
The practical application of data analysis in information security need not be an expensive exercise for companies, says Mohamed Khan, information security senior analyst at Transnet Corporate and speaker at ITWeb Security Summit 2015.
"Systems generate a lot of information, and there are many expensive products and services on the market to analyse this information. Lack of budget and tools is often used as a reason not to analyse information.
"This does not have to be the case. Using freely available tools, one can begin to analyse and understand security information to make better decisions and add value to the organisation," says Khan.
The practical application of data analysis often falls flat due to a lack of skills, notes Khan, adding, with the right people, a lot can be achieved, even on a small budget.
However, he says, a lack of resources is often generally an area of weakness for the practical application of data analysis in information security. "Often, it is left to system administrators to deal with areas such as log reviews, firewall management, etc.
"These individuals may not have the necessary skills in data analytics and so are overwhelmed by the task at hand. Bringing in data analysts or cross-training existing staff can provide a starting point to dealing with the volumes of data and extracting the value."
Khan says there are specific types of skills organisations should be seeking to retain or cultivate to successfully apply practical data analysis in information security.
"You need the security skills to understand the data, its context and value to the organisation. Understanding of risk is important here, too. Then the analytical skills to be able to deal with large volumes, and summarise and report extract exceptions, are important to get useful outcomes," he explains.
Khan notes the biggest information security risks currently faced by local companies vary from organisation to organisation, depending on what they are doing, the maturity of the organisation and their information security programmes.
"Perhaps the biggest risk is in expecting to stop incidents from happening, rather than focusing on quickly identifying and dealing with them," Khan says.
To mitigate risks, he advises organisations should identify sources of information, and ensure they are activated. "[Ensure] useful information is being generated, collected, analysed and then actions taken to continuously improve the environment."
Share