Big Data - NCSC

National Cyber Security Centre - Guidance on Big Data

The NCSC have a wealth of guidance on best practice (https://www.ncsc.gov.uk/) particularly on safeguarding and protecting the privacy when huge amounts of data are stored and processed. These include:

  1. cataloguing your data;

  2. ensuring you only keep data necessary for your business;

  3. awareness of any vulnerabilities;

  4. employ access control based on least privilege;

  5. employ strong identity and authentication for privileged users;

  6. employ strong supplier/third party management (there is more of this under the GDPR banner on this site);

  7. there is an audit trail - you log access to data;

  8. Software development is secure (Dev-Sec-Ops) - test 3rd Party software against OWASP Top 10;

  9. Don't use unsupported software;

  10. employ a protective monitoring regime to detect cyber-attacks AND internal attacks;

  11. Incorporate automatic alerts if compromise is detected;

  12. All access processes are controlled - restrain bulk access - check interfaces of access;

  13. Restrict user rights from accessing large quantities of records at once, reduce search capabilities;

  14. Protect administrator accounts from cyber compromise;

  15. Ensure integrity of Back Ups.

             Unfortunately some of the guidance is disjointed and hard to find (I understand the search engine is due for improvement), so I have provided more detail on these guidelines in the PDF.  Please feel free to open and download for future reference.

‚Äč

07927451 - Incorporated on 27 January 2012

2 Lancaster Close, Bournville, Birmingham, England