Module - 6 - Data and Information Management.ppt

BCSE354E: Information
Security Management
Data and Information Management
A. Avinash, Ph.D.
School of Computer Science and Engineering
Vellore Institute of Technology (VIT), Chennai

Fetching the data/information from reliable
sources
Reference: 1. https://www.easel.ly/blog/collect-reliable-information-infographic/

sources

sources
• Identify reliable sources: Look for reputable organizations
specializing in cybersecurity research, government agencies,
academic institutions, or established cybersecurity news outlets.
Example: Cybersecurity and Infrastructure Security Agency
(CISA), Symantec Threat Intelligence, Verizon Data Breach
Investigations Report (DBIR), or academic journals like IEEE
Transactions on Information Forensics and Security.
• Utilize search engines effectively: Use advanced search features
to filter results by date, domain, or file type to find the most
recent and relevant information.
Example: Search for "cybersecurity threats small businesses
site:cisa.gov" to specifically search the CISA website for
information relevant to small business cybersecurity threats.

sources
• Evaluate the credibility of sources: Check the author's expertise,
publication history, peer-review status, and potential biases.
Example: Ensure that the information comes from official reports, reputable
security firms, or peer-reviewed research rather than unverified blogs or
forums.
• Access the data/information: Navigate to the source's website or
database where the information is located.
Example: Visit the CISA website and look for their reports, advisories, or
best practices related to cybersecurity for small businesses.
• Verify the data/information: Cross-reference the information with other
reliable sources to ensure accuracy and reliability.
Example: Compare cybersecurity threat trends reported by CISA with those
published in industry reports like the Verizon DBIR to validate findings.

sources
• Document your sources: Keep track of the sources used for citation and
future reference.
Example: Note down the title, author, publication date, and URL of the CISA
report or webpage containing information on cybersecurity threats to small
businesses.
• Analyze and interpret the data: Understand the implications of the
data/information in the context of research topic.
Example: Analyze trends in small business cyber attacks to identify patterns and
assess the effectiveness of current cybersecurity measures.
• Synthesize the findings: Summarize findings and incorporate them into
report, or presentation.
Example: Use the insights gathered from reliable sources to propose tailored
cybersecurity recommendations for small businesses aimed at improving their
resilience against cyber threats.

Checking that the data/information is
accurate, complete and up-to-date
1. Identify Data Source and Purpose:
•What data will be verified? In networking security,
firewall logs, intrusion detection system (IDS) alerts, or
vulnerability scan reports.
•How will you use the data? Identifying security
threats, patching vulnerabilities, or generating security
reports?
Example: Analyzing firewall logs to identify potential
intrusion attempts.

2. Verification Techniques:
•Internal Consistency: Check for inconsistencies within the data itself.
Example: Review firewall logs for entries with impossible timestamps or invalid IP
addresses.
•External Comparison: Compare data with known reliable sources.
Example: Cross-reference firewall alerts with threat intelligence feeds or
vulnerability databases to see if the flagged IP addresses are associated with known
malicious actors.
•Timeliness: Ensure the data reflects the current state.
Example: Verify the timestamps on logs and reports to confirm they represent recent
activity.
•Completeness: Check for missing information that could affect analysis.
Example: Ensure firewall logs capture all network traffic, not just specific protocols.

3. Leverage Automation: Utilize data validation tools or scripts to
automate repetitive checks.
Example: Use log analysis software to identify suspicious patterns or
anomalies in firewall logs.
4. Document and Update: Record the verification process and results
for future reference. Schedule periodic data verification to maintain
accuracy
Example: Set automated alerts for outdated vulnerability databases or
log retention exceeding storage capacity.
5. Continuous Improvement: Refine your verification process based
on experience and new threats. Stay updated on evolving security
standards and best practices for data management.

How to Manage Data/Information Effectively?
• What is a policy?
– A policy is a statement of agreed intent that clearly sets out an
organization's views with respect to a particular matter.
• What is a procedure?
– A procedure/practice is a clear step-by-step method for
implementing an organization's policy, or responsibility.
• Why does an Information Security Analyst need to understand the
organization's policies and procedures?
– It gives a framework for actions to get on with their job.
– It helps understand their role and responsibilities.
– It helps comply with the legal requirements.
– It helps understand the quality standards set out by the organization.

