasons to Use Data Analytics
6 Reasons to Use Data Analytics6 Reasons to Use Data Analytics
6 Reasons to Use Data Analytics
 
The ABCs of Big Data
The ABCs of Big DataThe ABCs of Big Data
The ABCs of Big Data
 
Hudson Kayak Case Summary
Hudson Kayak Case SummaryHudson Kayak Case Summary
Hudson Kayak Case Summary
 
Transforming Big Data into business value
Transforming Big Data into business valueTransforming Big Data into business value
Transforming Big Data into business value
 
BIG Data & Hadoop Applications in Finance
BIG Data & Hadoop Applications in FinanceBIG Data & Hadoop Applications in Finance
BIG Data & Hadoop Applications in Finance
 
Big data an elephant business opportunities
Big data an elephant   business opportunitiesBig data an elephant   business opportunities
Big data an elephant business opportunities
 
Big Data at a Glance
Big Data at a GlanceBig Data at a Glance
Big Data at a Glance
 

Último

Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
Governance in SharePoint Premium:What's in the box?
Governance in SharePoint Premium:What's in the box?Governance in SharePoint Premium:What's in the box?
Governance in SharePoint Premium:What's in the box?Juan Carlos Gonzalez
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
Valere | Digital Solutions & AI Transformation Portfolio | 2024
Valere | Digital Solutions & AI Transformation Portfolio | 2024Valere | Digital Solutions & AI Transformation Portfolio | 2024
Valere | Digital Solutions & AI Transformation Portfolio | 2024Alexander Turgeon
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...
All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...
All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...Daniel Zivkovic
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
The Kubernetes Gateway API and its role in Cloud Native API Management
The Kubernetes Gateway API and its role in Cloud Native API ManagementThe Kubernetes Gateway API and its role in Cloud Native API Management
The Kubernetes Gateway API and its role in Cloud Native API ManagementNuwan Dias
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 

Último (20)

Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
Governance in SharePoint Premium:What's in the box?
Governance in SharePoint Premium:What's in the box?Governance in SharePoint Premium:What's in the box?
Governance in SharePoint Premium:What's in the box?
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
Valere | Digital Solutions & AI Transformation Portfolio | 2024
Valere | Digital Solutions & AI Transformation Portfolio | 2024Valere | Digital Solutions & AI Transformation Portfolio | 2024
Valere | Digital Solutions & AI Transformation Portfolio | 2024
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...
All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...
All in AI: LLM Landscape & RAG in 2024 with Mark Ryan (Google) & Jerry Liu (L...
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
The Kubernetes Gateway API and its role in Cloud Native API Management
The Kubernetes Gateway API and its role in Cloud Native API ManagementThe Kubernetes Gateway API and its role in Cloud Native API Management
The Kubernetes Gateway API and its role in Cloud Native API Management
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 

The value of our data

  • 1. The Value of Big Data Robin Basham, Director Integrated Audit, Ellie Mae, Inc. CISA, CGEIT, CRISC, M.Ed, M.IT, VRP, CRP, HISP Prepared for ISACA SV and IMA Palo Alto With reference to “Infonomics: The Practice of Information Economics” Doug Laney and “Big data for the Masses The Unique Challenge of Big Data Integration” A Talend White Paper
  • 2. AGENDA  The characteristics of Big Data – It’s just data ◦ Limits and Benefits in use ◦ Why we use Big Data ◦ How we use Big Data  Structured v. Unstructured Data ◦ Web 3.0 ◦ So, is it big or just more BI?  Overview of new technologies ◦ Hiring these skills and creating these skills ◦ Simply, what they do, how they fit into any solution ◦ Complexity and interpretation risk, you get what you pay for  Is Social Data on the Balance Sheet? ◦ Risks in using social data ◦ Problems caused by investing in social data ◦ Gartner guidance to question data on the balance sheet 2
  • 3. As Director, Integrated Audit at Ellie Mae, is accountable to creating and using a GRC program, conducting SOX, SOC, ISMS and various program specific audits including and FDIC examination. As creator of Facilitated Compliance Management Software (4Point GRC), and founder of EnterpriseGRC Solutions and Phoenix Business and Systems Process, Inc. - ISACA SV Conference Director, an ITPreneurs partner, and board advisor for Holistic Information Security Practitioners, provides Cloud Security & Virtualization Controls Management training in the San Francisco and Bay Area. She’s known for successful GRC implementations, supplying overall design, development and training to companies ranging from start up to fortune five hundred. Past president for the Association for Certified Green Technology Auditors, ACGTA, a frequent committee contributor to the ISACA Silicon Valley Chapter and liaison to the ITSMF SV chapter, as well as frequent participant in Cloud Security Alliance local chapter. EnterpriseGRC Solutions is recently added to the Cloud Credential Council and is named to the certification committee of The Holistic Information Security Practitioner Institute (HISPI). EnterpriseGRC Solutions® is an active sponsor to Information Systems Audit and Control Association, ISACA®, listed as corporate sponsor and many time CobiT® trainer for the ITGI. Visit http://enterprisegrc.com Robin Basham, M.ED, M.IT, CISA, CGEIT, CRISC, ACC, CRP, VRP, and HISP, founder EnterpriseGRC Solutions Inc.® Director Integrated Audit, Ellie Mae, Inc.
