Data Analytics for Cyber Security Quiz

Questions and Answers

What is one method for identifying critical alerts in cybersecurity?

Ignoring historical data

Focusing on geographic locations only

Performing alarm clustering (correct)

Using a single database

Time proximity does not play a significant role in analyzing network attacks.

False

What does a keyword matrix help with in cybersecurity analytics?

Identifying significant keywords in logs

Data analytics can identify repeated events of interest in certain time _____ for effective threat analysis.

periods

Match the concepts related to data analytics in cybersecurity:

Vulnerability Assessment = Identifying weaknesses in systems Behavioral Analysis of Attackers = Understanding attack patterns Network Traffic Anomalies = Detecting unusual patterns in data flow Spatial Patterns in Attacks = Geographic analysis of targeted assaults

Which of the following best describes multi-dimensional threat analysis?

Integrating data from multiple features and sources

Clustering based on feature combinations can help reveal potential attack paths.

True

What role does network mapping play in cybersecurity analytics?

It helps visualize network structure and identify targeted attacks.

What aspect of cybersecurity helps identify anomalies in network traffic?

Multi-dimensional threat analysis

Spatial patterns in attacks can be associated with specific geo locations.

True

What type of attack has common underpinnings shared between physical and computer security breaches?

Any type of attack

Utilizing temporal, spatial, and human __________ aspects can lead to new insights in cybersecurity.

behavioral

Match the following aspects with their relevance in cybersecurity:

Vulnerability Assessment = Identifying weaknesses Behavioral Analysis = Understanding attacker patterns Network Traffic Anomalies = Unusual data flow Spatial Patterns = Geo location significance

What is the goal of identifying potential 'collusions' among entities in an attack scenario?

To understand relationships and interactions

Looking at a single dimension of data is enough to identify prolonged attack scenarios.

False

What two factors contribute to proximity in threat analysis?

Source Proximity and Destination Proximity

The analysis of __________ becomes relevant when events occur together.

events

What do anomalies in network traffic often indicate?

Potential security threats

What is one of the primary aims of cybersecurity?

Preventing, detecting, and responding to threats

Cyberattacks solely aim to steal physical property.

False

Name one type of asset that can be affected by cyberattacks.

Personal computers

The motivation behind cyber threats can include damaging reputation, stealing ________, and performing cyber espionage.

intellectual property

Match each type of cyber threat motivation with its description:

Stealing intellectual property = Taking private information for competitive advantage Making a political statement = Using attacks to express political dissent Performing cyber espionage = Gathering confidential information for spying purposes Making a splash = Attracting attention through disruptive actions

Which of the following is an example of a public asset affected by cyberattacks?

Power grid

All cyberattacks are initiated for financial gain.

False

What is one of the four key aspects involved in responding to cyber threats?

Recover and restore the normal state of the system

Study Notes

Course Information

• Course Title: Data analytics for Cyber Security
• Instructor: Senait Desalegn
• Institution: Addis Ababa Institute of Technology, Addis Ababa University
• Date: October 2024

Course Introduction

• The course covers using data analytics to address cybersecurity challenges.
• It does not cover traditional security configurations or patching vulnerabilities.

What is Cybersecurity?

• Cybersecurity is about protecting valuable electronic and physical assets from unauthorized access.
• These assets include personal devices, network devices, information assets, and infrastructural assets.
• Cyberattacks are the methods used to breach security and gain access to valuable assets.

Aims of Cybersecurity

• Preventing cyberattacks against critical assets
• Detecting cyber threats
• Responding to threats that penetrate access to critical assets
• Recovering and restoring systems after successful attacks

Assets Affected

• Personal: Phones, tablets, computers, external drives, cloud drives, email accounts, fitness trackers, smart watches, smart glasses, media devices, bank accounts, credit cards, personal gaming systems
• Public: Smart meters, power grids, sewage controls, nuclear power plants, rail lines, airplanes, traffic lights, citizen databases, websites (county, state, federal), space travel programs, satellites
• Corporate: Customer databases, websites, business applications, business networks, emails, off-the-shelf software, intellectual property

Motivation behind Cyber Threats

• Stealing intellectual property
• Gaining access to customer data
• Making a political statement
• Performing cyber espionage
• Damaging reputation (for fun, or impeding access to data/applications)

Why do we have security risks?

• Applications with dependencies
• Logical errors in software code
• Organizational risks (multiple partners)
• Lack of user awareness (social engineering and phishing)
• Personality traits of individuals using the systems

Handling Cyber Attacks

• Protecting resources and Hardening Defenses
• Capturing data logs
• Monitoring systems
• Tracing attacks and Predicting risks
• Identifying vulnerabilities

Overall Areas of Cybersecurity

• Network Security
• Cyberphysical Security
• Data and Information Security
• Application Security

Sub areas of Cybersecurity

• Application Security: Incorporating security into software development.
• Data and Information Security: Securing data from unauthorized access and misuse.
• Network Security: Securing computer networks to prevent unauthorized access.

Cyber Physical Security

• Emerging challenges due to the coupling of cyber and physical systems (e.g. power plants).
• Risk of disrupting a cyber component, risk of unauthorized control of a cyber system, gaining unauthorized control of physical systems.

Data Analytics

• Focuses on analyzing large amounts of data from diverse sources to find actionable information.
• Involves techniques from data mining, statistics, and business management.
• Key dimensions: volume, velocity, variety, veracity, venue (massive datasets generated rapidly, heterogenous, accurate in complex environments, changing by location).

Anatomy of an Attack

• Clustering: Using methods such as IDS, logs (e.g., SNORT), keyword matrices and word frequency matrix; critical alerts.
• Temporal Proximity: Time intervals used for analyzing patterns.
• Network Evolution: Analyze and evaluate how networks evolve over time.

Why Data Analytics is Important

• Helps understand human aspects of attacks.
• Helps determine temporal, spatial, data-driven aspects of attackers' behavior.
• Helps to understand attacks across various aspects that might use multiple parts of a framework or different databases.
• Helps find trends/patterns/anomalies over time or in relation to location and understand why an attack may occur.

How Can Data Analytics Help?

• Gleaning novel information from multiple sources to identify critical systems/flaws.
• Support defenses of cyber systems
• Analyze data to trace attacks
• Predict risks
• Identify vulnerabilities
• Create robust access control rules through usage and security policies.

Focus of this Course

• Addresses cybersecurity challenges using data analytics.
• Aims at threat hunting/detection, prevention/mitigation, vulnerability discovery, prospective & retrospective analysis. This covers how attacks occur and how to prevent them in the future.

Conclusion

• Course aims to use data analytics to find solutions for cybersecurity issues.

Description

Test your knowledge on the role of data analytics in cybersecurity. This quiz will cover concepts related to protecting digital assets, identifying threats, and the aims of cybersecurity. Perfect for students of the course taught by Senait Desalegn at Addis Ababa Institute of Technology.