• Identifying the appropriate people to take advice from
and to report to with appropriate data/ information
– The kind of data and information that an Information
Security Analyst deals with is sensitive in nature, so one
needs to be aware of the company policy about whom
one can share the data with, and whom one can take
advice from.
– For example, the R&D division of a company may not
want to share the details of its security systems with
heads of other departments, so as an Information
Security Analyst, you will have to be careful about that.

• Understanding the importance of validating information
before use
– As an Information Security Analyst, you will be
inundated with lots of data and information.
– However, you need to validate that data for correctness
and usefulness before using it. This is especially true of
information accessed from the Internet.
– For example, one of your colleagues may have told you
about a security system that your competitor is using.
– Instead of copying that, you should validate that
information and study whether it suits your
organisation’s needs, or not.

• Understanding the importance of getting data/
information reviewed by others
– An Information Security Analyst cannot be expected to
validate all information by oneself, so one can take help
from colleagues.
– However, one has to be careful that one gets the data
reviewed only by authorized persons who have the
domain knowledge.

Ensuring the quality of data
• The Information Security Analyst ensure that the data and information
provided to meets the quality standards set by the organization.
• Parameters
- Error-free
- Up-to-date
- In the specified format
- Easy to retrieve
- During retrieval, data shouldn’t get altered
- Consistent
- Timely availability
- Valid
- Relevant

Rule-based analysis of the data/information
• Define Objectives: Clearly define the objectives of the analysis. This could be
identifying anomalies, categorizing data, detecting patterns, or making decisions based
on specific criteria.
• Identify Relevant Data: Determine the data sources that are relevant to the analysis.
This may include structured data from databases, unstructured data from text sources, or
real-time streaming data.
• Preprocess Data: Clean and preprocess the data to ensure consistency and quality. This
could involve removing duplicates, handling missing values, and transforming data into
a suitable format for analysis.
• Define Rules: Based on the objectives, define the rules or criteria that will be used to
analyze the data. These rules could be based on domain knowledge, business
requirements, or regulatory guidelines.
• Implement Rules: Apply the defined rules to the data. This involves checking each
data point against the specified conditions and criteria to determine compliance or
deviation.

• Decision Making: Based on the outcome of applying the rules, make
decisions about the data. This could involve flagging anomalies,
categorizing data into different groups, or triggering specific actions based
on the rules.
• Validation and Testing: Validate the effectiveness of the rules by testing
them on sample data or historical data. This helps ensure that the rules
accurately capture the desired outcomes and are robust enough to handle
different scenarios.
• Iterative Refinement: Refine and update the rules based on feedback and
insights gained from the analysis. This iterative process helps improve the
accuracy and effectiveness of the rule-based analysis over time.
• Documentation and Reporting: Documentation provides transparency
and enables reproducibility of the analysis.

Example 1: Email Spam Filter
Goal: Identify spam emails.
Data: Email content, sender information,
keywords.
Rules:
1.IF the email contains specific keywords
associated with spam (e.g., "free money",
"urgent") THEN mark as spam.
2.IF the sender's email address is not on a
trusted list THEN mark for further analysis.
Application: This filter automatically
analyzes incoming emails based on the
defined rules.
Evaluation: Monitor the filter's performance
are genuine emails getting flagged? Are
spams slipping through? Refine the rules as
needed.
Example 2: Customer Segmentation
Goal: Group customers based on their
purchase history.
Data: Customer information, purchase
details (amount, frequency, product
types).
Rules:
1.IF a customer spends over $1000 per
month THEN classify as "High
spender".
2.IF a customer primarily buys specific
product categories THEN classify as
"Niche buyer".
Application: The system categorizes
customers based on their purchase
behavior using the defined rules.
Evaluation:Analyze customer segments
and their buying patterns. Refine the
rules for better segmentation if needed.

Benefits of Rule-based Analysis:
•Easy to understand and implement – straightforward logic based on
predefined rules.
•Transparent and explainable – clear reasoning behind each result.
•Fast and efficient – suitable for processing large datasets with well-
defined conditions.
Limitations:
•Less flexible – may struggle with complex or unforeseen situations.
•Requires upfront effort – defining accurate rules can be time-
consuming.
•Maintenance required – rules may need adjustments as data patterns
evolve.

Insert the data/information into the
agreed formats
• Understand Format Requirements: Clearly understand the format
requirements specified by the system, application, or standards
governing the data.
• Identify Data Sources: Identify the sources from which the data will
be retrieved. This could include databases, spreadsheets, APIs, or
external sources.
• Extract Data: Extract the relevant data from the identified sources.
This may involve querying databases, exporting data from
spreadsheets, or fetching data through APIs.
• Cleanse and Transform Data: Cleanse the data to remove any
inconsistencies, errors, or irrelevant information. Transform the data
into a standardized format compatible with the agreed-upon format
requirements.

agreed formats
• Map Data to Format: Map the extracted data fields to the corresponding
fields in the agreed format. Ensure that each data field is correctly matched
and aligned with the format requirements.
• Insert Data into Format: Insert the formatted data into the agreed-upon
format. This could involve creating records, entries, or documents in the
specified format and populating them with the converted data.
• Review and Quality Assurance: Review the inserted data to ensure
accuracy, consistency, and adherence to format requirements. Perform
quality assurance checks to identify and rectify any discrepancies or errors.
• Document and Archive: Document the process of inserting data into the
agreed formats, including any transformations, mappings, or validations
performed. Archive the formatted data for future reference and audit
purposes.

agreed formats
Example: Importing Customer Data into CRM System
•Format Requirement: CRM system requires customer data to be in a specific CSV
format with fields for name, email, phone number, and address.
•Data Source: Customer data stored in an Excel spreadsheet.
•Procedure:
– Extract customer data from the Excel spreadsheet.
– Cleanse the data to remove duplicate records and correct any errors.
– Map the fields (name, email, phone number, address) from the spreadsheet to
the corresponding fields in the CRM CSV format.
– Validate the mapped data to ensure all required fields are populated and
formatted correctly.
– Convert the data into CSV format and insert it into the CRM system.
– Review the imported data in the CRM system to ensure accuracy and
completeness.

Reporting unresolved anomalies in the
data/information
• Initial Analysis: Conduct an initial analysis to investigate and attempt
to resolve the anomalies using automated processes, predefined rules,
or manual interventions.
• Classification: Classify the anomalies based on their severity, impact,
and urgency. Prioritize unresolved anomalies that have significant
implications for decision-making or business operations.
• Investigation: Conduct investigation into unresolved anomalies to gain
a deeper understanding of their root causes and potential implications.
This may involve data exploration, hypothesis testing, or collaboration
with domain experts.
• Documentation: Document the findings of the investigation, including
any insights, hypotheses, or recommendations for further action.

data/information
• Reporting: Prepare a report summarizing unresolved
anomalies, their characteristics, investigation findings, and
recommendations for resolution or mitigation.
• Distribution: Distribute the anomaly report to relevant
stakeholders, including data analysts, decision-makers, and
affected business units.
• Follow-Up: Track the progress of resolving unresolved
anomalies and update stakeholders accordingly.

data/information
Example: Reporting Unresolved Anomalies in Customer Behavior
Data
•Initial Analysis: Automated analysis tools were used to investigate the
anomaly, but no clear explanation or resolution was found.
•Classification: The anomaly is classified as high severity due to its
potential impact on customer satisfaction and retention.
•Investigation: Data analysts collaborate with customer service
representatives and product managers to investigate the root causes of the
increase in complaints. They conduct surveys and interviews with
customers to gather additional insights.
•Documentation: Findings from the investigation, including potential
reasons for the increase in complaints and proposed solutions, are
documented in a detailed report.

data/information
• Reporting: A report summarizing the unresolved anomaly,
investigation findings, and recommendations is prepared and
shared with senior management and relevant stakeholders.
• Distribution: The anomaly report is distributed to customer
service, product development, and marketing teams for
awareness and action.
• Follow-Up: Stakeholders monitor the implementation of
recommended actions and track the resolution progress.
Regular updates are provided to ensure transparency and
accountability.

Module - 6 - Data and Information Management.ppt

More Related Content

Similar to Module - 6 - Data and Information Management.ppt

More from AvinashAvuthu2

Recently uploaded

Module - 6 - Data and Information Management.ppt