  • 4. What is Big Data?  When data sets became so large and complex that they could no longer be managed using on-hand database management tools, we saw an emergence of Big data technologies.  This new generation of technologies and architectures were designed to extract economic value from data sets by enabling high-velocity capture, discovery and analysis.  As a result of their invention, we now experience an entirely new information economy, “Infonomics: The Practice of Information Economics”  Inadequately monitored and largely unregulated, this presentation will highlight ways that this Big Data puts our business strategy and Bay Area economy at Big Risk. ©EnterpriseGRC Solutions, Inc.® 2012, All Rights Reserved 4
  • 5. What is the Value of our Big Data  Facebook “likes” and Twitter “tweets” are reported to represent $14 per “share” and $5 per “tweet”. *  Either a company will report an increase of revenue, or a company will pay for that tracked human behavior.  Either we prove that a human committed that behavior, we prove that the activity had a sales result, or we stop accepting false claims.  We need to do at least one. ©EnterpriseGRC Solutions, Inc.® 2012, All Rights Reserved 5 When is information an asset? When is it data, as opposed to information?
  • 6. How We Use Big Data  Marketing Campaign Analysis  Recommendation Engine  Customer Retention and Churn Analysis  Social Graph Analysis  Capital Markets Analysis  Predictive Analytics  Risk Management  Rogue Trading  Fraud Detection  Retail Banking  Network Monitoring  Research And Development  Archiving Please read more at the source http://info.talend.com ©EnterpriseGRC Solutions, Inc.® 2012, All Rights Reserved 6 Found in “Big data for the Masses The Unique Challenge of Big Data Integration” A Talend White Paper Download the white paper Deep analytics that correlate accounting data with position tracking and order management systems can provide valuable insights that are not available using traditional data management tools. In order to identify these issues, an immense amount of near real time data needs to be crunched from multiple, inconsistent sources. This computationally intense function can now be accomplished using big data technologies.
  • 7. How Should We Use Big Data?  While Business Intelligence has had some time to mature, Big “social” data projects are new to the requirements of governance.  It appears we may not be equipped for rapidly evolving changes to enterprise management and data governance.  Limited Big Data Resources  Poor Data Quality = Big Risks  Project Governance not Fully Understood  What is a user worth? (Valuation)  What is a good user (Validity)  What is a real user vs. a fake user? (Accuracy, Fraud) ©EnterpriseGRC Solutions, Inc.® 2012, All Rights Reserved 7
  • 8. Open Container V. Closed Container The concept of tampering is critical to valid data sources. Science, Manufacturing, Forensics, Law, all consider the source of information and the capacity that others would have had to alter them. Big data has moved the emphasis of business intelligence from closed to open containers. How should this affect our willingness and decisions to use that body of data? Which companies will analyze and compile results and scores based on that information? What will be our grounds to select those vendors and how will that selection be controlled by contract and SLA? ©EnterpriseGRC Solutions, Inc.® 2012, All Rights Reserved 8
  • 10. Why Would We Use Big Data?  Marketing Campaign Analysis, a target audience that identifies the “right” person for the “right” products.  Big Data allows marketing teams to evaluate large volumes from new data sources, like click-stream data and call detail records, to increase the accuracy of analysis. ©EnterpriseGRC Solutions, Inc.® 2012, All Rights Reserved 10
  • 11. Web 3.0: With over a billion users, today's Internet is arguably the most successful human artifact ever created This 6 minute video outlines the basic themes of the European Union's Future Internet initiative. These include: an Internet of Services, where services are ubiquitous; an Internet of Things where in principle every physical object becomes an online addressable resource; a Mobile Internet where 24/7 seamless connectivity over multiple devices is the norm; and the need for semantics in order to meet the challenges presented by the dramatic increase in the scale of content and users." ©EnterpriseGRC Solutions, Inc.® 2012, All Rights Reserved 11 http://www.youtube.com/watch?v =off08As3siM&feature=player_e mbedded#at=97
  • 12. Isn’t Big Data, Just More Data?  What attributes would alert us to the use of Big Data? Aren’t we just using OLTP (On-Line Transactional Processing) and OLAP (On-Line Analytical Processing)?  Big Data describes large volumes of a wide variety of data collected from various sources across the enterprise including transactional data from  Enterprise applications  Databases  Social media data  Mobile device data  Unstructured data/documents,  Machine-generated data ©EnterpriseGRC Solutions, Inc.® 2012, All Rights Reserved 12 http://beautifuldata.net/wp - content/uploads/2012/02/ BigDataVentures.png is created by Benedikt Koehler
  • 13. Structured V. Unstructured – Keeping Up  We, as auditors and business advisors, need to gain comfort with these new technologies, understanding their benefits and risks, adding capabilities to our workforce, and establishing ground rules for both application and project governance.  Traditionally, “Structured” Data is getting faster and bigger. Machines can’t keep up  Traditionally “Unstructured” Data leads the technologies that would allow their management and distribution; News and Research ©EnterpriseGRC Solutions, Inc.® 2012, All Rights Reserved 13
  • 14. What are the New Technologies? MapReduce framework Hadoop Pig Hive HBase Hcatalog Flume Mahout Oozie NoSQL(Not only SQL) Sqoop …more ©EnterpriseGRC Solutions, Inc.® 2012, All Rights Reserved 14 MapReduce as a framework, enables big data technology such as Hadoop to function. For instance, the Hadoop File System (HDFS) uses these components to persist data, execute functions against it and then find results. The NoSQL databases, such as MongoDB and Cassandra use the functions to store and retrieve data for the respective services. Hive uses this framework as the baseline for a data warehouse.
