Task1: Fix the Dissertation for the 2 comments mentioned in the document and any grammer issues
Task 2: Please also provide a saparate documet telling all the places you made the changes.
Task 3: please check plaigarism
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
1
Information Security Framework for Solving Big Data Privacy Issues
***Name***
Submitted to the Faculty of the Graduate School
in Partial Fulfillment of the
Requirements for the Degree of
Philosophy Information Technology Information Technology
***UnivName***
2023
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
Approval for Recommendation
This dissertation is approved for recommendation by the faculty and administration of the
***UnivName***.
Dissertation Chair:
__________________________________
Dr. JW
Dissertation Evaluators:
__________________________________
Dr. RB
__________________________________
Dr. LF
2
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
3
Acknowledgment
I wish to express my sincere gratitude to my supervisors for their guidance and support in
carrying out the dissertation. I extend my regards to all the staff members of the Department PhDIT for their moral support and encouragement during the dissertation period. I thank my
classmates, family, and friends for their moral support, financial support, and well wishes. God
bless you all.
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
4
Abstract
Big data was unexpectedly changing the face of the global economic system in the twenty-first
century. Most organizations have faced challenges in protecting customers’ intellectual property
and safeguarding their personal information to maintain confidentiality and ensure business
integrity and stability. As a result, security frameworks deployed to solve these data privacy was
sues help most institutions safeguard information. Data privacy was a significant concern as most
companies have failed to protect the customer’s confidential information, which was paramount
in financial institutions. Although the big data that companies collect and refine can reveal
extraordinary insights that can give them a competitive edge. A large portion of the data was
personal and, if not used carefully, can lead to serious privacy violation was sues. It arises because
the companies that obtain the data mishandle it, and people like hackers and cybercriminals
compromise it. Therefore, if the data was not safeguarded well or used for the intended purpose,
it can land in the hands of people with evil intent and cause significant damage. This research seeks
to provide an information security framework to help organizations utilize big data and preserve
privacy. The research used the qualitative research method. The study population was financial
institutions in San Antonio, Texas. Informational technology experts working in the institution
provide their experience managing big data and privacy. The framework proposed provides
holistic techniques and methods that maintain privacy when handling big data.
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
5
Table of Contents
Approval for Recommendation…………………………………………………………………………………………. 2
Acknowledgment ……………………………………………………………………………………………………………. 3
Abstract …………………………………………………………………………………………………………………………. 4
Table of Contents ……………………………………………………………………………………………………………. 5
Chapter One …………………………………………………………………………………………………………………. 11
Introduction ………………………………………………………………………………………………………………. 11
Overview ………………………………………………………………………………………………………………. 11
Background and Problem Statement …………………………………………………………………………. 14
Purpose of the Study ……………………………………………………………………………………………….. 16
Significance of the Study …………………………………………………………………………………………. 17
Research Questions…………………………………………………………………………………………………. 18
Theoretical Framework……………………………………………………………………………………………. 19
Limitations of the Study ………………………………………………………………………………………….. 32
Assumptions of the Study ………………………………………………………………………………………… 33
Definitions …………………………………………………………………………………………………………….. 34
Summary……………………………………………………………………………………………………………….. 38
Chapter Two…………………………………………………………………………………………………………………. 42
Review of Literature ……………………………………………………………………………………………………… 42
Introduction …………………………………………………………………………………………………………… 42
Big Data Technologies ……………………………………………………………………………………………. 74
Data Privacy Issues …………………………………………………………………………………………………. 80
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
6
Cybersecurity …………………………………………………………………………………………………………. 83
Security Measures for the Internet of Things ……………………………………………………………… 97
Security Frameworks for Data Privacy ……………………………………………………………………. 102
Data processing…………………………………………………………………………………………………….. 116
Cryptography ……………………………………………………………………………………………………….. 119
Privacy Legal Mechanism ……………………………………………………………………………………… 122
Related Works ……………………………………………………………………………………………………… 126
The gap in the Literature ……………………………………………………………………………………….. 127
Summary……………………………………………………………………………………………………………… 128
Chapter Three……………………………………………………………………………………………………………… 130
Procedures and Methodology ……………………………………………………………………………………….. 130
Introduction …………………………………………………………………………………………………………….. 130
The Research Paradigm …………………………………………………………………………………………….. 131
Qualitative approach ………………………………………………………………………………………………… 131
One-on-one Interview Method …………………………………………………………………………………… 133
Focus Group ……………………………………………………………………………………………………………. 135
Ethnographic Research ……………………………………………………………………………………………… 137
Case Study Research ………………………………………………………………………………………………… 138
Record Keeping ……………………………………………………………………………………………………….. 139
Process of Observation ……………………………………………………………………………………………… 140
Research Design ………………………………………………………………………………………………………. 142
Sampling Procedures ………………………………………………………………………………………………… 143
Data Collection Sources ……………………………………………………………………………………………. 145
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
7
Ethics ……………………………………………………………………………………………………………………… 147
Data Processing and Analysis ……………………………………………………………………………………. 152
Data Analysis ………………………………………………………………………………………………………….. 154
Summary ………………………………………………………………………………………………………………… 162
Chapter Four ………………………………………………………………………………………………………………. 165
Research Findings ……………………………………………………………………………………………………….. 165
Introduction …………………………………………………………………………………………………………….. 165
Analysis of Research Questions …………………………………………………………………………………. 168
Supplementary Findings ……………………………………………………………………………………………. 176
Big Data Management …………………………………………………………………………………………… 177
Cyber Risk Assessment and Management………………………………………………………………… 181
Summary ………………………………………………………………………………………………………………… 186
Chapter Five ……………………………………………………………………………………………………………….. 188
Summary, Discussion, and Implications …………………………………………………………………………. 188
Introduction …………………………………………………………………………………………………………….. 188
Practical Assessment of Research Question(s) …………………………………………………………….. 189
Limitations of the Study ……………………………………………………………………………………………. 205
Recommendation of Future Studies ……………………………………………………………………………. 208
Summary ………………………………………………………………………………………………………………… 210
References ………………………………………………………………………………………………………………….. 212
Appendix A: Security areas ………………………………………………………………………………………….. 239
Appendix B: The Seven-Risk Model ……………………………………………………………………………… 240
Appendix C: Findings ………………………………………………………………………………………………….. 241
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
8
Appendix D: Scheme for addressing big data privacy concerns ………………………………………… 243
Appendix E: Informed Consent …………………………………………………………………………………….. 244
Appendix F: IRB Approval Form ………………………………………………………………………………….. 246
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
9
List of Tables
Table 5: Years of experience ………………………………………………………………………………………. 1679
Table 1: Themes ………………………………………………………………………………………………………… 1779
Table 2: Information Security Framework ……………………………………………………………………… 201
Table 3: ISO Security Framework ……………………………………………………………………………… 23942
Table 4: The Seven Risk Models ……………………………………………………………………………….. 24043
Table 5: Years of experience …………………………………………………………………………………….. 24144
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
10
List of Figures
Figure 1: Scheme for addressing big data privacy concerns…………………………………………….. 2436
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
11
Chapter One
Introduction
Overview
As customers across the globe have continued to embrace the digitization of most
business services, it was clear that customers’ data was substantially valuable to different
stakeholders. Monitoring consumer behavior is the foundation of business advertising and
market targeting today. In the last decade, big data has become a more valuable source of
significant insight for businesses than ever before.
Many companies store large datasets, intending to use them to understand customer
preferences and behavior. Clive Humbly, a British data scientist and mathematician, described
data as the new oil (Hasan et al., 2020). However, like oil data was valuable, it can only
significantly benefit refining. Oil was extracted in crude form and separated into gas, petrol,
diesel, and other forms used to make different products. The same applies to data that must be
broken down and analyzed before being useful (Hasan et al., 2020).
Big data, by definition, entails extensive data, which consists of structured, unstructured,
and semi-structured data formats (Oussous et al., 2018). IBM defines big data as “data sets
whose size or type was beyond the ability of traditional relational databases to capture, manage
and process the data with low latency. Characteristics of big data include high volume, high
velocity, and wide variety” (IBM, 2018, p. 37).
Big data analytics analyzes and retrieves large data sets that were challenging to handle
by old data processing application software. Big data analytics is the process used to analyze big
data. The primary role of big data analytics was to enable scientists, predictive modelers, and
other analytics experts in entities to make effective business decisions (Oussous et al., 2018). Big
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
12
data was applied in many fields, including the government, social media analytics, technology,
fraud detection, call center analytics, banking, agriculture, marketing, smartphones, telecom, and
health (Sahu, 2018).
