Data Architecture for Cybersecurity

Rochester Institute of Technology, Spring 2023


Problem Statement

Network defenders in the Office of Cyber Monitoring and Operations need a better way to query and correlate data in a hybrid and multi-cloud data ecosystem in order to develop analytics capability at the network defender level and inform insight-driven decisions on cybersecurity incident response at the senior leadership level.

 
 

Problem Scoping and Discovery

The team conducted 59 unique discovery interviews with consultants, security engineers, and educators. They learned:

  • Each embassy has a different budget with different devices and configurations. Cyber groups that need to conduct incident response do not know what lies on each of these networks. This variation can create problems with the logging and storage of those logs.  

  • Incoming data could be segregated into categories based on their relevance to investigations.

  • Any new software introduced must be accompanied with a continuous training program for employees.

 
 

Solution Proposed

The team recommended specialized software tools to filter incoming data based on their significance to cybersecurity investigations and present cybersecurity specialists with only the most relevant data. 

 
 

Results

The team’s recommendation allowed the DOS sponsors to more objectively assess potential new software tools, and their presentation helped prove to senior leadership why solving the problem was worth the investment.

 
 

 

Ready to get your own results?

DSWinifred WrightData