  • 15. Reference Slide: Hadoop  Hadoop was built to address the challenge of indexing the entire World Wide Web every  2004 - Google developed a paradigm called MapReduce  2005 - Yahoo! started Hadoop as an implementation of MapReduce, 2007 - open source project  Hadoop has the basic constructs needed to perform computing:  It has a file system, a language to write programs, a way of managing the distribution of those programs over a distributed cluster, and a way of accepting the results of those programs. Ultimately the goal is to create a single result set. With Hadoop, big data is distributed into pieces that are spread over a series of nodes running on commodity hardware. ©EnterpriseGRC Solutions, Inc.® 2012, All Rights Reserved 15
  • 16. Reference Slide: Pig  The Apache Pig project is a high-level data-flow programming language and execution framework for creating MapReduce programs used with Hadoop.  The abstract language for this platform is called Pig Latin and it abstracts the programming into a notation, which makes MapReduce programming similar to that of SQL for RDBMS systems.  Pig Latin is extended using UDF (User Defined Functions), which the user can write in Java and then call directly from the language. ©EnterpriseGRC Solutions, Inc.® 2012, All Rights Reserved 16
  • 17. Reference Slide: Job Tracker  A Job Tracker is the entry point for a “map job” or process to be applied to the data. A map job is typically a query written in java and is the first step in the MapReduce process. The Job  Tracker asks the name node to identify and locate the necessary data to complete the job. Once it has this information it submits the query to the relevant named nodes.  Any required processing of the data occurs within each named node, which provides the massively parallel characteristic of Map Reduce. When each node has finished processing, it stores the results. The client then initiates a "Reduce" job.  The results are then aggregated to determine the “answer” to the original query.. The client then accesses these results on the filesystem and can use them for©EnterpriseGRC Solutions, Inc.® 2012, All Rights Reserved 17
  • 18. Reference Slide: Hive and HiveQL  Apache Hive is a data warehouse infrastructure built on top of Hadoop (originally by Facebook) for providing data summarization, ad-hoc query, and analysis of large datasets.  Hive provides a mechanism to project structure onto this data and query the data using a SQL-like language called HiveQL.  HiveQL is used for business intelligence and visualization tools. ©EnterpriseGRC Solutions, Inc.® 2012, All Rights Reserved 18
  • 19. Reference Slide: HBase, HCatalog  HBase is a non-relational database that runs on top of the Hadoop file system (HDFS). It is columnar and provides fault-tolerant storage and quick access to large quantities of sparse data. It also adds transactional capabilities to Hadoop, allowing users to conduct updates, inserts and deletes. It was originally developed by Facebook to serve their messaging systems and is used heavily by eBay as well.  HCatalog is a table and storage management service for data created using Apache Hadoop. It allows interoperability across data processing tools such as Pig, Map Reduce, Streaming, and Hive and a shared schema and data type mechanism. ©EnterpriseGRC Solutions, Inc.® 2012, All Rights Reserved 19
  • 20. Reference Slide: Flume, Oozie  Flume - is a system of agents that populate a Hadoop cluster. These agents are deployed across an IT infrastructure and collect data and integrate it back into Hadoop.  Oozie - coordinates jobs written in multiple languages such as Map Reduce, Pig and Hive. It is a workflow system that links these jobs and allows specification of order and dependencies between them. ©EnterpriseGRC Solutions, Inc.® 2012, All Rights Reserved 20
  • 21. Reference Slide: Mahout Sqoop  Mahout - is a data mining library that implements popular algorithms for clustering and statistical modeling in MapReduce.  Sqoop - is a set of data integration tools that allow non-Hadoop data stores to interact with traditional relational databases and data warehouses. ©EnterpriseGRC Solutions, Inc.® 2012, All Rights Reserved 21
  • 22. Reference Slide: NoSQL  NoSQL(Not only SQL) - refers to a large class of data storage mechanisms that differ significantly from the well-known, traditional relational data stores (RDBMS). These technologies implement their own query language and are typically built on advanced programming structures for key/value relationships, defined objects, tabular methods or tuples.  NoSQL as a term is used to describe the wide range of data stores classified as big data. Some of the major flavors adopted within the big data world today include  Cassandra,  MongoDB,  NuoDB,  Couchbase and  VoltDB. ©EnterpriseGRC Solutions, Inc.® 2012, All Rights Reserved 22
  • 23. True or False: Social Data is a part of our Corporate Assets? “The Value of our Data” Where is Data? Who’s using it?  What is Data Quality? What is Data Integrity?  How do we Enforce Data Retention?  What Is our Data Liability?  Can we spot the difference between an Illusion of Influence and Actual Influence  What was my data cost in researching this or any topic? ©EnterpriseGRC Solutions, Inc.® 2012, All Rights Reserved 23 http://news.cnet.com/8301-1001_3- 57434736-92/big-data-is-worth- nothing-without-big-science/
  • 24. Cloud will create 14 Millions Jobs by 2014 Twitter - tweet Digg LinkedIn Share Login Questionnaire Like Bury Login Login Login Digg Like New Threats New Fraud New Markets
  • 25. Understanding Big Data Risk is Complex  Where is the data?  Can we trust the data?  (False negatives eventually self correct, but do we have the time?) ©EnterpriseGRC Solutions, Inc.® 2012, All Rights Reserved 25
  • 26. Tracking, Liable, Exploit is Complex  Something on this page is “blocked”.  I am on the fence about buying that very dresser. I wonder if McAfee caught that I was being tracked by an unsafe source? For this exercise, I elect to unblock. ©EnterpriseGRC Solutions, Inc.® 2012, All Rights Reserved 26
  • 27. Perhaps Data Governance Should Consider Source – Or Not use the Word “Governance” ©EnterpriseGRC Solutions, Inc.® 2012, All Rights Reserved 27  Should the information we commingle with news differ from the information used for advertising?
  • 28. What Is Our Reputational Risk? ©EnterpriseGRC Solutions, Inc.® 2012, All Rights Reserved 28 How Will The Market Feel When they See What We Paid and What We Made? How will we differentiate the use of big data, as opposed to big distraction?
  • 29. Test if Functionality is Limited by Restricting Cookies – Know the Risk to Reader ©EnterpriseGRC Solutions, Inc.® 2012, All Rights Reserved 29  This test shows that we can examine rank without being tracked
  • 30. Can We Trust the Media to Recommend a Product? ©EnterpriseGRC Solutions, Inc.® 2012, All Rights Reserved 30 If results favor a company’s investments isn’t this a step along the path to fraud? This is not a dig on CNET. It’s a question about doing what everyone else is doing. For example, New York Times, and Wall Street Journal have set privacy and governance that would restrict this
  • 31. GPS Act – Example Law The GPS Act, short for the Geolocation Privacy and Surveillance Act, is a bill co-sponsored by Senator Ron Wyden (D-OR) and Rep. Jason Chaffetz (R-UT) and introduced to the Senate and House in June 2011. The bill would impose tighter restrictions on how and in what instances law enforcement agencies could legally obtain cell user location information, requiring a warrant in all cases exception a few narrowly-defined emergency situations, such as when an officer “reasonably determines,” that there is risk of “immediate danger of death or serious physical injury to any person,” or “conspiratorial activities” relating to national security or “characteristic of organized crime.” The bill has been read twice and is stalled in committee. ©EnterpriseGRC Solutions, Inc.® 2012, All Rights Reserved 31 The GPS Act Supports Legitimate Investigations and Protects Privacy
  • 32. Facebook Resolves User Right of Publicity Claims Concerning Sponsored Stories Advertising Facebook recently settled a class-action lawsuit stemming from Facebook’s alleged unauthorized use of users’ photographs in ‘sponsored stories’ advertisements on its site. The class action plaintiffs alleged that Facebook’s use of their images in “Sponsored Stories” advertisements violated the plaintiffs’ rights under the California right of publicity statute, which reserves to the individual the right to control their image for commercial purposes. Under the terms of the settlement, Facebook agreed to pay a total of $20 million, with half of the settlement funds donated to charities and law schools, and the other half going to plaintiffs’ attorneys. Other than the three class representatives, no Facebook users will receive any funds from the settlement. Facebook users had been serving as unwitting brand promoters on the site, appearing without their permission or knowledge in promotional ‘stories’ featuring advertised products and services. Merely ‘liking’ a company or brand functioned as an effective opt-in that allowed Facebook to use the user’s image in that company or brand’s advertising on the site. The only means of withdrawing from promotional use of one’s image was to ‘unlike’ the brand, which, prior to this settlement, was not an easy feat. […] Published In: Civil Remedies Updates, Communications & Media Law Updates, Personal Injury Updates, Privacy Updates © Kilpatrick Townsend 2012 | Attorney Advertising ©EnterpriseGRC Solutions, Inc.® 2012, All Rights Reserved 32  Kilpatrick Townsend on 7/11/2012 authors: Barry M. Benjamin; Andrew I. Gerber
  • 33. When We Use Social Data for A Business Decision, Are We Protected Under CDA 230?  Section 230 of Title 47 of the United States Code (47 U.S.C. § 230) was passed as part of the much-maligned Communication Decency Act of 1996. Many aspects of the CDA were unconstitutional restrictions of freedom of speech, but this section survived and has been a valuable defense for Internet intermediaries ever since. "By its plain language, § 230 creates a federal immunity to any cause of action that would make service providers liable for information originating with a third- party user of the service”. Zeran v. America Online, Inc., 129 F.3d 327, 330 (4th Cir. 1997), cert. denied, 524 U.S. 937 (1998)  EFF maintains an archive of CDA cases: http://www.eff.org/legal/ISP_liability/CDA230/  http://ilt.eff.org/index.php/Table_of_Contents ©EnterpriseGRC Solutions, Inc.® 2012, All Rights Reserved 33 Defamation: CDA Cases – consider Yelp and other reputation data
  • 34. How Might Social Data Open a Company to Hate? ©EnterpriseGRC Solutions, Inc.® 2012, All Rights Reserved 34  Is this a crowdsourcing benefit or a liability?
  • 35. Risks in Life Logging - ENISA  R1 – Breach of privacy  R2 – Inappropriate secondary use of data  R3 – Malicious attacks on smart devices increase as their value to authenticate individuals and store personal data increases  R4 – Compliance with and enforcement of data protection legislation made more difficult  R5 – Discrimination and exclusion  R6 – Monitoring, cyber-stalking, child grooming and “friendly” surveillance  R7 – Unanticipated changes in citizens’ behavior and creation of an “obedient” citizen  R8 – Poor decision making / inability to make decisions  R9 – Psychological harm  R10 – Physical theft of property or private information from home environment  R11 – Reduction of choices available to individuals as consumers and user lock-in  R12 – Decrease of productivity To log or not to log? - Risks and benefits of emerging life-logging applications http://www.enisa.europa.eu/activities/risk-management/emerging-and-future- risk/deliverables/life-logging-risk-assessment/to-log-or-not-to-log-risks-and-benefits-of- emerging-life-logging-applications
  • 37. Should We Show Off our Connections?  April 28th , 2012 “Look at Me, me, me” ©EnterpriseGRC Solutions, Inc.® 2012, All Rights Reserved 37
  • 38. Who Are We Hurting When We Give Information Away?  Why don’t we regulate companies that exceed a million user threshold? ©EnterpriseGRC Solutions, Inc.® 2012, All Rights Reserved 38
  • 39. Why Are We So Willing to Give Away our Data? ©EnterpriseGRC Solutions, Inc.® 2012, All Rights Reserved 39  After ten minutes of viewing Collusion, I decide to block all tracking sites.
