Protecting Aggregated Data

Citation
US-CERT, Protecting Aggregated Data (June 22, 2012; rev. Feb. 6, 2013) (full-text).

Overview
In their ongoing quest for improved operational efficiency, organizations have come to rely on the ability to collect, access, and process large volumes of [[electronic data (aggregated data). This reliance has evolved with the development of sophisticated database software and the growing availability of hardware with storage capacity measured in terabytes. By possessing such large volumes of data, however, organizations assume certain risks and responsibilities. Large data stores are valuable informational assets that have become targets for cyber criminals.

By applying sound management principles and good security practices, organizations can mitigate these risks and better protect the aggregated data under their control. This paper discusses the security issues, business impacts, and potential strategies of U.S. industry, government, and academic organizations that create and maintain large aggregations of data, such as digital repositories, databases, data warehouses, and aggregated information systems.

This paper first examines characteristics of data with respect to how these data can create security management challenges when information is compiled and aggregated. The paper also highlights consequences, negative impacts and ramifications to organizations, partners, and users due to data compromise including manipulations, disruptions, disclosures, thefts, and loss. Finally, the paper discusses effective security management approaches and strategies to address the issues and to mitigate risks.