News & Commentary

12:33 PM
Lynn Price
Lynn Price
Commentary
50%
50%

Seven Ways Banks Can Leverage a 'Security Data Scientist'

Business leaders are striving to turn their Big Data into Big Returns.

Security executives are stepping in line and forming their own strategies, approaches, and use cases to achieve that new competitive edge. CISO’s are conquering this frontier by reducing risk and fraud, whether it stems from cyber data loss or questionable customer transactions.

In general, businesses have made progress in laying the foundations for the required technical data-mart infrastructure and the organization structure to support big data security initiatives. And yet, there is much work to be done in other component areas of the complex journey of building the successful security program.

Organizations can benefit by leveraging existing skilled and proven data scientists from within the core business community to propel the journey forward.

Here are seven ways that CISOs of banking institutions can leverage the Security Data Scientist:

  • Blueprint the program: Most security and Big Data experts agree that starting with a blueprint for a holistic cyber security program is key. Tenets of this blueprint start with understanding business requirements first, then the infrastructure and data sources. Quantitative analysis is later performed to support the business opportunity.
  • Define Use Cases: Identify the criteria for success through business use cases tying back to bigger business drivers and objectives. In the banking and financial services industries this can often be tied to imperatives such as the mitigation of data loss, reduction of fraud, and the identification of low profile cyber-attacks.
  • Understand the current implementation level: Most organizations have early forms of big data solutions in-house, and it only makes sense to get educated on their implementation and how they stack up against industry standards. This is a logical starting point of the program.
  • Merge business and security data: To bring about a data rich view of enterprise security, business information should be merged with security information. The technology platform should support the collection of all information, structured and unstructured, in a centralized repository.
  • Identify long range technologies: It is important to evaluate technologies and tools currently in play using a long range lens for inclusion in the program. Move away from point products that don’t have a long life value to the program; accommodate technologies that do. Internal business experts in data science can help create the foundations for the security data management program. Data scientists have long associations with backbone banking functions such as financial performance, risk management, and operational management. These scientists are better positioned to present a holistic view of the business and integrate security across silos.
  • Identify skills and expertise: : Staffing the big data security program is paramount as these resources will provide the ongoing viability of the program. The role of security data scientist intersects two high demand areas: Big Data and cyber security. The qualified security data scientist must be able to apply skills and technologies to security risk in the world of finance. As it may be difficult to find staff in both skill areas it may be necessary to blend people with data skills with people with security skills.

    They will formulate trends, point to keen insights and conclusions, and make recommendations for business decisions. They will assist Security Operations in the early identification of brewing cyber-attacks or even questionable behaviors of employees, clients and partners.

  • Sponsorship: Studies have shown there is a changing pattern of executive sponsorship. Most big data security efforts are driven by the CIO or CISO as the early stages are related to technology adoption. As organizations advance to a mature big data security program, and the value proposition is realized, sponsorship will likely gain support from other business units and executive levels.

Big Data means many things to many people. It crosses the technology realm into the business realm. The early e-commerce adopters of large scale Big D fraud detection have realized very tangible and measureable results. As customer profiles for ad agencies are generated in sub-second response time, it is imaginable to do the same for transaction scoring. It is time to jump on the big data band wagon.

Lynn Price is a Banking and Financial Services Security Specialist at IBM

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
KBurger
50%
50%
KBurger,
User Rank: Author
5/20/2013 | 2:59:16 PM
re: Seven Ways Banks Can Leverage a 'Security Data Scientist'
Interesting, and probably a challenge for bank's to establish this kind of expertise. Not only are they competing for talent/skills around analytics, I've also read that Chief Info Security Officers (and other related senior security roles) are among the hardest to fill right now, so much competition for "best & brightest" in this space. Bringing the 2 together must be an even bigger challenge,
Jonathan_Camhi
50%
50%
Jonathan_Camhi,
User Rank: Author
5/17/2013 | 11:01:10 PM
re: Seven Ways Banks Can Leverage a 'Security Data Scientist'
Security and fraud prevention is by far the biggest area of big data investment among banks. It's one of the easiest areas to show a threat and benefit for the investment, and a much-needed tool in today's fraud environment.
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Janice, I think I've got a message from the code father!
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.