  • 40. What Happens When We Turn Off Tracking? ©EnterpriseGRC Solutions, Inc.® 2012, All Rights Reserved 40
  • 41. What Do We Lose When We Turn Off Tracking? If a follower is worth $118, I lost $35K (I lost nothing) ©EnterpriseGRC Solutions, Inc.® 2012, All Rights Reserved 41
  • 42. Can We Act On the Advice of Others? ©EnterpriseGRC Solutions, Inc.® 2012, All Rights Reserved 42  What are the implications of driving business decisions that involve access or use of the web?  If followers are assets, then isn’t the discouraging of traffic a form of
  • 43. Who Are the Contributors to the Information We Trust? Can they have a Paid Agenda?  Should we better qualify contributors in our big data sets? ©EnterpriseGRC Solutions, Inc.® 2012, All Rights Reserved 43
  • 44. Bad Rating V. Buying a High Score  Affiliate Programs SHOULD NOT be represented as Community Rating ©EnterpriseGRC Solutions, Inc.® 2012, All Rights Reserved 44
  • 45. © Gartner, Doug Laney on Value of Data Infonomics: The Practice of Information Economics  The Value of Information  Why Put a Value on Information?  Information is a Unique Asset  Where Are Information Assets on the Balance Sheet?  Reasons to Acknowledge and Account for Information as an Asset  Measuring the Value of Your Information  Understanding Your True Information ROI  Securing Your Information  Influencing Your Corporate Valuation  Assessing Contractual Risks  Borrowing Against Information  Bartering With Information  Selling Information Doug Laney is research vice president for Gartner ©EnterpriseGRC Solutions, Inc.® 2012, All Rights Reserved 45 “Information assets cannot be formally recognized according to accounting standards, but in time that may change”
  • 46. What is the Basis for Posting Value?  The sample shows a small business site valued at one MILLIONTH the other companies, that topped placement in a financially valued list. The company in first place has made no revenue as a result of that placement. ©EnterpriseGRC Solutions, Inc.® 2012, All Rights Reserved 46
  • 47. Unless We Enforce Standards in User Engagement Reporting We May Destroy Our Information Economy  What Are The Incentives to Lie?  How do we define Propaganda?  What constitutes illegal protest? ©EnterpriseGRC Solutions, Inc.® 2012, All Rights Reserved 47
  • 48. We Have to Define Free Speech and our Rights to Influence Others  Free speech is not for pay  Free speech is not automated in a batch of hundreds or thousands of communicated response  We have to safeguard our rights to be counted  Instead of making it illegal to track me, perhaps it should be illegal to MISTRACK me. ©EnterpriseGRC Solutions, Inc.® 2012, All Rights Reserved 48
  • 49. Wash Your Hands Before You Eat  What are some of the things we should clean or delete?  Competitors from your first connections  Private Phone messages stored for playback on the internet  Facebook applications (unless the product is well understood and serves specific scope and function)  Anonymous identities (oxymoron?)  Connections representing bias or undue influence  Hateful comments, explicit content, personal content  Anything that stores your password and shares your identity with other applications ©EnterpriseGRC Solutions, Inc.® 2012, All Rights Reserved 49
  • 50. Questions?  Yeah, me too.  I use social media to track the security flaws in social media ©EnterpriseGRC Solutions, Inc.® 2012, All Rights Reserved 50

Notas do Editor

  1. Audience is told to gain more insight from the source document. http://info.talend.com 2.1. Recommendation Engine For years, organizations such as Amazon, Facebook and Google have used recommendation engines to match and recommend products, people and advertisements to users based on analysis of user profile and behavioral data. These problems were some of the first tackled by big data and have helped develop the technology into what it is today. 2.2. Marketing Campaign Analysis The more information made available to a marketer the more granular targets can be identified and messaged. Big data is used to analyze massive amounts of data that was just not possible with traditional relational solutions. They are now able to better identify a target audience and identify the “right” person for the “right” products and service offerings. Big Data allows marketing teams to evaluate large volumes from new data sources, like click-stream data and call detail records, to increase the accuracy of analysis. 2.3. Customer Retention and Churn Analysis An increase in products per customer typically equates to reduce churn and many organizations have large-scale efforts to improve this key performance indicator. However, analysis of customers and products across lines of business is often difficult as formats and governance issues restrict these efforts. Some enterprises are able to load this data into a Hadoop cluster to perform wide scale analysis and identify patterns that indicate which customers are most likely to leave for a competing vendor or better yet, which customers are more likely to expand their relationship with the company. Action can then be taken to save or incent these customers. 2.4. Social Graph Analysis There are users and there are “super” users in any social network or community and it is difficult to identify these key influencers within these groups. With big data, social networking data is mined to identify the participants that pose the most influence over others inside social networks. This helps enterprises ascertain the “most important” customers, who may or may not be the customers with the most products or spend as we traditionally identify with business analytics. 2.5. Capital Markets Analysis Whether looking for broad economic indicators, specific market indicators, or sentiments concerning a specific company or its stocks, there is a wealth of data available to analyze in both traditional and new media sources. While basic keyword analysis and entity extraction have been in use for years, the combination of this old data with new sources such as Twitter and other social media sources provide great detail about public opinion… in near real-time. Today, most financial institutions are using some sort of sentiment analysis to gauge public opinion about their company, market, or the economy as a whole. 2.6. Predictive Analytics Within capital markets, analysts have used advanced algorithms for correlations and probability calculations against current and historical data to predict markets as standard practice. The large amounts of historical market data, and the speed at which new data needs to be evaluated (e.g. complex derivatives valuations) make this a big data problem. The ability to perform these calculations faster and on commodity hardware makes big data a reliable substitute for the relatively slow and expensive legacy approach. 2.7. Risk Management Advanced, aggressive organizations seek to mitigate risk with continuous risk management and broader analysis of risk factors across wider sets of data. Further, there is mounting pressure to increase the speed at which this is analyzed despite a growing volume of data. Big data technologies are growing popularity to solve this issue as they parallelize data access and computation. Whether it is cross-party analysis or the integration of risk and finance, risk-adjusted returns and P&L require that growing amounts of data be integrated from multiple, standalone departments across the firm, and accessed and analyzed on the fly. 2.8. Rogue Trading Deep analytics that correlate accounting data with position tracking and order management systems can provide valuable insights that are not available using traditional data management tools. In order to identify these issues, an immense amount of near real time data needs to be crunched from multiple, inconsistent sources. This computationally intense function can now be accomplished using big data technologies. 2.9. Fraud Detection Correlating data from multiple, unrelated sources has the potential to catch fraudulent activities. Consider for instance the potential of correlating Point
  2. How do we establish ROI? Should we be defining one side of data, as opposed to a two way communication? Strategy by customer segment has implications to privacy and identity The need to qualify social data is the basis of entirely new services If those services are new, how will we validate control over the interpretation of those results?
