1 / 14

Models of Information Security Analysis

Explore various types of trends in information security analysis, sources of data, and interpretation of results. Learn the cautionary factors in trend analysis and how to identify, interpret, and deal with trends effectively.

adorno
Download Presentation

Models of Information Security Analysis

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Models of Information Security Analysis

  2. Outline • Definitions • Analysis framework • Cautionary factors • Sample analysis

  3. Definitions • Trend: • to extend in a general direction: follow a general course or veer in a new direction • to show a tendency for example, to incline or trend upwards or to become deflected or shift • Trend analysis: search for patterns over time in order to identify the ways in which they change and develop, veer in new directions, or shift • Incident - Any event that harms security at one or more sites

  4. Analysis Framework • Types of trends • Sources of data • Interpretation of results

  5. Types of Trends • Internal and External patterns • Temporal trends • Spatial trends • Associational trends • Compound trends

  6. Sources of Data • CERT/CC Data • Year 2000 - 21,756 Incidents reported to CERT/CC • Year 2001 (Q1) - 7, 457 Incidents reported to CERT/CC • Profiled 1654 incidents, all active during July 2000 - Feb 2001 (plus some preliminary June data) • Open Source Data: • Web page defacement mirrors • Lexus/Nexus • Full disclosure sites • Social data

  7. Limits of Trending • Inherently partial data • Baseline in dynamic environment • Correlation vs. Causation • Implications • Need to be cautious in kinds of conclusions • Consider strategies for dealing with trends gone wrong

  8. Internal Pattern: Staged Attack 1 2 3

  9. External Pattern: Tool Development Intruder 1 Intruder 2 Analysts

  10. Defenders Intruders Temporal Trend

  11. Vulnerabilities in Incidents

  12. Service Shifts

  13. Analysis Process Incident Information Flow Identify Profiles and Categories Isolate Variables Identify Data Sources Establish Relevancy Identify Gaps

  14. Conclusions • Typifying trends simplifies interpretation • Clarification of goals • Identification of relative importance of characteristics • Understanding cyber security is growing in importance

More Related