Data Analytics in Cybersecurity

The National Institute of Standards and Technology (NIST) has created the NICE framework to help standardize the terminology used to describe cybersecurity roles. The role of a cyber data analyst is defined within this framework, along with the tasks and requirements for an individual to be able to operate effectively within the role.

What Is a Cyber Data Analyst?

As the name suggests, a cyber data analyst performs data analysis in a cybersecurity context. More specifically, the NICE framework defines the role as analyzing data from multiple sources in order to produce conclusions that would be useful for improving privacy or security.

The cyber data analyst is responsible for data throughout its life cycle, from generating requirements to reporting conclusions. This includes the analysis as well as designing and implementing algorithms and processes for large-scale datasets.

What Does a Cyber Data Analyst Do?

The job of a cyber data analyst is to use data analysis techniques to create useful intelligence to improve security and privacy. To do so, the analyst needs to be competent in all stages of data collection and processing:

  1. Defining Needs: The analyst needs to identify gaps where data collection is necessary for analysis
  2. Data Collection: While the analyst may not collect the data, they should understand what is possible in order to appropriately define collection needs
  3. Analyze Data: The analyze must perform any necessary pre-processing (outlier detection, gap analysis, normalization and so on) and then perform the actual analysis
  4. Drawing Conclusions: Based on the data collected and the analysis, the analyst should be able to prove or disprove any hypotheses
  5. Visualization and Reporting: The analyst needs to know how to make visuals and report results in a form that is understandable to customers or stakeholders

While this analysis process is important, it is not the entirety (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Howard Poston. Read the original post at: