43 MARISMA-BiDa Pattern: Integrated Risk Analysis for Big Data

Data is one of the most important assets for all types of companies, which have undoubtedly grown their quantity and the ways of exploiting them. Big Data appears in this context as a set of technologies that manage data to obtain information that supports decision-making. These systems were not conceived to be secure, resulting in significant risks that must be controlled. Security risks in Big Data must be analyzed and managed in an appropriate manner to protect the system and secure the information and the data being handled. This work proposes a risk analysis approach for Big Data environments, which is based on a security analysis methodology called MARISMA (Methodology for the Analysis of Risks on Information System), supported by a technological environment in the cloud (eMARISMA tool) already used by numerous clients. Our proposal, called MARISMA-BiDa, is based on the main related standards, such as ISO/IEC 27000, or the NIST Big Data reference architecture or ENISA and CSA recommendations for Big Data.