  3. How do we establish ROI? Should we be defining one side of data, as opposed to a two way communication? Strategy by customer segment has implications to privacy and identity The need to qualify social data is the basis of entirely new services If those services are new, how will we validate control over the interpretation of those results?
  4. MapReduce as a framework MapReduce enables big data technology such as Hadoop to function. For instance, the Hadoop File System (HDFS) uses these components to persist data, execute functions against it and then find results. The NoSQL databases, such as MongoDB and Cassandra use the functions to store and retrieve data for the respective services. Hive uses this framework as the baseline for a data warehouse. How Hadoop Works Hadoop was born because existing approaches were inadequate to process huge amounts of data. Hadoop was built to address the challenge of indexing the entire World Wide Web every day. Google developed a paradigm called MapReduce in 2004, and Yahoo! Eventually started Hadoop as an implementation of MapReduce in 2005 and released it as an open source project in 2007. Much like any other operating system, Hadoop has the basic constructs needed to perform computing: It has a file system, a language to write programs, a way of managing the distribution of those programs over a distributed cluster, and a way of accepting the results of those programs. Ultimately the goal is to create a single result set. With Hadoop, big data is distributed into pieces that are spread over a series of nodes running on commodity hardware. In this structure the data is also replicated several times on different nodes to secure against node failure. The data is not organized into the relational rows and columns as expected in traditional persistence. This lends to the ability to store structured, semi-structured and unstructured content. There are four types of nodes involved within HDFS. They are:  Name Node: a facilitator that provides information on the location of data. It knows which nodes are available, where in the cluster certain data resides, and which nodes have failed.  Secondary Node: a backup to the Name Node  Job Tracker: coordinates the processing of the data using MapReduce  Slave Nodes: store data and take direction from the Job Tracker. A Job Tracker is the entry point for a “map job” or process to be applied to the data. A map job is typically a query written in java and is the first step in the MapReduce process. The Job Tracker asks the name node to identify and locate the necessary data to complete the job. Once it has this information it submits the query to the relevant named nodes. Any required processing of the data occurs within each named node, which provides the massively parallel characteristic of Map Reduce. When the each node has finished processing, it stores the results. The client then initiates a "Reduce" job. The results re then aggregated to determine the “answer” to the original query.. The client then accesses these results on the filesystem and can use them for whatever purpose. Pig The Apache Pig project is a high-level data-flow programming language and execution framework for creating MapReduce programs used with Hadoop. The abstract language for this platform is called Pig Latin and it abstracts the programming into a notation, which makes MapReduce programming similar to that of SQL for RDBMS systems. Pig Latin is extended using UDF (User Defined Functions), which the user can write in Java and then call directly from the language. Hive Apache Hive is a data warehouse infrastructure built on top of Hadoop (originally by Facebook) for providing data summarization, ad-hoc query, and analysis of large datasets. It provides a mechanism to project structure onto this data and query the data using a SQL-like language called HiveQL. It eases integration with business intelligence and visualization tools. HBase HBase is a non-relational database that runs on top of the Hadoop file system (HDFS). It is columnar and provides fault-tolerant storage and quick access to large quantities of sparse data. It also adds transactional capabilities to Hadoop, allowing users to conduct updates, inserts and deletes. It was originally developed by Facebook to serve their messaging systems and is used heavily by eBay as well. HCatalog HCatalog is a table and storage management service for data created using Apache Hadoop. It allows interoperability across data processing tools such as Pig, Map Reduce, Streaming, and Hive and a shared schema and data type mechanism. Flume Flume is a system of agents that populate a Hadoop cluster. These agents are deployed across an IT infrastructure and collect data and integrate it back into Hadoop. Oozie Oozie coordinates jobs written in multiple languages such as Map Reduce, Pig and Hive. It is a workflow system that links these jobs and allows specification of order and dependencies between them. Mahout Mahout is a data mining library that implements popular algorithms for clustering and statistical modeling in MapReduce. Sqoop Sqoop is a set of data integration tools that allow non-Hadoop data stores to interact with traditional relational databases and data warehouses. NoSQL(Not only SQL) NoSQL refers to a large class of data storage mechanisms that differ significantly from the well-known, traditional relational data stores (RDBMS). These technologies implement their own query language and are typically built on advanced programming structures for key/value relationships, defined objects, tabular methods or tuples. The term is often used to describe the wide range of data stores classified as big data. Some of the major flavors adopted within the big data world today include Cassandra, MongoDB, NuoDB, Couchbase and VoltDB.
  5. This presentation took much longer for far fewer answers than other topics. My alarm was in the cross usage of my LinkedIn data, which I pay for, and had not considered as information “for sale”.
