CHAPTER ONE

INTRODUCTION

1.1 BACKGROUND OF THE STUDY

In recent years, technical improvements have increasingly focused on web-

based security issues. Web-based platforms are often targets of cyberattacks

with malicious intent every day (Mousa et al,2020). Web-based platforms are

routinely targeted by attackers due to the vast amount of data and control

they offer (Pevnev & Kapchynskyi, 2018). The confidentiality, integrity, and

accessibility of vital information are now significantly at danger due to the

sophistication and prevalence of cyber attacks, which also include data

breaches, ransomware attacks, and illegal access to networks (Boehmer, 2014;

Michael, 2017; Perwej etal, 2021). Alexander (2015) claims that cyber threats

cover a wide range of risks, including targeted attacks, malware, spam, abuse

of system privileges, disclosure of sensitive data, vulnerabilities triggered on by

poor maintenance, inadvertent information leaks brought on by user errors,

and web defacements that involve disseminating false information or

discrediting people or organizations.

1
The necessity of protecting the networks and systems on which we rely has

consequently become increasingly important. In order to defend economic

security, maintain national defense, and guarantee personal safety, this is

crucial. In today's world, it has become an absolute requirement (Nica et

al,2019; Tech Georgia, 2016). The advent of big data platforms and machine

learning techniques has proven to be a valuable advancement in the realm of

knowledge discovery and data science (Zhou et al, 2017). These developments

have opened up opportunities for effectively addressing cyber threats (Ahmed

et al, 2017). Big data analytics provides a platform for organizations to uncover

previously unknown patterns and gain actionable insights about their

businesses and environments, including bolstering their cyber defense

capabilities (Zuech et al, 2015). By utilizing big data tools and techniques, cyber

analytics enables the collection, processing, and refinement of network activity

data, employing algorithms to review each network node in near-real-time

(Bose et al, 2017). Additionally, visualization tools are utilized to easily identify

abnormal behavior, enabling prompt response and investigation when

necessary (Ponemon Institute, 2013).

Hence, there is a critical need to develop and implement data analysis

methodologies that can enable organizations to evaluate their cybersecurity

2
compliance status accurately. By leveraging advanced analytics techniques,

such as machine learning, data mining, and anomaly detection, organizations

can gain deeper insights into their compliance posture, identify potential

vulnerabilities, and make informed decisions to enhance their security

measures.

1.2 STATEMENT OF PROBLEM

Although there have been enormous investments made in cyber security to

reduce cyber risks, the development of new threat landscapes has rendered

many current controls and conventional instruments useless against

sophisticated attackers. The constantly changing and wide variety of threat

actors prevalent in today's digital ecosystem, as noted by Ernst & Young (2015),

have been unable to be kept up with by industry security developments.

Furthermore, organizations generate a significant volume of data related to

their cybersecurity practices. Analyzing this data manually is time-consuming,

error-prone, and impractical, especially given the sheer volume and complexity

of the data (Lee, 1999). Extracting meaningful insights from this data requires

advanced data analysis techniques that can handle large-scale data processing,

anomaly detection, and correlation analysis (Bilge, et al, 2012). By leveraging

3
advanced analytics techniques, organizations can gain deeper insights into

their compliance status, identify areas of improvement, and implement

proactive measures to mitigate cybersecurity risks.

1.3 OBJECTIVE OF THE STUDY

The primary objective of this thesis was to develop a method for Data Analysis

on Cybersecurity Compliance. Other objectives include:

1. Develop a predictive analytics model for anticipating and

forecasting cyberattacks.

2. To evaluate the effectiveness of the proposed techniques.

3. Provide recommendations for organizations to improve their

cybersecurity compliance processes.

1.4 JUSTIF ICATION OF THE STUDY

The digital landscape is witnessing an unprecedented rise in cyber threats and

attacks. Organizations across various sectors face constant risks to their

sensitive information, customer data, and critical systems. The significance of

this study lies in its focus on cybersecurity compliance, as adherence to

compliance standards is vital for organizations to mitigate these risks

effectively. This study is justified as it aims to provide insights and

4
methodologies to simplify compliance assessment and help organizations meet

the complex compliance obligations effectively.

1.5 SIGNIFICANT OF THE STUDY

The significance of this research project has practical and theoretical

significance. Firstly, it holds great importance in enhancing organizational

security in the face of increasing cyber threats. By developing and

implementing data analysis methodologies for cybersecurity compliance,

organizations can gain deeper insights into their compliance status, identify

potential vulnerabilities, and take proactive measures to strengthen their

security controls. This contributes to an improved overall security posture,

protecting valuable digital assets and maintaining customer trust.

Secondly, the study has broader implications for compliance practices. By

analyzing compliance data effectively, organizations can identify gaps and

areas of non-compliance, enabling them to take corrective actions promptly.

The research findings and recommendations will guide organizations in

developing robust compliance monitoring processes, ensuring ongoing

adherence to regulatory requirements, and avoiding penalties and reputational

damage associated with non-compliance.

