Context - aware information security in the world of big data

Abstract

For the first time computer launched foreign assaults on U.S. infrastructure were ranked higher in the U.S. intelligence community's annual review of worldwide threats than worries about terrorism (Dilanian, 2013). That alone speaks volumes about the importance and critical need for information security management – for national as well as international security. As the world heads towards the massive penetration of internet through mobiles and IOT (Internet of Things) and as the world ultimately transitions from early-Pervasive to Ubiquitous computing, the internet and therefore information security are bound to be massively and inextricably enmeshed with human existence, while multiplying by many orders of complexity, sensitivity and criticality. Security awareness itself is an issue with 70% global organizations (Deloitte, 2017), one of the key reasons being- lack of a concise yet comprehensive and contemporary information security context. This paper traverses the vast landscape of information security quickly to construct and provide a first ever big picture of the contemporary information security context while providing an eye-opening discussion of what are thought of as “current safe information security practices”. This work further finds that though not widely known yet - existing paradigms, already insufficient to provide sustainable information security, are going to fall woefully short either on protection or coverage, or even be rendered obsolete. Taking cues from the shortcomings pointed out by early Big Data practitioners, the paper recommends the use of context-aware Big Data practice for security analytics and discusses how the Big data-6C paradigm may help. The importance of machine learning for delivering context and context-awareness, is emphasized, to emerge with a set of potential winning approaches centering on malbehavior prevention and resilience. The first ever contextual framework for malbehavior that may serve as the core of context-aware security systems, and a wider Cyber-Physical contextual framework that may provide sustainable information security, are also proposed.