Traditional data analytics and processing do not work anymore. Big data analytics can
solve numerous challenges in the real world using predictive analytics instead of typical
maintenance (Wu et al., 2020). For example, UPS was known to handle big deliveries. They can
keep up with using big data to analyze data from thousands of trucks and predict which vehicles
will likely break down, saving maintenance costs. IBM had also used these algorithms to predict
repairs Boston City needed, reducing costs. Rio used big data to predict and respond if deadly
landslides occurred (Wu et al., 2020).
Many companies require new and modern ways to conform to the latest technology
requirements, hence big data analytics (Wu et al., 2020). There was a definite transition from
premise warehousing to cloud solutions; therefore, purchasing physical hardware was
unnecessary, while cloud-based data warehouses can offer better solutions.
The user interface provides powerful management to a single platform that relies on
customers’ campaigns. The user interface uses a single platform which raises multiple IT
services demanded by customers (Mendes & Vilela, 2017). The information will respond to the
customer’s key life events, detect behavioral changes, and provide maximum security for the
data. Financial crime contributes to societal illness and economic instability. Thus, financial
inclusion as mitigation measures and prevention needs to be a priority.
Increasing financial logistics structures to support anti-financial crime organizations’
domestic and multilateral public sectors will mitigate data breaching risks (Tao et al., 2019).
These logistics enhance building a better global framework to fight financial crimes in
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
13
businesses and societal imperatives. Advancing in public and private partnerships was another
leading factor in ending these challenges. At the associated level, financial institutions and law
enforcement agencies must cooperate to protect the public from harm and crimes (Tao et al.,
2019).
Besides, cyber-reason and scale were essential successful tools to secure big data. It was
crucial to develop more strict rules and regulations to secure big data and reach global
considerations that institutions will only consider with massive financial ramifications (Tao et
al., 2019). There was a need for tool modeling to allow data collection and minimize end-user
disruptions. This solution offers provide statistical analysis to machine learning and
automatically adapt to the security environment changes. This solution will provide statistical
analysis to Al and automatically adjust to the security environment changes (Tao et al., 2019).
The economics of privacy encourages a proper collection of processed information and
stores them in a safer place for accessibility by authorized users. Moreover, the economic
perspective analysis was needed to minimize cybersecurity issues to protect user information and
ensure privacy deployment in all banking and financial institutions (Tao et al., 2019). All
banking organizations must offer their clients educational resources to lessen financial risks and
identify bank account intrusions. Utilizing knowledgeable and skilled workers will likewise
decrease the threats of assaults and give the most excellent assurance to the client data.
It was imperative to identify the current measures undertaken by a management team to
secure data which need to be implemented using the latest data security measures to protect user
information in the bank institution and government sector. Big data analytics was crucial, and
data warehousing was still required to become productive and efficient with modern techniques.
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
14
However, most organizations were believed to maintain traditional data warehousing (Jain et al.,
2016).
Background and Problem Statement
Financial institutions must deploy intellectual protection services to safeguard user
information from breaches and threats that arise with this improved technology. The existing
innovation of big data relies on revenue generation and streams to minimize life-threatening
viruses and revolutionize the organization through the lengthy investment of cybersecurity risks
(Moreno et al., 2016). Therefore, financial action task forces need some implementation
application with a common compulsory national lottery regional determination to constitute an
offense and constitute the requirement of a common sanction approach to avoid breaches.
Digital Divide
The digital divide was between regions with access to modern information and
communication technology (Solangi et al., 2018). Currently, the new economy is the latest trend.
Information and communication technology have brought many innovations, leading to the
growth and development of many world economies (Tao et al., 2019). Information
communication technology was among the reasons for the rapid economic growth we were
experiencing. However, economic growth must go hand in hand with social and democratic
agendas, especially when dealing with inclusion (Solangi et al., 2018).
There was a disadvantage to people and societies who could not be part of the modern
economy because everything operates through information communication technology.
Therefore, the digital divide leads to some communities not being part of crucial decisionmaking and proper participation (Solangi et al., 2018). On the other hand, information
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
15
communication technology was essential for all regions’ social and economic development,
prioritizing the digital divide gap.
Ending the digital divide depended on people’s exposure through proper education and
training (Solangi et al., 2018). The new technology can only be helpful if people have skills and
competence (Tao et al., 2019). The bridge can end if the schools and colleges offer the proper
education and training to ensure the most significant population is literate and has acquired the
right skills. The digital divide basis was not only on underdevelopment but also the need for
more technical knowledge. In some cases, the cost of ICT devices had led to a rise in the digital
divide. Types of digital divide include access divide, use divide, and quality of use gap (Solangi
et al., 2018).
Cybercriminals can falsify data on connected devices and send it to operational
databases. Since the banking industry has changed, customers prefer using checks over cash and
electronic banking to complete transactions. Banks have therefore developed mobile applications
and websites to enhance convenience and raise customer satisfaction (Solangi et al., 2018).
However, this change brought very significant cybersecurity dangers. Due to server security was
sues, dangerous data storage, potential data leaks, poor encryption, and insufficient
authentication and authorization when login in, many financial applications were susceptible.
Privacy was a human right. Article 12 of the Universal Declaration of Human Rights
states, “No one shall be subjected to arbitrary interference with his privacy, family, home, or
correspondence, nor attacks upon his honor and reputation. Everyone had the right to protect the
law against such interference or attacks” (United Nations, 2020, p. 4). The scope of privacy was
broad, and consequently, there were limited areas. Information was one category of privacy that
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
16
involved handling and processing personal data. People have a right to determine how they want
their information to be used and communicated to others (Mendes & Vilela, 2017).
With the advent of big data, data expansion had possibilities and usefulness; however,
unwanted privacy violations can occur (Mendes & Vilela, 2017). Financial institutions have
limitations on the extent of data analysis and usage, which prevents them from gaining big data
analytics. The world market was competitive, and with the eruption of innovations, businesses
need to stay competitive, attract customers, and be sustainable in the long run.
Purpose of the Study
This qualitative study aimed to investigate the information security tactics employed by
financial institutions to handle big data, preserve privacy, and add knowledge by presenting a
system that will safeguard user information by presenting data protection methods. The
qualitative case study approach investigated current tactics to identify the best safeguard for
creating an information security framework to ensure secure user data. Comprehensive
framework institutions can use to ensure significant data privacy was developed using the
gathered, processed, and utilized data.
The finance industry generates massive data from transitions and operations activities.
Institutions can exploit data to give new knowledge. Financial institutions have input from
customers’ feedback and activities; however, they benefit from using big data technologies in a
competitive market (Pejić Bach et al., 2019). Analyzing data provides forecasts that better
predict the market position and help boost profitability and competitiveness (Huttunen et al.,
2019).
Many researchers claim that big data changes business models in the finance sector.
OECD (2020) argues that financial service providers use it for customer profiling, risk
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
17
assessment, account aggregation, and fraud detection with the wealth of data they obtain.
Potential goals in finance were to enhance management and governance. The adoption of big
data had many benefits; however, it possessed many challenges, and information security
remains the topmost issue, hindering institutions from utilizing these technologies (Almeida,
2017).
Significance of the Study
The research target population was financial institutions in San Antonio, Texas. Texas
was appropriate for the study because the institutions face random cyberattacks, and customer
information was at risk. The risk and malware threats against San Antonio banks increased
exponentially during the pandemic. For this study, the purpose of the population was to obtain
critical information on reducing information breaches in the future. On the other hand, all
financial institutions must manage big data successfully and maintain their security and
compliance with the regulatory rules and progression rates.
The design of the research included a qualitative case study method. Interviews were
used to explore the challenges IT experts face today regarding essential data privacy and the
strategies used to safeguard user information. Qualitative research helps gain a deeper
understanding of the phenomenon explored through interactions with participants who provide
insights (Etikan & Bala, 2017).
The research suggested that the existing systems in financial institutions need to be
improved to mitigate sophisticated and frequent attack (Neville-Rolfe, 2016), As a result, data
privacy was a significant concern today. Failure to protect intellectual property would have led to
more severe issues in the future that interfered with all financial and government systems
(Neville-Rolfe, 2016). The research proposes strategies in the information framework to protect
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
18
personal user data against threats and compromise. It was imperative to note that adopting data
protection included specialized software tools and advanced equipment, which will enhance the
existing security measures and improve these to reduce all the vulnerabilities in financial
institutions.
Research Questions
The research had two main objectives; determining the barriers and challenges financial
institutions face in securing personal data and determining the measures taken by financial
institutions to secure user data and protect the vulnerability of information. To attain these goals,
the study seeks to address the following questions. The null and alternate hypotheses below will
be used for each research question as indicated:
1. What barriers and challenges do financial institutions face in securing personal user data?
Ho1. There are barriers and challenges faced by financial institutions when for
securing personal user data.