  6. Just reading the news I have engaged in “Life logging” Will these jobs be in the US?
  7. I am on the fence about buying a Lenovo too. Was it really “unsafe”? I wonder why?
  8. (America Disclose Act)
  9. If the US Government knows that they can buy this information from Facebook, then they probably don’t need to care if in court they win or lose. The question for us as citizens is, do we want any entity to have this much information? Should the phone companies be able to provide this intel to anyone?
  10. Automation for the purpose of review means that the content is not “opinion”
  11. Yes, I am plugging McAfee. They earned it.
  12. Webutation has responded in writing that they are actively questioning their continued affiliation with WOT Defamation of character has been a cause of action at law, involves false, defamatory statements made to a third party which cause damages. Some statements can be privileged - immune from suit, i.e. statements made in court cases. Slander is when the statements are oral. When the statements are written, they are libel. Related causes of action include public disclosure of private facts and portrayal in a false light. It is more difficult for public figures to sue for defamation of character because they have thrust themselves into the public eye.
  13. Infonomics: The Practice of Information Economics By Douglas Laney Gartner, Inc. Today it’s very likely that you and your other business and IT leaders regularly talk about information as one of your most valuable assets. But do you value or manage information like one? Consider your company’s well-honed supply chain and asset management practices for physical assets, or your financial management and reporting discipline. Do you have similar accounting and asset management practices in place for your “information assets?” Not likely, but no worries, few do. When considering how to put information to work for your organization, it’s important to go beyond thinking and talking about information as an asset, to actually valuing and treating it as one. This is the basis of the new theory and emerging discipline of Infonomics which provides organizations a foundation and methods for quantifying information asset value and formal information asset management practices. Infonomics posits that information should be considered a new asset class in that it has measurable economic value and other properties that qualify it to be accounted for and administered as any other recognized type of asset—and that there are significant strategic, operational and financial reasons for doing so. The Value of Information Although information arguably meets accounting standards criteria for an asset, and more specifically, further litmus tests for an intangible asset, it is not found on public companies’ balance sheets. Regardless of what our 75-year old accounting standards dictate, if you’re not quantifying information’s value then you’re not likely to be generating or demonstrating sufficient value from it. Nor are you reaping any of the other potential benefits from quantifying information’s value. While involving the CFO in valuing your company’s data may be premature, doing so may also assist him or her in demonstrating overall corporate wealth and health to the board and investors. Even non-economic indicators of information value, quality and performance can help IT organizations and businesses set a course for better managing and leveraging information. In fact, organizations that are intent on becoming more information-centric, as well as those that have altogether information-based business models, should make it a critical function to audit the actual and potential value of their information assets. Why Put a Value on Information? We generally talk about the concept of information in either purely technical or strictly contextual terms. Information is something to be created, captured, updated, stored, moved, arranged, integrated and ultimately accessed, used (or ignored) and retired. Beyond its technical manifestation, however, information means something. It has context, particularly when applied. It is a message, an event, or a unit of knowledge. Yet information isn’t actually any of those things. Rather, it is merely symbolic of them — a proxy. While the meaning of information ultimately drives business processes and decisions, it is the increasingly efficient, neat and compact way with which we can technically represent information that allows its near-unfettered flow and accumulation. Therefore, it is both information’s meaning and physical representation that combine to improve business process performance, decision making, and innovation. Organizations whose business and IT leaders recognize this cycle and the growing importance of information are better positioned to take advantage of it. Information should no longer be seen merely as an operations by-product to be managed, or even as just a business resource to be leveraged, but it should be seen as an enterprise asset to be valued. Leading organizations in nearly every industry — including retail, financial services, manufacturing, life sciences and telecommunications — recognize information’s benefits, sometimes even above some traditional assets, in generating revenue. Information is a Unique Asset Business leaders must recognize that there are things in the business world that financial assets can’t buy, physical assets can’t perform, and humans can’t process. In supply chain and customer relationship domains, for example, many businesses would rather forego cash from business partners in lieu of a cache of information. Businesses that do a better job of compiling, managing and making available their information assets are more-valued business partners. Not only are information-based transactions fast becoming a means to avoid the tax man, it is a way to conceal certain business activity from public disclosure and thereby the prying eyes of competitors. Once the corner store clerk knew his customers’ buying habits, family, financial situation and personal interests. Today, this familiarity must be approximated on a grander scale in a global online information-based marketplace. Information assets and analytics have become the necessary, albeit impersonal, substitute for this personal touch. Only by considering information as a true enterprise asset are organizations better positioned to manage and deploy it with the same discipline as traditional assets — leading to vast improvements in the realized value of information. Just as with conventional assets, information is increasingly amassed as a resource to generate tangible benefits, although primarily via improved decision making and process performance. However, business leaders are often tripped-up by the common misconception that information only has value when applied — i.e., data has no value when sitting idly in a database. This simply is not so. Just as physical inventory sitting on a shelf in a warehouse has discernible value, so do idle information assets. The difference is between realized value and the accounting definition of an asset’s value—which takes into consideration its probable future economic benefit. Organizations that treat idle information, or so-called “dark data”, as anything less than having potential economic benefit will find themselves at increased competitive disadvantage. All information has a probable future economic benefit. IT and business leaders need to keep this in mind when considering business strategies and options for acquiring, administering and applying information. This probability varies based on a number of factors, including but not limited to its completeness, accuracy, consistency, timeliness and business process relevance. And like any asset, information’s value depends upon the organization’s capacity to deploy it. The courts are split and insurers are confounded about recognizing information as a form of property. Recent legal rulings against insurers’ denied claims related to data loss or destruction sometimes have confirmed electronic data as a physical property—and other times not. This has prompted insurers to offer electronic data insurance and/or specifically