The National Cyber Security Centre (NCSC) has developed a model for public sector organisations to assess their levels of maturity in data driven cyber (DDC).
It said that DDC the use of evidence and scientific methods to make evidence based decisions on cyber security, and that the move reflects the increasing importance of data science in cyber security and the massive increase in data flows.
Available via an NCSC blogpost, the model includes an ‘as is’ assessment of DDC maturity, a ‘to be’ assessment for the user to decide on the desired level of maturity, and a gap analysis to determine the steps required to reach it.
The model takes in factors on communication and impact, people, security and compliance, platform and data processing costs, integration and data structure, and scope.
It also includes a number of questions to accompany the model, including whether it is possible to: list all of an organisation’s domain names and sub-domains; list all relevant assets and report on the status; and identify a specific vulnerability on a device within a network.
Actionable insights
NCSC data scientist Ben M and project manager Mushin R said the aim is generate actionable insights from data, and that setting up a DDC infrastructure and processes can help organisations adapt to changes in technology and evolving threats.
“DDC can be implemented differently depending on an organisation's priorities, resources, and risks,” the said. “By embracing DDC, we want to help government organisations to better understand their cyber security posture, identify vulnerabilities and areas of weakness, and collaborate more effectively by using existing data to make data driven decisions.”