Recently, the National Cyber Security Council (NCSC) has been driving its strategy towards data-driven cyber (DDC). The NCSC is focused on supporting an evidence-based approach to cyber security plans. Enterprise cyber security is becoming more complex, and many organisations are hesitant to create an additional data stage due to uncertainty and concerns of being overwhelmed.
The NCSC recently highlighted how two of their teams work together to respond to vulnerabilities (The Vulnerability Management Team) and the DCMA (Data Campaigns and Missions Analytics) team to apply their knowledge of data to generate evidence-based security insights for the NCSC.
Many government teams collect significant amounts of data, of which much is high value. The challenge, however, is interpreting this information and tackling the view that generating insights requires a transformation of the existing workflows. Instead, direct data capture should be considered a method to deliver accessible and actionable insights to strengthen the decision-making process. Applying this approach can generate considerable benefits.
For the NCSC, the team explored the data sets available and focused on one insight that could be applied to deliver a meaningful evidence-based security discussion. The NCSC created the Vulnerability Avoidability Assessment (VAA), an analytic that applies two internal data sources and one public source to recognise vulnerability reports created due to out-of-date software. The NCSC found that exploring the reports would enable further discussions about how potential vulnerabilities could be avoided or reduced. Applying this approach allowed the NCSC to determine the length of these vulnerabilities and define an avoidable vulnerability, with the necessary actions to rectify and challenge. The creation of new insights provided additional data for the team to have detailed evidence-based discussions with relevant stakeholders on processes and strategies.
The path towards DDC emphasises the significant value of leveraging data to make evidence-based security plans. The example partnership in the NCSC represents how data can influence decision-making. Companies must understand how adopting DDC doesn’t necessarily involve a complete transformation of current systems but more the ability to focus on implementing small, actionable insights that can support future business decisions.