Blog Article

Cybersecurity, Data Analytics, and Vulnerability

Written by: Chris Greco

Cybersecurity, Data Analytics, and Vulnerability icon

There are a number of “V’s” that are associated with big data; they include volume, variety, variability, and verification, but one that is often missing despite it being a major part of cybersecurity is vulnerability. It would seem that this “v” is the missing link between data analytics and cybersecurity. Why would cybersecurity professionals care about data analytics when their primary responsibility is preventing unwanted access to systems they supervise? Let’s see what we can discover.

Determining Vulnerability

The question of vulnerability has plagued cybersecurity specialists since the mainframe era. How can you determine the vulnerability of a system while simultaneously determining the risk of using the system? Lucky for us cybersecurity geeks, the National Institute of Standards and Technology (NIST) has developed the National Vulnerability Database (NVD), which contains various tools for determining vulnerability.

Calculating Vulnerability

One of the more useful NVD tools is the Common Vulnerability Scoring System (CVSS), which employs a series of formulary evaluations, including a calculator that rates vulnerability on a scale of zero to ten, with ten being the most vulnerable. CVSS provides standards related to low, medium, high, or critical scores. As the score increases, so do the vulnerability risks. Although IT professionals enjoy scoring their systems, the true benefit is that the resulting scores are used by the NVD to determine the sensitivity to vulnerabilities for some of the most critical systems. This data can also be used to determine historical system vulnerability.

Vulnerability Data

The NIST’s Common Platform Enumeration (CPE) identifies systems undergoing evaluation and publishes related data so that analysts can see growth. But more than that, NIST’s National Vulnerability Database contains searchable product vulnerability data that can be used for elemental, statistical, advanced, regression, and time-series analyses.

Data Visualization

Fortunately, data visualizations you may be looking for have already been developed by previous users. For example, when I searched for “trojan” statistics, the results revealed the following charts that illustrate how often “trojan” has been matched with vulnerabilities.

Search Term: Trojan

Source: NIST-NVD

The chart on the left shows that the number of trojan-related vulnerabilities increased in 2010, 2012, and 2017 and decreased in subsequent years. The chart on the right shows the percentage of trojan-related vulnerabilities per year. Although it does not show causation, this visualization does suggest that trojans are no longer the tool of choice to exploit vulnerabilities.

Search Term: Password

Now, let’s search for “password.” As expected, the charts show that the prevalence of “password” vulnerabilities is far more than “trojan.”

Chart, bar chart Description automatically generated
Source: NIST-NVD

Vulnerability Statistics

The real value of these statistics is the percentage of match for each term. In both cases, word choice analysis helped to determine the value of each search term. We can discern trends by just glancing at the data visualizations. And both sets of charts show how useful data analysis can be to cybersecurity professionals. In fact, I dare say that data analytics is as valuable to cybersecurity as project management and finance.

Management Concepts offers comprehensive certifications training in cybersecurity management & administration. Learn more about our programs today!

Related Resources

See All
Webinar

AI and Data Ethics: Proceed with Caution

Watch our AI and Data Ethics: Proceed with Caution webinar, that discusses the expected benefits and inherent risks of such emerging technology.

Watch
Video

Analytics Training For Every Government Professional

Explore how our analytics training helps federal professionals at any career stage to understand and analyze data with this short video.

Watch
Blog Article

Top 10 Reasons Everyone Working in the Federal Government Needs to Understand Analytics (AN)

In the digital era, where data reigns supreme, understanding analytics has become a crucial skill set across all sectors. However, its significance amplifies within the intricate machinery of the federal government. From policymaking to service delivery, analytics empowers federal employees…

Read More
Infographic

Microlearning

Learn more on how Microlearning delivers bite-sized “nuggets of knowledge,” exactly when and where you need them, boosting retention with quick bursts of focused, engaging content.

Download
Blog Article

How to Leverage the Federal Data Ethics Framework for Ethical Decision-Making

In a world that’s becoming increasingly reliant on technology, ethical considerations have become paramount, especially within the public sector, where the impact of decisions extends to a broad and diverse population. Federal agencies, as custodians of vast amounts of sensitive information, face…

Read More
Webinar

Telling the Story: How to Present Data Analytics Findings Effectively to Stakeholders

Discover how to contextualize data to convey a compelling story so you can influence decision-making process to achieve alignment with your colleagues.

Watch
Blog Article

Navigating the Evolving Federal Acquisition and Contracting Landscape: Trends and Challenges

In the complex world of federal acquisition and contracting, most AC professionals find themselves at the crossroads of change, faced with new trends and challenges that require adaptation, innovation, and dedication. Although perceived as increasingly complex, the acquisition and contracting…

Read More
Infographic

Create a Vision with Your Data

Dive into this infographic, which explores the steps you can take to tell a visual story with your data.

Download
Blog Article

A Federal Employee’s Introduction to Analytics

In today’s ever-evolving work landscape, the words “data analytics” and “data science” are frequently heard echoing through the halls of both private and public sector organizations. As a federal employee, you might find yourself surrounded by these buzzwords, sparking your…

Read More
Blog Article

Choosing the Right Analytics Certificate Program as a Federal Employee

Choosing the right analytics certificate program as a Federal employee will depend on what type of career as a data analyst you want to have in the federal government. There is a slew of Federal employee training courses out there…

Read More

Scroll to view more