Data Driven Cyber Security

08.05.2023

According to the UK data protection legislation, each controller and each processor must implement appropriate technical and organizational measures to ensure a level of security appropriate to the risks arising from the processing of personal data. In the rapidly advancing digital landscape where cyber security has become increasingly complex, ensuring the security of data is crucial for data controllers and processors. It is important for data controllers and data processors to acknowledge and address new arising risks in order to comply with the data protection regulations in light of cyber security.

The UK National Cyber Security Center (“NCSC”) highlights the usefulness of a data-driven approach in addressing this challenge[1]. Data-driven cybersecurity (“DDC”) is an approach to cybersecurity that uses scientific method and data analysis to make evidence-based decisions. It involves leveraging high-quality data to generate actionable insights that can help organizations to better understand their cybersecurity posture and make informed decisions. By using big data to analyse cybersecurity practices, data-driven cybersecurity seeks to improve outcomes, transparency, and trust. DDC can be implemented in different ways based on an organization's priorities, resources, and risks.

To facilitate the DDC journey, NCSC has developed a maturity model that helps organizations assess their level of data-driven cybersecurity maturity. It can be used to:

assess the current level of DDC maturity in an organisation ('As is')
decide what level of maturity will be required in future ('To be')
determine which steps could be taken to reach the desired maturity level (‘Gap analysis’)

This model takes into account various factors such as communication, people, security and compliance, platform and data processing tools, integration, and data structure. By asking key questions related to these pillars, organizations can identify gaps and take steps to improve their cybersecurity posture.

Can you list all your assets (like devices) and report on their status?
Can you list all your RDP ports? Can you see which ones are open?
Can you show a diagram of the segmentation of your network? If part of it was affected by ransomware, would you be confident the other parts would be unaffected? Could you check to be sure?
If you were told there was a specific vulnerability on at least one device on your network, would you be able to identify it from the versions of software products on each device?
Do you know which vulnerabilities your organisation has, how widespread they are, and on which devices?
Do you receive threat intelligence? How do you determine if it is relevant to your organisation? Can you quickly determine how many (and which) of your devices and networks are affected?
Is your cyber security data analysis posture sustainable? Do you have skilled staff working on it? Can you maintain the team?

[1] https://www.ncsc.gov.uk/blog-post/data-driven-cyber-transforming-cyber-security-through-an-evidence-based-approach

Tagged with: Kavlak Law Firm, Ayşe Aybüke Çilingir, Özge Keskin, Data Protection & Privacy, Cyber Security

This website is available “as is.” Turkish Law Blog is not responsible for any actions (or lack thereof) taken as a result of relying on or in any way using information contained in this website, and in no event shall they be liable for any loss or damages.

SPK’dan e-Başvuru Zorunluluğu

CMB Deploys Electronic System for Submissions

Sermaye Piyasası Kurulu Tarafından Payların İlk Halka Arzı Öncesi Uyulacak Ön Şartlardaki Tutarların İndirimine İlişkin Kurul İlke Kararı Yayımlandı

Call Option Agreement on Shares of a Joint Stock Company

Bağımsız Denetime Tabi Şirketlerin Belirlenmesine Dair Karar

The Decision on Determination of Companies Subject to Independent Audit

Two-minute Recap of Recent Developments in Turkish Competition Law - March 2024

Two-minute Recap of Competition Law Matters Around the Globe – March 2024

Competition Newsletter - April 2024

Türkiye’s Green Transition Journey and Effects on Construction Sector

“Reasonable” Remedy Period

An Overview of FIDIC 2022 Reprint

ÇSY Kapsamında Kişisel Verilerin Korunması Hukukunun Önemi

The Importance of Personal Data Protection Law Within the Scope of ESG

Kişisel Verileri Koruma Hukuku Güncel Gelişmeler - Mart 2024

Esin Litigation Quarterly | Issue 4 | March 2024

Kanada Mahkemesinden Dikkat Çeken Yapay Zeka Kararı

Pivotal Decision on Artificial Intelligence from Canadian Tribunal

2024 Yılı İtibarıyla Perakende Ticaret Mevzuatında Neler Değişti?

Sadakat Programlarına İndirimli Satış Reklamı Yasağı!