Ha1: There are no barriers and challenges faced by financial institutions when for
securing personal user data.
2. What measures secure user data and protect the vulnerability of information for financial
institutions?
Ho2: Financial institutions can secure user data and protect the vulnerability of
information.
Ha2: Financial institutions cannot secure user data and protect the vulnerability
of information.
In the financial institutions, there is need to secure the personal data and information of
all customers. The big data security in financial institutions cannot be overlooked. Financial
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
19
institutions have huge number of customer data, which includes personal information, financial
transactions, account details, credit card information. This sensitive data is a target for
cybercriminals due to its potential for massive financial gain and identity theft. The following
section looks at the study’s theoretical framework.
Theoretical Framework
User data must be protected when handling data for processing, storage, distribution, and
analytics. Understanding provider views and how systems protect user data were necessary for
dealing with privacy issues. The Communication Privacy Management (CPM) theory,
Information Security Management System (ISMS), and The National Institute of Standards and
Technology (NIST) Risk Management Framework were the theoretical foundations for this
study. These frameworks offer essential controls to incorporate into a model while developing an
information security framework (Yuliarti et al., 2018). Academics use the frameworks to
comprehend how firms construct their security structures and systems.
Communication Privacy Management (CPM)
The CPM theory provides a comprehensive outlook on privacy and the components that
influence information privacy. The ISMS and NIST frameworks provide an understanding of the
controls used to enhance information security. These controls strengthen the privacy of data. In
addition, the frameworks were used to outline the processes that enhance data security and
privacy.
Communication Privacy Management was a system that “regulated disclosing and
protecting private information when others were involved” (Allen, 2017, p. 1). Privacy refers to
determining when to disclose information and to what extent. The theory considers the impact of
the disclosure of private information. Furthermore, the theory explains the reasons people
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
20
disclose private information. The communication privacy management (CPM) theory guides an
organization in identifying and protecting private data. This theory entails the best way to reveal
this threat and control the power of information beyond the management theory, which considers
people’s selected information and comes up with criteria to handle all the information to ensure
ownership of data and management.
The communication privacy management theory suggests that firms need resources and
strategies which provide privacy when handling individuals’ personal information. Many
consumers dread the lack of control over personal information (Yuliarti et al., 2018). The
convenience of disclosing personal information depended on ensuring that information would be
safe and protected from threats.
The risk of disclosing private information makes people vulnerable to exploitation (Allen,
2017). CPM suggests boundaries should be placed on information to differentiate between public
and private information. The boundaries also control the accessibility to information and the
expectations for information use and disclosure.
Further, CPM suggests that individuals obtaining private information should develop
methods to protect privacy. CPM guides in privacy management in institutions help reduce theft,
unauthorized access, and malware attacks. The study will apply CPM theory to understand how
institutions protect consumers’ data privacy.
Conversely, communication privacy theory consists of related studies that analyze
category sandwich transcriptions of interviews using the planned behavior theory on social
networks during the big data relying on this series to secure social networks serial (Griffin,
2016). Also, please rely on the cloud for big data processing and different outsourcing and
complementation applications with their characteristics.
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
21
Communication privacy management was a research theory to understand people’s ways
of showing and hiding private information. The theory recommends that people handle their
communication boundaries with other people based on the possible returns and costs of the data
(Petronio & Child, 2020). Communication privacy management helps explain the privacy
management process (Allen, 2017).
The privacy boundary shows the difference between private and public information.
Communication privacy management principles include “people believe in the right to control
their private information, and people control private information by following personal privacy
rules. Also, when other people obtain personal private information, they become partners of the
information” (Knight, 2017, p.23). Co-owners of private information require forming good
privacy rules about telling others. The theory elements include:
Private Information
Private Information refers to the sensitive or Personal Identifiable Information(PII) that
must be safeguarded from disclosure. It was the act of hiding and disclosing private information.
Sharing private information includes sharing data with other people but within the limits of the
owner of the information. Boundaries’ consideration depended on the people and the decision to
share privacy. It was the process of privacy rule management (Petronio & Child, 2020). Private
Information Protection is an important ethical and legal requirement, breaches can have severe
financial and reputational damages to organizations.
Private Boundaries
Communication privacy management theory was essential to follow the boundary set.
Personal boundaries refer to the difference between private and public information. There was a
common boundary when private information was shared. It was a personal boundary when
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
22
someone chose not to share private information. Their boundaries guard people’s private
information. Boundaries kept changing and were easy and sometimes hard to cross (Petronio &
Child, 2020).
Control and Ownership
Communication privacy management theory believes in ownership of information, and
every owner has the right to decide how to share private information. In other situations, people
can share their private information to promote co-ownership. Co-ownership of information basis
was on profound responsibility and understanding of rules for disclosures. There was a sharing
merging to understand that boundaries have enlarged and may not return to the original position.
The co-owners mandate was to be resolute about when and how to share information (Petronio &
Child, 2020).
Rule-Based Management System
The rule-based management system helped people manage their information and had
three stages: privacy rule features, boundary coordination, and boundary roughness (Petronio &
Child, 2020). “Information systems were the study of networks of hardware and software used to
collect, create and distribute useful data in organizations” (Bourgeois & Bourgeois, 2014).
Information systems contain components that work together to gather, process, store, and
procure information that aids in coordination, decision-making processes, and visualization in
companies (Bourgeois & Bourgeois, 2014). Thus, information systems concentrate on
components and roles to create an information system. Elements of information systems include
hardware, software, telecommunications, and data.
Hardware comprises physical components of the system. These were things that could be
touched and felt. It includes input and output devices that enable computers, smartphones, and
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
23
tablets to function (Leek, 2016). Hardware helps humans to interact and utilize technology.
Hardware includes mice, monitors, scanners, hard drives, and keyboards. The software
comprises the intangible part of the information system and includes output, processing, input,
and storage. Application software operates programs that lead to information system uses and
can be open-source or closed-source. Open-source software was available to the public,
especially for programmers who cannot use sealed sources (Coronado Mondragon et al., 2015).
Telecommunication systems connect computer networks and enable information sharing
through them. Telecommunications networks also help computers, and storage devices obtain
data from the cloud. Telecommunications networks that deliver data include fiber optic cables
used by cable providers to move data (Bourgeois & Bourgeois, 2014). A local-area network
(LAN) connects computers in a selected space. Wide-area networks were a collection of LANs
that enabled data-sharing across vast areas. Finally, a virtual private network (VPN) allows users
to guard their privacy online through encryption on public networks (Qu et al., 2018).
Data was “intangible, raw facts that were kept, transmitted, analyzed, and processed by
other components of information systems” (Bourgeois & Bourgeois, 2014). Data storage as
numerical facts stored in databases or warehouses fits every organization’s needs. Databases hold
a collection of data removable whenever required. Databases enable users to conduct essential
operations like storage and retrieval. Data warehouses keep data from many sources to analyze,
allowing the users to assess the organization (Qu et al., 2018).
Management Dialectics
Privacy management was the central argument advocating for sharing private information
and the others who oppose it. The final elements were essential because they offered insight into
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
24
privacy and its meaning in society. Privacy rules guidance was the process available to share
information depending on cultural norms and expectations.
Big data privacy refers to extensive data management to reduce risk and protect delicate
information. Big data contains massive and sophisticated data sets, and traditional privacy
techniques and processes cannot handle it effectively. When there is a collection of data about
users, it also becomes easier to connect it and form conclusions, behavior, and detailed profiles
of their lives and preferences. Users want to have confidence in the handling of their data.
Consumers need to know how their information is stored, shared parties, and methods of
complying with the necessary regulations that stand for privacy and data protection (Petronio &
Child, 2020).
CPM theory acknowledges that people believe they have a right to private information
and have the power to control the information (Petronio & Child, 2020). The explanation of
ownership by privacy boundaries defines how they protect their data. People give access to their
data to people and organizations they trust. Big data ensured that customers felt secure and in
control of information, and sharing with other parties was within their consent (Allen, 2017).
Privacy Rule Characteristics
The privacy rules’ characteristics were in two parts: attributes and development.
Attributes were how people attained rules of privacy and understood the features of the rules.
Social interactions were ideal for attributes because there was no need for boundaries or rules.
Every situation had regulations and ways to manage privacy (Spicer, 2017). Communication
privacy management includes cultural, gender, context, motivation, and risk/benefit ratio
(Petronio & Child, 2020).
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
25
Big data privacy strategy ensures consideration of customer data usage, accuracy, and
inconsistencies. Improving data security ensured that threats, especially data breaches and insider
threats, were manageable. When users want to disclose their privacy, they conclude the boundary
to achieve their goal of revealing and concealing their private information (Petronio & Child,
2020).
When information owners share or hide their private information, they follow privacy
rules to help manage privacy. People use the private rule criteria to push privacy rule choices.
Privacy rule criteria helped influence privacy choices, like when a person was caught
unknowingly by someone who revealed private matters (Allen, 2017).
Privacy rules and privacy boundaries become more complicated with many parties
involved. The CPM privacy boundaries basis was on one person and, in other cases, on multiple
privacy boundaries like groups, family co-worker collective boundaries, and social media
boundaries. Multiple boundaries involve coordinating issues like privacy management. People
may choose to hold information on their health conditions which does not always resonate well
with those affected (Allen, 2017).
Information security involves the processes and methods applied to achieve
confidentiality, integrity, and availability of information (Al-Dhahr et al., 2017). Information
security was a significant problem for many organizations, and many finances and resources
were fueled to achieve these aims. Consumers’ personal information had four central values:
operational, individual, society, and value to others. People’s data needs handling with care,
respect, and security from any possible risk.
Information security management system (ISMS)
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
26
There were international standards that governed Information Security. Information
security management system (ISMS) ISO/IEC 27001:2013 was a guideline that describes
approaches organizations should take to enhance information security and privacy (Al-Dhahr et
al., 2017). These standards help organizations detect and address threats and vulnerabilities
against sensitive information and intellectual property. The guideline helps organizations shield
themselves from breaches and disruption of their operations (Kurnianto et al., 2018).
For organizations looking to enhance information privacy, the ISO/IEC 27001:2013
offers guidelines on what measures to implement to ensure security standards to preserve
information security and privacy. Also, the guidelines must assess the business environments for
potential risks and assist organizations in establishing their information security policies and
procedures (Kurnianto et al., 2018).
The role of ISMS was to limit and prevent data breaches in the organization. It provides
the best guidelines for information security management that maintain a robust system to identify
and prevent risks. In addition, the ISMS facilitates that organizations protect the information
from any leakages, exposure, damages, or destruction and maintain integrity, confidentiality, and
data availability. Another resource available when utilizing the ISMS system was risk
assessment and management. Companies implementing the ISMS can recognize foreseeable
future risks and implement the appropriate measures to address and resolve them.
In addition, controls evaluated whether a business had met the necessary legislative and
regulatory data security mechanisms. The ISMS provides an information security framework
with the following major components: management principles, resources, personnel, and
information security personnel. The framework was subdivided into 11 security areas which
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
27
require organizations to develop and implement strategies in each area (Al-Dhahr et al., 2017).
(The security areas are illustrated in Table 1)
NIST Sets of Standards
The National Institute of Standards provides a comprehensive, reputable, flexible, and
measurable step to process an organization and manage its information security frameworks. It
provides a link to suit the NIST standards with guidelines to support the implementation of risk
management. It requires federal information security management to aid and ensure safe and
secure information. It also supports implementation, such as a quick start guide to prepare
essential organization management security for private and public sectors by categorizing the
system information based on transit best approach and impact analysis (Ross, 2018).
NIST Sets of standards control the system based on assessment with its unique
implementation to manage documents and the transfer of information (Ross, 2018). It creates an
estimate of control over place operations that intend to produce desired results with maximum
protection of their savings and personal information. It also had a continuous monitor control in
implementing risk to the system and ways to safeguard data from third-party access (Ross,
2018).
Risk management framework
The risk management framework coordinates security privacy concerns and processes
into the system development life cycle (Ross, 2018). This risk-based approach offers details that
consider viability because of pertinent laws, mandates, executive orders, principles, regulations,
and policies (Ross, 2018). Implementing this framework gives cyber threats no room in the
financial sector. Hence, it provided clear guidance for financial institutions that ensured the
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
28
measures were appropriate and adequate to communicate, delegate diligence and force, and were
well-supported.
These codes were based on an illustration of points to provide a final section that governs
all the financial systems and tries to incorporate the professionalism needed in all the banking
sectors. Risk management was essential to provide the entire lifecycle of a system through the
interconnection of the nature of information technology services in the supply chain. It includes
development, design, distribution, acquisition of supply chain threats, mitigation, and reduction
of vulnerability in all the financial systems to give a product and service at any stage to enhance
the compatibility of the monetary system (Almeida, 2017).
Risk management was another application of big data that banks benefit from by
applying data mining. Using the knowledge gained, institutions can anticipate the preferences
and needs of their customers, product utilization and acceptance, and borrowing and repayment
trends. In addition, financial crises cripple companies leading to bankruptcy and closure. As a
result, understanding finance performance, liquidity, and credit became important. Analyzing
data helps categorize and prioritize risks and helps build models to control risks (Almeida,
2017).
Risk treatment involves reduction, retention, transfer, and avoidance. Methods to achieve
these goals need the following security components: firewall, encryption methods, proxy, digital
signature, and HTTPS server (Drozdova et al., 2020). For instance, account and service hijacking
affects cloud services Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and
Software as a service (SaaS). Banking applications utilize the software as a Service model.
Mitigation techniques against account and service hijacking involve having a formal service
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
29
level agreement and security policies, multifactor authentication methods, and monitoring
activities in the cloud for any threats (Amara et al., 2017).
Risk assessments strengthen the organization’s understanding of its environment to
identify the most vulnerable high-risk areas. Risk assessment aims to resolve better informationrelated risk that covers the whole business environment. By managing risks, institutions can
mitigate cyber threats. The National Institute of Standards and Technology (NIST) Risk
Management framework provides organizations with risk assessment guidelines (Broeders et al.,
2017).
The organization was considered whole in assessing the vulnerabilities to information
and the customers to conduct a security risk analysis (Broeders et al., 2017). Due to evolving and
new technological advancements, regular monitoring and review of risk were crucial for the
organization (Broeders et al., 2017). New technologies with proper monitoring can compromise
sensitive data as vulnerabilities might occur while integrating new processes and techniques.
Further risk assessment requires regularly updating or replacing software with more recent
versions. New versions extend the scale of data management and security possibilities.
NIST recommends that the risk assessment process should be continuous. Cybersecurity
happens to any company, and the means to avoid breaches were making a secure and effective
network system (Broeders et al., 2017). Threats and cyber-attacks were evolving with
technology, and organizations had to be capable of combating them. Other risks also surface due
to the immensity of available data from multiple points.
Protecting and Controlling Unclassified Information
NIST private engine provider development of transport information systems was
applicable in principle measures to create a risk model framework through standards and privacy
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
30
concerns on civil liberties (Broeders et al., 2017). It offers broad protection to control false
information with a confederal system organization paramount in agencies that directly impact the
federal government. It also assigned a mission of business operation with a suite of guidance to
provide specific obligations with focused protection of confidentiality of user information.
Also, it recommends particular security required to achieve an object with the change of
information security for the federal information system modernization act. As a result, it
provides responsible federal agency compliance with a total provision of status policy
established in support of security standards and guidelines developed by NIST (Broeders et al.,
2017). All cyber-security mitigations were through installing firewalls and other security
applications that protect user data through these risk management frameworks.
Improving Cross-Border Domestic Information-Sharing
Fighting financial crime was a global pandemic that affects society nowadays. Reducing
fraud and information breaching instances incorporates new technology to improve border and
domestic information-sharing. Cashless transactions were one of the most effective uses of
technology in addressing the global concern about fraudulent activities in the financial system.
This framework protected and managed suspicious activities reported in privacy and bank
secrets, inhibiting information-sharing (Price Waterhouse, 2018).
Also, provide an international level to encourage the continuation of driven global
consideration in improved effectiveness of member states and information-sharing regimes. This
international financial institution offered direct government implementation to secure the
exchange of information and expected facts to stop the unethical sharing of personal data with
third parties (Price Waterhouse, 2018). This national commitment provides a complex financial
crime reduction with better global financial management and comprehensive protection through
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
31
cross-border financial crime reduction. This provider standard complies with these mitigated
report points and progress by introducing multinational safety protection units.
Reforming Suspicious Activity Reporting
Multiple authentication processes allow the bank institution to detect suspicious activity
and mitigate its harm immediately. These allowed users to ensure that bank transactions were
kept safe and personal information was available. It provides limited intelligent value for poor
quality, and investigating criminal activities was diverted into resources affecting law
enforcement. Banks also improve the feedback loop between financial institutions to offer
regulated sectors key activities that protect customers from fraud (Dobrowolski & Sułkowski,
2019).
