Enabling cyber strategy through data visualisation

CSOs, CISOs and Heads of Security are all confronted by one ever present issue, finite resources. The need to allocate limited resources, whether they be financial, technological or human capital is one of the few constants in an industry continually undergoing rapid change.

The digital revolution has seen an exponential growth in technology. Organisations are increasingly adopting technology at a rate which can cause headaches for security managers who are already strapped for resources. There is no silver bullet for a complex problem like this and security managers will need tools to help them focus attention on high risk items.

Data visualisation is often considered by security professionals as an expensive and time intensive exercise. When done poorly this can very much be the truth. On the other hand, when done right, data visualisation can be a very cost effective and highly efficient way to bring order to chaos.

SIEM and SIEM-like products offer similar data analytics capabilities for security, primarily around event correlation. Unfortunately these products can also be cost limiting and generally require significant investment by the organisation in order to be effective, smaller organisations may struggle to find this option feasible.

Presenting ordinary data in a visual format on a smaller scale, can be done with existing tools readily available to most people such as Excel, however next generation data visualisation software such as Tableau and QlikView provide a powerful easy to use platform for presenting data in a user friendly format and at a reasonable cost.

Keeping it simple and using creativity is the best way to leverage data visualisation. Any set of data can be a starting point and there is no shortage of data in the IT world. Asset registers and the like are a great place to start. A good example that can be used to demonstrate some of the useful capabilities of data visualisation is an information repository register.

An information repository register can number in the hundreds of entries even for smaller organisations and generally covers information repositories which store business information such as customer records, HR employee files, legal documents and board papers.

A good information repository register contains an extensive listing of all known locations of such sensitive business information. Each entry should represent a different system, file server or database. The more data attributes captured, the more value it contains.

Common security attributes should be captured for each repository. Some examples of security attributes include whether it has been penetration tested, whether it has been security hardened, how often user access reviews are conducted, how many data records are stored, where it is hosted, sensitivity level of the data stored, whether data is encrypted in transit or at rest and whether it has logging capabilities.

Gathering all this information is quite easy when divided amongst multiple teams, providing a skeleton of the register to stakeholders across the organisation to populate and return is an effective way to complete this exercise with minimal effort.

The next step is to digest and visualise all the raw data using Tableau or QlikView. Once information is presented on a single dashboard, it becomes an intuitive way to delve into what was once endless rows of data to identify patterns or scenarios which may not have been apparent prior to it being organised or visualised.

An example of a precarious combination of attributes to look out for are systems which store sensitive information, are hosted externally and do not encrypt data in transit. Once all these attributes are recorded in the register and presented on an interactive dashboard, it’s as simple as three mouse clicks to whittle down the list to those repositories fitting a particular scenario and display it in an easy to read format.

Unsorted example information repository register with 8 entries

Externally hosted repositories with no encryption in transit
(systems with increased likelihood of data loss)

Sensitive data repositories with no audit trails and low UAR frequency
(systems with increased susceptibility to insider threats)

Identifying at-risk systems by combining data attributes such as the above provides a more scientific method of determining where to efficiently allocate project time and resources for maximum gain.

Data visualisation can also have a profound impact when presenting to senior management, boards and executives. The ability to quickly identify specific scenarios and tailor reports on the fly during a presentation can make a world of difference and provide quantifiable evidence to underpin a business case or report.

Data visualisation can also be used in a similar way to justify security spend in a manner which highlights return on investment and improvements over time. This will be covered in more detail in a following article discussing the use of data visualisation as a reporting tool.

The security industry is only just beginning to embrace the use of analytics as an invaluable asset to aid in the constant battle to protect organisations and information assets, however there is a long way to go and much more potential to be leveraged.

Charn Tangson is a senior analyst in the Deloitte Australia Cyber Risk Services team. Charn has a focus and passion for information security, with a particular interest and expertise in the areas of security management, advisory and transformation as well as third party vendor security. In addition, Charn has experience in Tableau data visualisation for security as well as penetration testing and competed in the Global Cyberlympics 2015 ethical hacking world finals in Washington DC. He has advised numerous companies in the ASX100, large multinational corporations as well as state and federal public sector clients around managing and improving their information security. Charn is also a member of the Australian Information Security Association (AISA) and Information Systems Audit and Controls Association (ISACA).

Join the CSO newsletter!

Error: Please check your email address.

Tags TableauQlikViewencrypt datadata visualisationCSOsCISOcyber strategySIEM

More about AISADeloitteExcelISACA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Charn Tangson

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts