Evaluating the Quantity of Incident-Related Information in an Open Cyber Security Dataset

Abstract

Data-driven security has become essential in many organisations in their attempt to tackle Cyber security incidents. However, whilst the dominant approach to data-driven security remains through the mining of private and internal data, there is an increasing trend towards more open data through the sharing of Cyber security information and experience over public and community platforms. However, some questions remain over the quality and quantity of such open data. In this paper, we present the results of a recent case study that considers how feasible it is to answer a common question in Cyber security incident investigations, namely that “in an incident, who did what to which asset or victim, and with what result and impact”, for one such open Cyber security database.