Analytics

What is cybersecurity analytics?

the application of intelligent data analysis, data mining, and artificial intelligence techniques to analyse cybersecurity problems.

What areas can cybersecurity analytics be applied to?

The entire Cyberspace Operating Environment.

What is the Cyberspace Operating Environment?

The internet, considered as an imaginary, limitless area where people can meet and access any kind of information.

• A global domain consisting of interdependent IT infrastructures and resident data, including the internet, telecom networks, computer systems, and embedded processors/controllers.

What are the pros of cyberspace?

It enables new opportunities for e-commerce, wider outreach, more efficient business processes, and remote work (WFH).

What are the cons of cyberspace?

It opens a new arena for crime such as online banking fraud, hacking, stalking, identity theft, and malware.

What are the layers that make up cyberspace?

• Social — collective and group interaction.

• People — the actors.

• Persona — narrative identity.

• Information — the sources.

• Network — connectivity infrastructure.

• Real world — physical dimension of cyberspace.

What are the three domains of cyberspace?

• Cognitive

• Virtual

• Physical

what is the cognitive domain of cyberspace

represents the community, including social, people, and persona layers.

what is the virtual domain of cyberspace

includes software and virtual connections between networks and nodes.

what is the physical domain of cyberspace

the tangible, real-world infrastructure like cables, computers, and hardware.

How does cyberspace relate to cybersecurity analytics?

Each layer and domain within cyberspace generates data that can be collected and analysed using cybersecurity analytics.

Why do organisations need cybersecurity analytics?

• Optimisation.

• Legal requirements.

• Strategic value.

• Prediction.

• Situational awareness.

Why is optimisation important in cybersecurity analytics?

It provides insight into asset values, allowing better resource planning and improved efficiency—not just detecting attacks.

Why are legal requirements important in cybersecurity analytics?

Organisations must comply with government regulations, using analytics for auditing, internal investigations, and law enforcement.

Why is strategic value important in cybersecurity analytics?

Analytics helps define and track Key Performance Indicators (KPIs) and supports strategic planning through informed risk management, aligning with Board Vision.

Why is prediction important in cybersecurity analytics?

It allows organisations to anticipate future attacks based on past events, improving resilience and preparation.

• mitigate in advanced

• reduce the impact of costly attacks

• identify vulnerabilities

Why is situational awareness important in cybersecurity analytics?

It helps identify ongoing attacks and their targets, enabling better decision-making during specific situations.

• intelligence

• intrustion detection

• current status

What types of data sources can be analysed with cybersecurity analytics?

• Network monitoring logs.

• Host logs.

• Physical logs.

• Employee activity.

• Suppliers.

• Customers.

• OSINT (Open Source Intelligence).

Why are network monitoring logs important in cybersecurity analytics?

They show whether the network is operating securely and can reveal hints of cyberattacks.

• firewall

• access control

Why are host logs valuable for cybersecurity analytics?

They contain records from machines and terminals that can reveal abnormal or suspicious activity.

• logins

• event and application data

• antivirus

Why should physical logs be considered in cybersecurity analytics?

They provide data from physical security systems which can correlate with digital threats.

• CCTV

• swipe card access

• biometrics

Why is employee data relevant for cybersecurity analytics?

Employees may intentionally or unintentionally pose risks, and suspicious behaviour (e.g. on social media) can be an early indicator.

• social media

Why are suppliers a cybersecurity concern in analytics?

External organisations may introduce vulnerabilities that need to be monitored.

• supply chain agreements

Why is customer data considered in cybersecurity analytics?

Customers can unknowingly interact with malicious content or introduce security risks through compromised accounts.

• social media

• reviews

What is OSINT in cybersecurity analytics?

Open Source Intelligence like the MITRE ATT&CK framework, which helps compare internal data against known threat patterns.

• media

• law enforcements

• regulators

• academic publications

What are examples of specific data sources used in cybersecurity analytics?

• Network architecture

• Network scans.

• Firewall logs.

• IDS logs.

• PCAP.

• Server/system logs. - Geographical data. - Social media.

Why is network architecture important for analytics?

It maps assets and connectivity, helps track attack evolution, and supports segmentation to block host-hopping.

Why are network scans useful in cybersecurity analytics?

They help identify potential weak spots in the infrastructure.

Why are firewall logs important in cybersecurity analytics?

They show who tried to exploit a service and reveal which IP or system was targeted.

Why are IDS logs valuable in cybersecurity analytics?

They record abnormal behaviour patterns, helping identify possible attacks.

What is PCAP and why is it important in cybersecurity?

Packet capture data shows detailed information about network traffic for in-depth analysis.

Why are server and system logs used in cybersecurity analytics?

They contain detailed records of system events which may indicate unauthorised activity.

Why is geographical information useful in cybersecurity analytics?

Unusual login locations may reveal suspicious activity or compromised accounts.

Why is social media a useful data source in cybersecurity analytics?

It can reveal insider threats, such as disgruntled employees with a motive.

What considerations must experts take when conducting cybersecurity data analysis?

1. Know the analysis techniques.

2. Understand the data type.

3. Manage data practicalities.

4. Prepare for uncertainties.

What techniques should cybersecurity analysts be familiar with?

• live or historic analysis

• diagnostic or predictive

• the focus of the analytical approach

What data characteristics must be considered in cybersecurity analytics?

• Data quality and reliability.

• Granularity.

• Whether the dataset is big or small.

What are practical concerns in cybersecurity data analysis?

• Pre-processing the data (e.g., Feature Selection).

• Data storage.

• Data protection.

Why must cybersecurity analysts prepare for uncertainties?

Data can be incomplete or inconsistent, and methods may require adjustment based on evolving threats.