4.9.2 Data Sources
Vuln scans, reports, dashboards, packet captures.
Data sources are the diverse inputs, logs, and telemetry used by security professionals to identify vulnerabilities, detect active threats, and ensure regulatory compliance.
Technical Monitoring Sources - Vulnerability Scans: Periodic or continuous probes used to identify known weaknesses, misconfigurations, and missing patches. These provide the baseline for risk assessment. - Packet Captures (PCAPs): Detailed records of network traffic used for deep packet inspection. PCAPs are essential for incident response to see exactly what data was transmitted during a breach. - Log Files: Records from firewalls, servers, and applications that provide an audit trail of system events and user access. - Dashboards: Visual aggregations of data sources (SIEM/SOAR) that allow analysts to monitor real-time security posture and identify anomalies quickly.
Threat Intelligence & Research - Threat Intelligence: A collection of information regarding past, current, and potential threats. It is often shared between organizations to build collective defense. - Vulnerability Databases: Public or private repositories (like CVE) that list known security flaws in software and hardware. - Research Sources: Academic journals, social media, and security blogs used to stay ahead of zero-day exploits and emerging adversary tactics.
Governance and Data Roles Data protection is governed by frameworks like GDPR, which mandate specific roles to ensure the integrity and privacy of sensitive information: - Data Owner: The entity (usually the organization) with legal rights to the data, including copyrights and the authority to delegate management tasks. - Data Controller: Under GDPR, the person or entity that determines the "why" and "how" of data processing. They are responsible for ensuring PII compliance and reporting. - Data Processor: An entity that handles data on behalf of the controller. They follow the controller’s instructions and maintain technical security. - Data Custodian/Steward: The individual responsible for the technical aspects of data, such as performing backups, maintaining encryption, and ensuring data availability.
Data Risks and Impact - Data Breach: The unauthorized exposure of confidential information via accident or intent. - Data Exfiltration: The malicious transfer of data from a secure network to an external location. - Impacts: Breaches lead to reputational damage, financial penalties from non-compliance, and operational downtime during recovery.
Quick recall - GDPR Trigger: EU regulation involving Controllers (decision makers) and Processors (service providers). - Vulnerability Scan vs. PCAP: Scans look for holes; PCAPs show what went through the holes. - Data Owner: Legally responsible; usually the organization, not an IT admin. - Threat Intelligence: Shared data about active adversaries and new exploits.