exclude data in property and casualty policies. In addition to a lack of accounting visibility, many businesses also are at increasing financial and legal risk of having insufficient insurance coverage for data-related misappropriation, mishaps or misconduct. Where Are Information Assets on the Balance Sheet? In interviews with three dozen nonfinancial business executives we conducted at industry events over the past year, nearly 80% believe that their company’s information asset value is represented under Goodwill, Other Intangibles or elsewhere on the balance sheet. However, despite meeting all the criteria of an intangible asset, information surprisingly is entirely absent as an asset class on the balance sheet. Even among enterprises whose core business is the buying and selling of information (e.g., TransUnion, Experian, Dun & Bradstreet, IMS Health, A.C. Nielsen and SymphonyIRI Group), information assets are nowhere to be found on their balance sheets. Public companies are not required to inventory, quantify or assess the value of their information assets. Yet, these assets are either their primary source of revenue generation, or increasingly and materially contribute to their top line. Even intangible assets, such as copyrights, patents and brand, are reported in financial statements. Therefore, the growing disparity between corporate book values and market values is in large part due to the undisclosed value of information assets. Case-in-point is the yawning gap between Facebook’s near $100B market valuation versus its book value of under $7 billion. As a pure information-based business, this suggests that Facebook’s off-balance sheet information assets generated by nearly a billion unassuming, unpaid information workers ostensibly are worth more than $90 billion. This figure represents the investing public’s present-value expectations of Facebook’s ability to monetize this data. While some companies may claim that information is not possible to quantifiably value, valuation models for other similarly non-depleting balance sheet intangibles are straightforward enough to apply. Reasons to Acknowledge and Account for Information as an Asset Regardless of what financial reporting standards may dictate, quantifying the value of information assets offers a range of benefits to your enterprise: Measuring the Value of Your Information First is the maxim that “you can’t manage what you don’t measure.” Enterprises regularly invest in data collection, management and access technologies, resources and projects with only a vague estimation of the economic benefit this information will deliver. Without mapping the probable usage of data to actual business processes, projects and technologies can hardly be justified, nor can ROI be computed. Understanding Your True Information ROI Similarly, organizations spend significant slices of their IT budget on information management. Only by measuring the comparative value that information delivers before and after this investment can they determine the ROI on information management initiatives. Otherwise these investments are perceived and recorded only as a sunk cost. Securing Your Information Consider the millions of dollars organizations spend securing information assets. These solutions should be budgeted in direct relation to the probable economic value of losing or misappropriating data, but are not. They proceed on the broad assumption that information security solutions merely cost less than the probable economic loss over their life span. How does an organization know whether it’s spending too much or too little on information security without quantifying the information’s value? Influencing Your Corporate Valuation At some point during a business’ lifetime, it inevitably encounters opportunities to be acquired. The ability to claim and receive a premium valuation based on a formal quantification of information asset value can translate into found money. Conversely, a business with strong skills in monetizing information assets may find that potential acquirees with a wealth of underutilized information assets are a sweet deal. Assessing Contractual Risks Most legal contracts fail to specify whether parties are indemnified for the misuse, damage or loss of electronic data. Although some courts have begun to side on the notion of e-data as “tangible property,” protracted litigation is no fun, and assessed damages are still a judicial art. Understanding the value of information that potentially falls under the dominion of any contract can help companies better assess a contract’s value and risks, and to set damage limits. Borrowing Against Information Over the next decade, Gartner foresees the potential of information being used to collateralize loans. Particularly for information-centric businesses and others that have demonstrable (if not auditable) valuation models for information assets, the ability to obtain lines of credit against the value of their customer database, for example, will become a viable option. Ultimately “information banks” will emerge to handle information-related safekeeping, access, transactions and investments. Bartering With Information Even as early as the 1990s, officials from the Internal Revenue Service were acutely aware of the practice of bartering with information. Nearly two decades later, revenue service organizations around the world still have no answer for this gray market created by information as a currency. The simple act of swiping one’s grocery store loyalty card for free food has evolved into a way of doing business among large enterprises. If information is a currency in this new “infoconomy,” then it should be translatable into common economic terms. Organizations that have valid methods for quantifying their (and others’) information value are in a stronger negotiating position with business partners, and better poised to innovate around information-based bartering than those without such methods. Selling Information Information can be directly monetizable as a viable product itself. Just as once the lumber industry discarded shavings but now profits from this byproduct (e.g., artificial logs, mulch and particle board), most enterprises generate a wealth of data that may be more valuable to others than to their own organizations. Packaging the data and testing the market leads to new revenue sources for forward-thinking business leaders. As this practice becomes more prevalent, we anticipate the emergence of a vibrant information marketplace industry for commercial data assets. For now, information assets cannot be formally recognized according to accounting standards, but in time that may change. Regardless, we believe it is a good practice for businesses to begin internally valuing their information assets so they can manage and wield them more effectively. Supplemental balance sheets that include information asset value can be an effective tool for planning, measuring and demonstrating information management maturity. They will also give CEOs a better overall picture of corporate value; give CFOs a tool for gauging investments and performance; and give CIOs, who manage and help business units brandish information as a strategic asset, a seat at the strategy table. Accounting treatments aside, if you’re not measuring the actual benefits generated from information assets versus their potential, then you’re in a poor position to recognize and close that gap. That is, you are possibly incurring greater “inventory carrying costs” for information than the economic value they’re generating. Especially in this era of Big Data, that differential manifests as an ever-ominous IT budget line item. But at the same time it represents a massive opportunity and clear impetus to aggressively identify and implement ways to monetize your information assets, both indirectly and directly. Doug Laney is a research vice president for Gartner, where he covers business analytics solutions and projects, performance management, and data-governance-related issues.
  14. Challenge the ROI See if there are controllers from any of the top 18 companies in the audience
  15. Replace anonymous with protected. There is no such thing as anonymous.