Increased and improved technology makes combating economic challenges easier
through the booster of all technicalities to reduce breaches (Dobrowolski & Sułkowski, 2019). It
includes using multiple identifications, firewalls, and end-to-end encryption methods, to mention
a few. This process examines barriers to adapting to new technology that assists in expanding
risk management toolkits and optimizing adverse outcomes of bank institutions’ losses. Above
all, mitigating inconsistency implementation of financial crime compliance standards offers
regulatory clarity.
The scope of the regulation gave financial institutions the courage to carry out their
services no matter the challenges of information breaching, hacking, or malware attack. Through
individual country culture and political-legal regulation, frameworks were adhered to win
international policy bodies that best deal with commitment and provide overreaching guidance
with appropriate national regulation statements (Dobrowolski & Sułkowski, 2019).
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
32
It also provides an essential public sector to define the overseas rule. It empowers
financial institutions to implement policies according to the government’s overall vision and the
purpose of regulatory frameworks. This global fight against financial crimes was paramount in
international and regional cyber-theft breaching and fraud activities. It explored issues with a
tremendous in-depth to provide policy and legal theory of law enforcement authorities with
multiple jurisdictions to gauge the current perspective on financial services and public sectors.
The economic and crime risk management system provides a breakthrough in user data
protection through engagement (Dobrowolski & Sułkowski, 2019). It offers the financial system
the strength they need to overcome all breaches in the market.
Limitations of the Study
The study encountered different challenges in accessing IT information in bank
institutions and understanding critical terms of IT protection regarding big data analytics. The
research met the possible challenges of conducting interviews with limited time available per
session. The interviews were one-on-one; some participants were committed to work or occupied
and could answer a few research questions. Collecting the data from multiple sources and
analyzing them to the necessary security requirements was a big challenge as the trusted
institution needs help to overcome the information lord (Demchenko et al., 2014).
Ethnography encounters environmental difficulties in studying most companies’ cultural
impacts and motivation challenges (Hennink et al., 2020). The research requires much time to
collect accurate information from the targeted audience—limited access to information security
and privacy issues to data applied to big data applications.
Some technical words that need to be fully explained were due to discussing exciting
solutions and problems the research found helpful. The lack of improved internet services will
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
33
provide maximum user protection as a challenge in suggesting the best method to protect user
information. An increasing number of people rely on big data analytics to provide solutions, and
neglecting security measures was a big problem for implementing new user protection measures
for data privacy. As most people rely on the script method to protect user information, this
service will need specialized personnel to provide maximum user information protection.
Nevertheless, both users presented some direction that contributed to solving the issue of
extensive significant data privacy concerns. This approach provided an open-in-the-upper table
right management system that would process and improve user-shared content on social media,
which caused more difficulties in handling the use of our information.
Assumptions of the Study
Before fully trusting in a security proposal’s ability to safeguard users, assessing the
infrastructure’s security was critical. As most individuals will depend on one model to deliver
security that benefits them, future trends to address security and privacy concerns may encounter
obstacles (Yang et al., 2019). Participants were honest and straightforward during the interview
sharing their experiences.
1. It was an assumption that each participant understood the role and responsibilities.
2. Participants were honest in communicating their biases and any foreknowledge regarding
experience.
3. It was an assumption that the selected group of participants fully committed their time
and availability to participate in the interview process.
4. Those who responded to the question might need help to cooperate fully.
5. Most participants need more keenness and willingness to provide accurate information
about the challenges they were facing in the company.
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
34
These assumptions were exclusive considerations of consciousness and understanding
by the participants on the important of the research. The assumptions were believed to be true
and participants were assumed to have given facts on the subject matter. However, these
assumptions were not limited to the control of research, and there are some presumptions that
were acknowledged in conducting the study.
Definitions
This research entails different keywords which will provide important information on
securing user data today and in the future.
Banking system: This refers to a group or a network of institutions’ that offer financial services
(Kurose & Ross, 2021).
Big data: This refers to a very large, and complex data sets. Big data is voluminous data and
cannot be processed by traditional data processing methods (Taric & Poovammal, 2017). Big
data is collected with aim of processing it and developing conclusions and inferences that aid in
decision making.
Clustering: Clustering shares computation tasks within many computers (Mehmood et al., 2016).
The computers involved form a cluster. Cluster computing performs on distributed systems using
networks. Era clustering was crucial in big data because of the processing speed, costeffectiveness, scalability, and increased resources (Mehmood et al., 2016). It also leads to
improved performance and availability, making it an essential tool for global computing.
Computer network system: The computer network system involves data storage and
transmission, making it crucial to ensure security (Kurose & Ross, 2021). Computer networks
enable the sharing of network and computing resources. With meaningful data, users can access
and use data and information found on network devices. A system allows sharing of a file, data,
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
35
and other information as long as authorized (Kurose & Ross, 2021). It was the availability of
computer systems resources when needed. These computer systems resources include data
storage and computing power. In this case, there was no direct active management by the user. It
was explained as data centers present for various users on the internet. There was a cloud
distribution from central servers with global computing to many places. The essence of cloud
computing facilities was to enable multiple users to gain from technologies without the trouble of
profoundly learning about them. Many businesses use cloud computing to experience a quicker
and improved quality of services for their bid data. The technology was practical, flexible,
secure, and efficient and prevented data loss through replication (Solangi et al., 2018).
Data analytics: Data analytics was analyzing raw data to conclusions from the information. Most
data analytics functions were automated by mechanical algorithms that go through information
for human use. The application of data analytics in cybersecurity helps detect, analyze, and stop
cyber threats internally and externally. Data analytics was crucial in ensuring cybersecurity and
that businesses optimize their performances. A cybersecurity analyst performs data analyses
from many sources to get a conclusive report that improves privacy or security (Jain et al., 2016).
Data Mining: Data mining is a technique that involves obtaining knowledge from vast volumes
of data kept in databases or archives (Taric & Poovammal, 2017). Data mining contains sensitive
information, and parties analyzing data do not want the data identified by the users. Data mining
was performed using machine learning techniques, either supervised or unsupervised learning
algorithms. The standard approaches were clustering, association rule mining, and classification.
The design of the methods was to group data and find relevant relationships (Mendes & Vilela,
2017).
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
36
Data privacy: Data privacy intends to keep data collected for purposes of analysis or reference or
inference against improper access, loss or theft (Taric & Poovammal, 2017). Financial
institutions have the obligation of ensuring their customer’s data is private and confidential.
Data security: This is a discipline that deals with keeping information secure, and free of danger
or threat (Taric & Poovammal, 2017).
Data: Data refers to facts collected for analysis or reference (Taric & Poovammal, 2017).
Financial institution: Any accredited and licensed money rendering organization. These
institutions operate payment systems, taking deposits, offering loans, and offering financial
investment services (Kurose & Ross, 2021).
Information: Information refers to processed data. Information can be used to make conclusions
and inferences on a subject (Taric & Poovammal, 2017).
Machine learning: Machine learning is an application of artificial intelligence that teaches
machines to automatically learn and, through experience, improve without requiring
programming (Sarker, 2021). Machine learning basis was on creating computer programs that
extract and learn from data. Machine learning was crucial for cybersecurity. Through pattern
detection and real-time cybercrime, deep testing can help identify cyber threats and maneuvers
(Sarker, 2021). In addition, machine learning can help cybersecurity through prediction,
classification, recommendation, and generative models (Sarker, 2021). For instance, Microsoft
uses machine learning windows to defend advanced threat protection to spot threats.
Monitoring and Auditing: This crucial part of network security management enables service
providers to enhance marketing information acquired on specific security measures. Network
monitoring only realizes information on the web to systematically review and measure users’
security policies and the interaction with the network security models (Rupper, 2017). Besides,
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
37
periodic monitoring also analyzes interaction detection and prevents a pictorial application of
unnecessary tracking to the complete network security protection of abnormal user behavior and
unsuspicious data behaviors (Rupper, 2017). This model’s information uses a systematic review
of trust behaviors that detects before reaching a maximum limit. Similarly, network auditing
allows big data to analyze all the audit system challenges and integrate the availability.
Moreover, these techniques achieve a crucial number of replications with easy access to the
information, minimize data breaching, overwhelm verification updates on dynamic datasets,
provide a considerable number of integrated schemes for simultaneous addiction and
authentication, and minimize the breaching of information (Rupper, 2017).
Personal data: OECD defines personal data as “any information relating to an identified or
identifiable individual (data subject). Any data that was not related to an identified or identifiable
individual was, therefore, “non-personal” data” (OECD, 2020).
Privacy: Privacy means that keeping something, information, or anything safe from theft, loss, or
unintended access (Kurose & Ross, 2021).
Security: Security refers to the state of being free from danger or threat. When something is
secure it means, it is not exposed to any form of danger or threat or misuse (Kurose & Ross,
2021). Also, it means it does not pose any threat to the surroundings, and or cannot be used as a
threat.
Sensor technology: Sensor technology is where a machine collects data and information
channeled through the digital world (Patel et al., 2020). Much information collected was
complex and in large volume, becoming difficult to process through traditional means. Big data
can analyze and process complex and significant volumes of data (Mendes & Vilela, 2017).
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
38
Sensors have increased over the years, meaning much information and data were collected, and
traditional methods will only work sometimes (Patel et al., 2020).
Summary
Even though big data management and privacy are current issues, different frameworks
must enhance security measures and protect user information. Data privacy concerns were
paramount to all banking institutions with the continuous growth of the risk of breaching threats
and an increasing explanation of cyber hacking. Furthermore, data privacy was a significant
concern due to most companies’ failures to protect their client’s confidential data. This research
generates customer confidence in all financial institutions by suggesting the best ways to protect
the pressure on customer personal data privacy standards.
As much as there was existing digital technology and big data privacy and security, these
measures still need to be improved since the system still faces more threats, especially during the
Covid-19 pandemic. An increased number of breaches and threats in most banking institutions
was an excellent example in San Antonio. Most countries were improving how they secure
personal information with improved technology. However, a concern was identifying the
management team’s current measures to ensure data implementation and the latest data security
measures to protect user information in the bank institution and government sector.
The risk of breaching threatens information security sectors. Thus, an institution must
clearly understand how its data segment is protected and free from individual data breaches. It
also ensures that artists’ protectors allow index recommendations on the best action most
conversations and customers how experience. These provide a real engagement to the customers
and create awareness of advocacy and the best customer experience storing their information.
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
39
Comparing the pharmaceutical industry and finance provides specifications and experts
on cyber criminals to pursue the health industry and suggest the best means progressively.
Cyber-reason and scale were essential tools to differentiate features and capabilities to the
targeted specific solution, such as glowing sensors and running in user-spent operating systems
that allow data collection and minimize end-user disruptions.
The theory of planning to provide privacy on social media and forensic applications was
identifying criminals, data, and communication privacy management. This theory entails the best
way to disclose this threat and control the power of information beyond the management theory.
It provides information and develops criteria to handle it to ensure data and management
ownership.
Most financial institutions have existing information frameworks, but the framework is
suppressed and vulnerable to the new threats that emerge with the latest technology. Big data
enables different organizations to collect and make smart choices that drive decisions positively
(Diniz et al., 2017). Protecting user information always maintains sensuality and trust in an
organization. Customers’ confidence had recently decreased, with increased crimes and credit
fraud reported for a while. Digital privacy was a sensitive topic requiring all institutions to
secure user data to protect bank accounts. Sharing personal information threatens customers,
exposing them to today’s fraud and theft risks.
Financial institutions generate massive data sets daily from money transactions, account
modification, and updating each day. Hundreds of millions of transactions occur daily in the
financial industry, leading to big data. Data management and analytics on financial services and
products was an emerging was sued for financial Practitioners to consider (Hasan et al., 2020).
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
40
The assumption was that financial institutions in San Antonio, Texas, were processing the data to
predict customers’ activities and preferences for better services and reduce credit risk.
Suspicious activity reporting was one of the challenges financial institutions and law
enforcement agencies face across this low-quality of intelligent services. Investigating criminal
activities affects big data analysis and bank institutions (Strom, 2016). Additional feedback had
been provided in the system control to reduce the volume of the quality of SARs filing.
Different forms of deployment to improve intelligence flow in science, technology, and
financial regimes reduce crimes and increase the volume of intelligent insight and share of
private sectors. The was sue of collective up-skill will increase dialogue between regulatory
sectors to act and influence the call. However, it will be too involved in the SAR life cycle to
provide the best results to customers and other banking systems.
Improving feedback by loops will also help mitigate these risks to overcome all the
challenges of communication and enforcement of reporting institutions. Debriefing complex
cases from the SAR system would provide a breakthrough to overcome all the issues reported
previously and solve them. Besides, the integrity and reactive security need to provide an
endpoint to validate and filter all the collective devices and significant challenges facing big data
to steam the weather and data validity from the point of input.
Securing information and protocol approval processes need to be enhanced, regardless of
whether they will recognize any malicious that may influence extensive data analysis. This
platform will organize the source monitor to provide feedback to oversee the over-analysis of the
necessary education of actual attacks (Parms, 2017). The false alarm speed of a solution to this
problem will entail all the big data analysis stakeholders coming together, identifying all the
threats that might arise in the future, and controlling these issues.
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
41
Information and convention approval measures were necessary, regardless of whether
they recognized threats influencing colossal information examination. An answer was sent to
forestall altering or scholarly data to develop the perplexing framework that opposes the
treatment (Parms, 2017). Ongoing security observation will give expected consent in an
association as the primary indication of assault may be distinguished. This stage will arrange the
source screen to provide input to administer the over-examination of the essential training of
actual assaults.
The speed of an answer for this issue will involve all information stakeholders meeting
up, recognizing the dangers that may emerge later, and controlling these issues. Similarly, the
reports of an attack on credit cards were numerous, leading to customers losing cash in bank
institutions. It had been a significant loss for the company and the customer. This study found
that continuous reliance on the current digital technology and big data privacy security system
was not 100% secure, leading to frequent attacks (Parms, 2017).
Chapter Two of the literature review entails concepts and solutions proposed by different
scholars to ensure confidential information has been collected and stored safely. The following
section, the literature review, introduces the idea of big data in the finance industry, data privacy
problems, common cyber threats and attacks against personal information, and common security
approaches that preserve privacy during big data management. The review includes research
articles describing these components and internet sources providing statistical data regarding big
data privacy issues of financial institutions.
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
42
Chapter Two
Review of Literature
Introduction
This chapter entails reviewing related literature studies and introducing the concept of big
data and its technologies in banking systems and the limitations affecting data privacy. Besides,
the chapter describes various frameworks and solutions that different scholars have proposed that
financial institutions can apply to guarantee the confidentiality of information collected.
Understanding what big data entails makes it possible to create a framework that surpasses
vulnerabilities and keeps customers’ information private.
Facilitating business sustainability and continuity can retain customers and attract new
ones to utilize its product and services. For example, financial institutions collect personal
information such as home and work addresses, names, social security numbers, driver’s licenses,
and contact information (Copelovitch et al., 2018). The data was necessary to create bank
records, credit cards, and several databases enabling money transactions. Big data was the new
trend in the I.T. world due to its impact on business.
Big data enables institutions to utilize the information they collect to make intelligent,
data-driven decisions that positively impact the business. However, privacy concerns big data
and arises from improper management and security measures while using big data (Xie, 2018).
Customers’ confidence lessens in the institution when privacy doubts arise about their ability to
safeguard their data. Besides, on the rise were crimes in credit fraud and identity theft, which
raises concerns about the level of safety of personal data collected by banks (Véliz, 2018).
Privacy in big data was a critical and sensitive concern today. Privacy entails the ability
to safeguard personally identifiable information. Abouelmehdi et al. (2018) highlight that
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
43
privacy involves correct user data by deciding where to store what type of information, with
whom, and where it goes. Sharing personal information with third parties without authorization
was not allowed. Big data affects privacy during the generation, storage, and processing phase
(Jain et al., 2016).
Kumar (2017) argues that financial institutions utilize big data to enhance cyber-security
while gathering intelligence on customers’ behavior. However, they collect vast amounts of data
that generate little or no insights helpful for the business. The challenge of possessing such big
data becomes hectic and keeping all the information safe. Also, there were many potential
loopholes for leaks and malicious people to access the systems (Véliz, 2018). Besides, despite
the regulated collection of this information, it was under threat. During a breach, violations of a
person’s privacy and security ensue. In recent years, there have been cyber-attacks on numerous
institutions leading to the leakage of customers’ information.
Similarly, they have reported credit card attacks, resulting in money loss from accounts
and hackers utilizing them to commit fraud (Srinivas et al., 2019). Besides mobile banking
advancements, the database grew exponentially, enabling more personal data. In their study, Tao
et al. (2019) found that the continuous reliance on traditional digital technology and big data
privacy and security measures needs to be improved. The platforms receive sophisticated and
more frequent attacks.
Data privacy was a significant concern today because many companies fail to protect the
confidential and sensitive customer information they collect. The problem of data privacy is
paramount in financial institutions (Swinnen, 2018). The institutions manage enormous amounts
of customer data (Swinnen, 2018). The data continuously grew in volume, and the risk of
breaches and threats increased exponentially. Enterprises were implementing the insights
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
44
generated from big data, but some overlooked the privacy problems growing with the continuous
use of analytics and personal information (Sharda et al., 2020).
The vulnerabilities created on the systems arise from the generation of data at many
points at a time. It leads to exposure to data in many ways. Véliz (2018) states that banks slowly
embrace innovations to refresh their systems. Consequently, with expanded online protection
against wrongdoings, individual data was less protected. 62% of banks were careful in using big
data because of the security issues raised (Fang & Zhang, 2016). Obtaining and spreading data
across networks make an unavoidable security hazard. The methodology discussed in this section
recommends a feasible solution for the experience. Hence a framework that grants robust
security to information is necessary.
Structure of Banking Systems
The structure of financial institutions and the level of activities carried out rely on
lawmakers’ regulations. There were various types of banking system structures today, and the
mode of operations depended on organizational characteristics and the techniques applied. In
addition, the structure determines the volume of data collected and stored from the services and
transactions carried out. In the United States, the current systems based on organizational
characteristics involve unit banking, chain banking, group banking, and branch banking
(Lessambo, 2020).
Financial institutions were essential to our everyday lives. They provide us with services
that support our lifestyle. Services offered by financial institutions include saving accounts,
checking accounts, money market deposits accounts, certificates of deposits, consumer loans,
business loans, electronic funds transfers, automated teller machines, debits cards, online
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
45
banking, mobile apps, and direct deposits of paychecks, Further, this supports the economy,
development, and growth (Gitman & Zutter, 2018).
The financial institutions include central banks, internet banks, retail, and commercial
banks, saving and loan associations, credit unions, brokerage firms, investment banks, insurance
companies, and mortgage companies. These institutions offer a variety of services. Central banks
were irresponsible in monetary policy. The Federal Reserve Bank was the central bank in the
United States. Internet banks offer services through online platforms affiliated with a bank. They
offer deposit and saving accounts, alloy money payments, transfers, and loans (Horton, 2019).
The structure entails central, retail, commercial, investment, and cooperative banks
according to techniques and activities. In the United States, most commercial banks account for
80% of the total U.S. banking assets (Muraleedharan, 2014). Over the years, the banking system
had been revolutionized by the fast growth, innovation, and development of information
technology structures; hence mobile and online banking was the new financial institution system
(Komb et al., 2016).
Internet banking had created a platform where customers can access their accounts and
money. Transactions can be carried out anywhere in the world at any time. Besides, customers
can retrieve and display their bank statements after making transactions. It was a new trend, and
many commercial banks applied it to save customers time from traditional branch visits. It was
an excellent system for the provision of products and services. Notwithstanding, it presents
numerous expected cyber insecurities, influencing customers’ information security (Komb et al.,
2016).
Institutions have utilized vast customer data and analytics in capital market trading
sectors. A business insurer’s primary role was to analyze raw data and use the insights gained to
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
46
evaluate the risks. Professionals dealing with data analysis and visualization depend on analytics
and manipulating data to perform their core roles. Hence big data in financial institutions was a
dominant factor and had received much attention (Cavanillas et al., 2016).
Financial institutions depend on data and information technology to perform their
operations and run the entities. As a result, they collect sensitive and confidential information
from individuals and involve social security numbers and past and current home addresses. A
survey poll done by Statista estimates that one hundred and fifty-five million people had their
personal information exposed during data breaches that year (Rose & Johnson, 2020).
According to Net Diligence, personal information was disclosed in eighty-six percent of
data breaches in the year two thousand and fifteen (Cavanillas et al., 2016). Big data technology
was one of the most promising domains in finance. TechNavio forecasted that the big data
market would intensively grow by fifty-six percent in the years two thousand and twelve to two
thousand and sixteen. The main contributors to the growth include technological advancements,
the need to meet financial obligations, and an advantage over competitors and regulations
(Begenau et al., 2018).
Big Data
The evolution of big data began in 1944 when Fremont Rider predicted that there would
be an information explosion (Marathe, 2016). Following that, there were many discussions about
the information explosion until 1997. The concept of big data emerged. In 2005, Yahoo used
Hadoop to process petabytes of data, after which other companies began to use Hadoop for big
data. Companies using big data have experienced cost reduction, better decision-making, and the
introduction of new products and services. Most businesses need big data analytics to handle the
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
47
large volume of data they hold. Organizations like banks, manufacturing, and healthcare use big
data significantly (Marathe, 2016).
Big data is the collection of extensive data that keeps increasing over time. Big data was
“large and complex unprocessed data” (Sahu, 2018). Big data deals with big data sets that are
complex and too big to be handled by traditional data processing methods. Big data had the
following features; volume, variety, velocity, veracity, exhaustive, relational, scalability, value,
and variability. Big data analysis helps businesses in decision-making and strategic planning. It
also helps organizations grow and experience new opportunities to acquire information about
goods and services, consumer preferences, and buyers and sellers (Solangi et al., 2018).
Big data grouping was structured or unstructured. Structured data comprises information
that the company manages through spreadsheets and databases. Unstructured data was not under
any format or model—for example, data collected from social media. Comments found on social
media networks, websites, applications, and questionnaires generate big data. With the new
technology, data was available from sensors and smart devices. Examples of big data include
stock exchanges, social media, and jet engines (Sahu, 2018).
Big data is complex and sophisticated and requires advanced technologies to handle the
information. The traditional data processing methods cannot process this data as it was
overwhelming, hence the need for powerful algorithms to capture, store, search, analyze, and
visualize information. Significant data sources for an organization involve various daily
transactions, the firms’ data, social media, public data, and sensor data (Sharda et al., 2020).
Big data has three main characteristics: volume, velocity, and variety. An addition of
others explains the complexity of big data. Others entail veracity, value, variability, and
visualization (Furht & Villanustre, 2016; Goswami & Madan, 2017; Oussous et al., 2018). With
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
48
big data, there was the likelihood of opening even confidential data that have always been around
us but were never stored, analyzed, or quantified. It presents future opportunities for predicting
events before they happen, which was essential and valuable (Mendes & Vilela, 2017). There
was a wealth of information flowing, and things worked better, and it was possible to prevent
bad things from happening, hence increasing revenue and, in some circumstances, saving a life
(Wu et al., 2020). Human beings cannot watch and process information effectively; therefore,
developing big data was ideal for guaranteeing the smooth running of events and operations.
Big data was changing data warehousing completely. Data warehousing was the central
storage of unified and sanitized data from single or multiple sources (Mendes & Vilela, 2017).
Data warehouses store present and past data, and the aggressive expansion of data volumes had
increased costs, raising the question of data warehousing effectiveness and scalability. These
costs include licenses, hardware, and CPUs.
The technology behind big data was disruptive as the technology had both positive and
negative outcomes. It was great for most customers to offer information to help save money or
give them better product and service options. Organizations use big data extensively to fuel the
finance sector toward digitization (Jain et al., 2016).
Companies gain technological, financial, and competitive advantages by utilizing big
data. Technical benefits enjoyed by institutions using big data include scalability, accessibility of
accurate data, and integration of structured and unstructured data. The competitive advantage
involves increasing customer satisfaction, insights into consumer behavior, new products and
services, new business models, customer loyalty, data-driven marketing, and increased sign-ups.
Financial benefits include increasing sales and sales leads and return on investment (Almeida,
2017).
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
49
Data collection attracts potential risks to privacy (Soria-Comas & Domingo-Ferrer,
2015). Financial institutions collect vast amounts of data and become a target of cyber-attacks
based on the sensitivity and values of the information obtained. The finance industry had the
most data intensity compared to other sectors, such as health (OECD, 2020). The threats include
“data breaches, internal misuse by the institution’s employees, unwanted secondary use, changes
in companies’ practices, and government access without due legal procedures” (Soria-Comas &
Domingo-Ferrer, 2015, p. 23).
Most large financial companies have embraced the technology to implement a digital
transformation, address customer needs and boost profit and loss (Jain et al., 2016). The data was
valuable for the success of the companies, but the question was the influence and implication the
information had on the financial sector. Every financial service had become technologically
innovative, relying heavily on big data.
Big data was a term for large and complex unprocessed data. Sahu (2018) states that big
data was challenging and complex, making it time-consuming when managed through traditional
methods. Big data features include volume, variety, velocity, variability, veracity, and
complexity (Sahu, 2018). Big data use comprises analyzing the data and process to meet the
requirements. The significant role of big data analytics was to facilitate companies to make
effective business decisions by aiding scientists and other analytics experts. Big data applications
include the government, web-based media, banking, agriculture, and healthcare (Sahu, 2018).