Obligations under the Distance Contracts Regulation are Postponed

Communiqué on the Promotion of the Use of Green Cement with Low Carbon Emission in Public Procurement Contracts has been Published

Şarj Hizmeti Ağlarında Konsolidasyon: Lisans İptalleri

The Consolidation of Charging Service Networks: Cancellation of Licenses

Kurumsal Sürdürülebilirlik Özen Yükümlülüğü Direktifi (CSDDD) Onaylandı

Corporate Sustainability Due Diligence Directive (CSDDD) Approved

Yeşil Dönüşüm Yolunda: Çevre Etiketi Sistemi

Ödeme ve Elektronik Para Kuruluşlarının Asgari Özkaynak Miktarlarında Değişiklikler

Amendments Regarding Minimum Equity Amounts for Payment and Electronic Money Institutions

Dijital Türk Lirası’nda Faz-2 Çalışmalarına Başlandı

Technology Disruption in the Insurance Industry

Cyber Insurance

İklim Değişikliğinin Sigorta Sektörü Üzerindeki Etkisi

Türkiye's Geopolitical and Strategic Importance Regarding Counterfeiting Activities

Design Registration Application in Turkey: Things to Consider

Turkish PTO Will Handle Non-Use Cancellation Actions as of January 10, 2024

İşçinin Ölümü Halinde Kıdem Tazminatı ve Ölüm Tazminatı Taleplerinin Karşılaştırmalı Olarak Değerlendirilmesi

Non-competition Obligation - Intervention of the Judge

İş Sözleşmelerinde Rekabet Etme Yasağı

Torba Kanun ile İlaç Mevzuatında Değişiklikler

Omnibus Law Amends Pharmaceutical Legislation

Sağlık ve Yaşam Bilimleri Bülteni - Şubat 2024

Spor Müsabakalarına Dayalı Bahis ve Şans Oyunları

Remarkable Topics of Recent Times: Betting and Games of Chance on Sports Competitions

Advertising Board Published the Report on Supplementary Food Advertisements!

Convertible Investments in Türkiye

Türkiye’de Pay Opsiyon Planları ve Birleşme Devralmalara Etkileri

Employee Stock Option Plans and Effects on M&A Practices in Türkiye

Yayımlanan Yönetmelik ile Konutların Turizm Amaçlı Kiralanması

Konutların Turizm Amaçlı Kiralanması

Konut Kira Bedeli Artışlarında Azami Sınır

Anonim Şirketlerde Önemli Miktardaki Varlığın Satışı ve İlgili Tartışmalı Konular

Sale of Significant Assets in Joint Stock Companies and Related Contentious Issues

Adi Konkordatoda Alacaklılar Toplantısı

Türkiye’de Çalışan Pay Opsiyon Planları ve Yatırım Sürecindeki Etkileri

Yatırım ve Pay Devri İşlemlerinde Ara Dönem ve Kapanış Şartları

What is Convertible Debt as a Method of Quick Access to Finance?

Damga Vergisi Kanun Genel Tebliği (Seri No: 69) Hakkında Bilgi Notu

Information Note Regarding the General Communiqué on the Stamp Duty Law (Serial No: 69)

Anayasa Mahkemesi’nden Enflasyon Düzeltmesine İlişkin Önemli Karar

AB’den Devrim Niteliğinde Düzenleme: Yapay Zekâ Yasası Onaylandı

Revolutionary Regulation from EU: AI Act is Approved

AB’den Yapay Zekâ Devrimi: AI Act Onaylandı

Türkiye’de Deniz Kirliliği Cezalarına İlişkin Yeni Düzenleme

Current Pollution Administrative Fines

Maritime Disputes: A Comprehensive Examination of LMAA, ISTAC, and Turkish Courts’ Approaches to Maritime Cases - Part 2

Şirket Yöneticilerinin Cezai Sorumluluğu

An Overview of Occupational Fraud 2024: A Report to the Nations by ACFE

Güneş Balçıkla Sıvanmaz!

Data Driven Cyber Security

Popular Articles on Data Protection & Privacy

Subscribe to our newsletter