5
Additionally, the research project bridges the gap between compliance

frameworks and data analysis techniques. While compliance frameworks

provide guidelines for security controls, they often lack specific guidance on

how to analyze compliance data effectively. By filling this gap, the study offers

methodologies and best practices for analyzing compliance data, enabling

organizations to extract meaningful insights and make informed decisions

based on data-driven assessments.

Moreover, the study is significant in supporting regulatory compliance efforts.

Regulators play a crucial role in establishing cybersecurity regulations and

standards, and the research findings can inform the refinement of existing

frameworks, the development of new regulations, and guidance to

organizations on how to evaluate and report their compliance status

accurately.

Furthermore, the research project strengthens data-driven decision making. By

applying advanced analytics techniques to compliance data, organizations can

derive actionable insights that empower them to allocate resources effectively,

prioritize security measures, and make informed decisions to enhance their

cybersecurity posture.

6
Lastly, the study has practical implications for various stakeholders, including

customers, employees, and business partners. By improving cybersecurity

compliance practices, organizations can safeguard sensitive customer

information, protect individuals' privacy, and reduce the risk of data breaches.

This enhances customer trust, protects stakeholders' interests, and fosters a

secure environment for conducting business.

7
REFERENCES

Ahmad, S., Rodziah, B. and Nasir, B. (2011). Data Quality Enhancement

Technology to Improve Decision Support. Croatia: Intech. pp 34-41

Ahmed, E., Yaqoob, I., Hashem, I. A. T., Khan, I., Ahmed, A. I. A., Imran, M., &

Vasilakos, A. V. (2017). The role of big data analytics in Internet of Things.

Computer Networks, 129, 459-471 available at

https://doi.org/10.1016/j.comnet.2017.06.013

Bilge, L., Balzarotti, D., Robertson, W., Kirda, E., & Kruegel, C. (2012, December).

Disclosure: detecting botnet command and control servers through large-scale

netflow analysis. In Proceedings of the 28th Annual Computer Security

Applications Conference (pp. 129-138).

Boehmer, W. (2014). Towards analysis of sophisticated attacks, with

conditional probability, genetic algorithm and a crime function. Cd-Ares, 8708,

250–256. Retrieved from http://dblp.uni-trier.de/db/conf/IEEEares/cd-

ares2014.html#Boehmer14

8
Böse, B., Avasarala, B., Tirthapura, S., Chung, Y. Y., & Steiner, D. (2017).

Detecting insider threats using radish: A system for real-time anomaly

detection in heterogeneous data streams. IEEE Systems Journal, 11(2), 471-482.

Ernst and Young. (2015). Using cyber analytics to help you get on top of

cybercrime -Third-generation security operations centers. Retrieved from

http://www.ey.com/Publication/vwLUAssets/ey-third-generation-security-

operations-centers-2015/$FILE/ey-third-generation-security-operations-centers-

2015.pdf

Lee, W. (1999). A data mining framework for constructing features and models

for intrusion detection systems. Columbia University.

Meng, J. (2018) Security Threats and Countermeasures of Computer Network

Web based. PC Fan, 23, 37-37.

Meng, X.F., Ma, C.H. and Yang, C. (2019). Review of Machine Learning Web based

System. Computer Research and Development, 56, 1803-1820.

Michael, M. (2017). Few victims reporting ransomware attacks to FBI. Retrieved

from https://threatpost.com/few-victims-reporting-ransomware-attacks-to-fbi/

126510/

9
Mousa A., Karabatak M., & Mustafa T. (2020). Web based Security Threats and

Challenges. 2020 8th International Symposium on Digital Forensics and Security

(ISDFS), 1-5.

Nica E., Tudorica B. G., Dusmanescu D. M., Popescu G., & Breaz A. M. (2019).

Web based Security Issues - A Short Analysis on the Emergent Security Problems

Generated By NoSQL Web based. Economic Computation and Economic

Cybernetics Studies and Research, 53(3/2019), 113–129.

https://doi.org/10.24818/18423264/53.3.19.07.

Perwej, Y., Abbas, S. Q., Dixit, J. P., Akhtar, N., & Jaiswal, A. K. (2021). A

systematic literature review on the cyber security. International Journal of

scientific research and management, 9(12), 669-710.

Pevnev V., & Kapchynskyi S.(2018). Web based Security, Threats and Preventive

Measures. Advanced Information Systems, 2(1), 69–72.

https://doi.org/10.20998/25229052.2018.1.13

Zhou, L., Pan, S., Wang, J., & Vasilakos, A. V. (2017). Machine learning on big

data: Opportunities and challenges. Neurocomputing, 237, 350-361.

Zuech, R., Khoshgoftaar, T. M., & Wald, R. (2015). Intrusion detection and big

heterogeneous data: a survey. Journal of Big Data, 2(1), 1-41.

10
11