Using big data improves your customers’ intelligent judgment platform, ensuring your
customers’ information protection from information breaching or hacking (Mendes & Vilela,
2017). It was evident that with the introduction of customer DNA, an institution needs to provide
a clear understanding to their clients on how the segment of their data was protected and was free
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
50
from individual data breaches and vandalism. Artificial intelligence’s power provides index
recommendations on the best action to delete the conversation and customer’s personal
experience. These offer real customer engagement and create awareness of advocacy and the best
customer experience in storing their information.
Big data analysis will rely on customer DNA services to develop an advanced profile
with a sophisticated standard using CRM with these tactics. It will provide a single customer
view to ensure the populated customers cannot campaign and include structured data on the
internet and external sources (Lilley, 2018). Information was collected and digitized as a
customer organization based on potential analytics, cyber threats, and cyberattacks. As a result,
there was a need for large amounts of consolidated information to protect customer information
from attacks.
However, even though the revolution of big data technology had caused a change in the
financial sector, it had also led to privacy issues affecting the industry. The protection and
security of big data was the most crucial problem affecting the finance sector (Azeroual & Fabre,
2021). Data quality and regulatory requirements have also been considered critical issues with
big data.
Although all financial products and services depend on data and produce it each second,
the finance and big data study have yet to peak (Azeroual & Fabre, 2021). Therefore, future
researchers must focus on financial data management to address the technical was sues and help
financial companies benefit from big data. The larger the company, the larger the volume of
data; hence more security and protection were required (Tao et al., 2019).
Equifax, a credit reporting company, is an excellent example of a financial company that
experienced big data privacy issues. The company announced that cybercriminals had managed
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
51
to steal the personal data of approximately 143 million customers in the United States (Hasan et
al., 2020). Later, the volume of individual information was updated, and the number rose to
147.9 million customers. The stolen data included sensitive information such as dates of birth,
social security numbers, and domicile addresses. As a result, the company incurred $700 million
in compensation and fines (Hasan et al., 2020).
It indicates that stakes were high for the organizations in the finance sector handling big
data. Even the customers who were not impacted by the data breach directly increased their
attention and vigilance on managing their data, according to a survey conducted by McKinsey on
1000 consumers in the North American market on their views regarding data collection, privacy,
breaches, hacks, communications, and regulations (Hasan et al., 2020). The discovery customers
grew increasingly selective on the types of personal data they shared.
However, the customers were highly willing to share their data with financial and health
service providers. However, despite the desire to share their data with the two types of service
providers, none scored a trust rating of above 50% for data privacy (Hasan et al., 2020). This
trust was justifiable depending on the current history of data breaches in financial organizations
like Equifax. In the survey, the researchers from McKinsey discovered that customers were
aware of past data breaches, which significantly influenced their responses (Hasan et al., 2020).
It was critical to emphasize that privacy was not easy to understand, let alone identify and
evaluate. It means different things to different individuals, such that the amount of information
everyone could disclose varied significantly (Fang & Zhang, 2016). As a result, it becomes of
great interest for individuals to decide the personal data they are releasing to the outside world.
Furthermore, consumer data was valuable to financial companies, but it might benefit
them (Swinnen, 2018). It leads to an asymmetric situation because the companies reap
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
52
substantial economic benefits from consumer insights. In contrast, consumers benefit little or
receive no help at all. The companies can also use the insights to engage in dubious practices,
such as providing expensive services.
Big data brought many conveniences to businesses for data-driven decision-making
(Fang & Zhang, 2016). However, many institutions need help with big data. One of the
inconveniences was privacy. In the utilization process, if the available methods do not
adequately protect user data, it threatens privacy. With big data addition to traditional privacy
was sues, utilizing personal information to analyze and research invades privacy (Hasan et al.,
2020). Institutions use mechanisms such as anonymous identifiers to hide the identifier
information of their customers when doing analysis; however, more was needed as other contents
can be defined accurately by customers (Sei et al., 2019). Institutions need more methods and
processes, hence many institutions’ low adoption of big data (Begenau et al., 2018).
Big data was the most emerging issue in the age of innovation, technology, and the
Internet of Things. It significantly influences business activities and operations; identifying the
effects was crucial for organizations (Hasan et al., 2020). Big data impacts financial markets,
internet finance, credit services, risk analysis, financial management, and fraud detection (Hasan
et al., 2020). Hence, it had become integral to the financial sector’s innovation and development.
Various financial businesses include retail banking, online peer-to-peer lending, SME
finance, mobile money transfer and payments platforms, assets management platforms, and
many more (Hasan et al., 2020). These financial entities generate thousands of data sets daily;
hence big data management was part of their operations. Big data facilitates companies to
understand customers’ activities in financial markets and make investment decisions that would
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
53
benefit everyone. Due to the number of transactions and data transmitted through financial
institutions, big data attracts much attention in the financial sector (Begenau et al., 2018).
Financial Institutions utilize multiple data sets daily to make decisions, especially in
trade, risk analysis, and investments (Hasan et al., 2020). Data proliferation was changing the
way businesses handle information. Firms were exploring ways to manage the enormous
information they collect to transform it into valuable insights in the financial industry. The
insights will drive growth and keep companies competitive (Fang & Zhang, 2016). Privacy
protection was one of the challenges hindering the progression and application of big data (Yu,
2016). Security risk concerns financial institutions collecting and distributing data across
networks and systems (Fang & Zhang, 2016).
Securing vast amounts of data from threats was crucial for institutions and analyzing the
systems to detect and prevent potential threats (Diniz et al., 2017). Corporate Finance Solutions
(2020) point out that the financial sector was a data-intensive sector with unlimited opportunities
to leverage data to gain valuable insights to revolutionize finance. Big data benefits include realtime stock market insights, financial models, customer analytics, risk management, and fraud
detection. Financial institutions’ challenges in big data applications include meeting regulatory
compliance, data privacy, and data silos (Corporate Finance Solutions, 2020). Data privacy was
associated with data storage in cloud computing. As a result, firms were concerned about putting
sensitive data in the cloud. Many firms utilize public cloud networks; some have tried private
cloud; however, they were expensive to acquire and maintain (Corporate Finance Solutions,
2020).
Big data deployment was beneficial; however, handling sensitive information across
systems that increase the risk of compromising outweighs any advantages the companies might
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
54
acquire (Diniz et al., 2017). Moreover, data compromise damages companies’ reputations and
leads to financial losses. As concerns, financial institutions were not engaging in applying big
data analytics. Fang and Zhang (2016) point out that 62% of banking firms avoided utilizing big
data because of privacy issues. Privacy concerns continually restrict institutions in handling and
analyzing customers’ data.
High-voluminous data from numerous sources pose privacy and security risks (Diniz et
al., 2017). Consumers have concerns about using personal data and how it can be misused or
accessed unlawfully. A survey conducted by McKinsey found that respondents had 44% trust in
financial services with their personal and sensitive data (Anant et al., 2020). The lack of
confidence heightened the numerous data breaches that institutions report. Organizations respond
poorly to data breaches, and there were many exposed records.
Concerns over data privacy push consumers to seek services from other providers
(OECD, 2020). Based on the McKinsey survey, consumers have high trust in an organization
that requests limited personal information and show brisk efforts in acting following breaches in
their systems (Anant et al., 2020). Further, consumers were ready to share information when a
transaction involved effective money management. For less critical marketing, people chose to
restrict the type of information they share.
This research aims to find ways to reduce the privacy was sues associated with big data
by proposing an information security framework that will provide methods that will guide
agencies, including banks, that face ransomware, cyber-attacks, and other threats in the world
today. In addition, the research generates customer confidence in all financial institutions by
suggesting the best ways to reduce scandals and pressure on customer personal data privacy
standards. As much as there was existing digital technology and big data privacy and security,
INFORMATION SECURITY FRAMEWORK FOR BIG DATA
55
these measures were inadequate since the system still faces more threats, particularly during the
Covid-19 pandemic (Mills, 2020).
The research problem discussed was the significant application of privacy was suing,
which was also associated with security protocol in implementing and handling user information,
as reported by most cyberattacks. As a result, most organizations face challenges in protecting
customers’ intellectual property and safeguarding their personal information to maintain
confidentiality and ensure business integrity and stability.
Texas banking association highlights that cyberattacks against banks in Texas increased
by 238% in 2020 (Mills, 2020). There was an increase in wired transfer attempts and
ransomware attacks. With the rise in attacks attributed to the Covid-19 pandemic, many
providers’ attention had shifted, and hackers utilize these opportunities to attempt attacks (Mills,
2020). The rise in attacks adversely affects the application of big data. The research aims to
identify issues involving big data management and private providers of frameworks that will
enhance an existing department to minim…
