To share data or not to share data. It’s an ongoing debate in security. On one side greater sharing means improved education and better incident detection. But opening your data bank may reveal your security foibles, possibly making you more susceptible to attacks.
Alex Hutton (@alexhutton), now with Zions Bancorporation, is squarely a “share data” advocate. Formerly with Verizon where he was integral in publishing the VERIS (Verizon Enterprise Risk and Incident Sharing) report, Hutton is trying to move that collaborative incident sharing into the next stage of true data sciences.
“It’s a natural progression,” said Hutton.
Audit has been toying with the idea of whether they’re going to take on the role of risk management, said Hutton. It’s a hotly debated issue. Will audit just stay in audit or will risk management be part of their job profile? Hutton argues risk management should be a data science, and that requires analysis of a lot of data.
Big Data – Tread Cautiously
The banking industry has been playing in the Big Data sandbox for quite some time, said Hutton. The rest of the industry is waking up to the detection possibilities of analyzing such a mountain of information.
While the end goal of data sciences is to protect the consumer and business network, you need to tread cautiously. If you don’t have a taxonomy and goal framework, you’re not ready to talk about Big Data technology, Hutton said.
For a little background, watch my interview with Hutton from last year’s RSA where we talked about standardizing risk and incident reports via VERIS.
Stock photo of networking plugs courtesy of Shutterstock.