A Quick How-to Guide to Information Gathering for Cybersecurity
Part of being an efficient cybersecurity analyst or professional is knowing how to effectively gather information.
Gathering data is an underrated skill. There's a ton of information online. But when you're working in cybersecurity or information security, it's essential that the data you collect is relevant, correct, and can help you resolve your problem.
In this article, we'll be talking about what information gathering is, why it's important, how to gather data, and what types of tools you can use to do so.
What is Information Gathering in Cybersecurity?
Information gathering, or data collection, is a process where you follow a series of steps to conduct research and answer questions or resolve problems you have.
Though information gathering isn't bound by cybersecurity, it is an essential skill to have in the field. When you want to understand a specific concept or get more information about one, the first thing you do is research this information.
Depending on the importance of your topic, information gathering can take five minutes or several days.
In cybersecurity, data gathering helps information security and cybersecurity executives uncover information about a potential target. In this case, information gathering can be carried out for various tasks such as penetration testing, network security monitoring, or something else.
As a cybersecurity executive, you can expect your data collection process to take anything from several hours to several days to a month depending on the information gathering method you're using.
It's worth noting that hackers and cybercriminals also gather information about their potential targets.
In other words, information gathering isn't limited to a profession or to one side of the cybersecurity field.
What is the Purpose of Information Gathering?
Regardless of where you are in your career, but even more so if you work in cybersecurity, you're likely to have attempted to gather data at some point.
Usually, people conduct research to gather information to:
O Answer one or more questions they have
O Find a solution to a problem
O Reach a decision based on informed data and insights
O Uncover new angles to a problem
O Uncover a topic for debate or conversation
O Learn a specific skill or concept
O Find an online course
There are many other reasons why an individual would seek to gather data.
In cybersecurity, the information gathering process is a crucial one because it helps you uncover information that may otherwise have been unknown to you.
For example, by gathering and collecting data, you can learn more about securing business networks and reducing the potential of unauthorized access to your company's network.
The next step after gathering the data is analyzing it and looking for potential lapses or gaps in your cybersecurity process or your target's process.
Types of Data Collection
As a cybersecurity researcher or professional, you should be aware of the different types of data collection. Data collection types differ from methods used to gather information. We'll be covering both in this article.
When gathering information, there are two broad categories that the information gathering process falls under. These are:
- Primary data collection
- Secondary data collection
Let's explore each in brief.
Primary Data Collection
As its name suggests, primary data collection is about gathering raw data. You're the initial source of this data. You're not taking it or citing it from another source.
Primary data is collected for a specific reason. For example, you want to know how many types of cybercrimes a cybersecurity analyst is subjected to in the first two years of work.
To get this information, you may want to conduct a survey and gather answers from cybersecurity analysts with up to two years of working experience.
Secondary Data Collection
Meanwhile, secondary data collection involves getting information 'second hand,' that is from other sources.
In this case, the data isn't coming from you. Instead, you're collecting existing data. This can come from online surveys conducted by research firms or other cybersecurity firms or through online journals, magazines, or companies.
Secondary data collection is cheaper and less time-consuming to acquire compared to primary data collection. However, you may sometimes struggle with outdated information or not find exactly what you're looking for.
The decision to go for primary or secondary data collection depends on your needs, the amount of time available to you, and what you want to do with that data.
What are the Techniques and Methods of Gathering Information?
There are several different methods for gathering information and data.
As a cybersecurity professional, you need to be aware of all these techniques and the pros and cons of each to determine which of them best serves your purpose and answers your questions.
Each information gathering method comes with its pros and cons. We've highlighted the advantages and disadvantages of each method below.
1. Questionnaires and Surveys
One of the most common methods of data collection is using questionnaires and surveys.
O You get to collect the information directly from people.
O You're the source of the data.
O Helps build your authority (especially if this is data you can share like a survey with statistics).
O Allows you to tailor the questions as you see fit.
O More flexibility with the number and content of the questions you would like to ask.
O Questionnaires and surveys take a long time to gather the data.
O You may need to work with an external research firm to get in touch with a wider segment faster.
O Maybe costly.
O Takes at least a month to gather the data.
O Requires lots of analysis on your part.
2. One-on-One Interviews
Another option is one-to-one or personal interviews. In this case, you conduct an interview with a specific person or specific people to get certain questions answered.
Usually, one-to-one interviews are carried out after you've created a questionnaire and seek to get additional details from experienced personnel such as chief technology officers (CTOs) or chief information security officers (CISOs).
O You can tailor the questions and add more to your questionnaire as needed.
O You're (or your company is) the source of the information gathered.
O Not all respondents may be available or willing to conduct the interview.
When conducting an observation, you're examining the operation of a certain program so you can gather information about how it works, its effectiveness, and how it's used on a daily basis.
O Allows you to see certain programs in action so you can measure their effectiveness for your organization.
O Might be time-consuming.
O The person doing the observation needs to be familiar with many parts of the program or tool. This includes how the program works, what it looks at, and its effectiveness, among other details.
4. Focus Group
Like the survey and questionnaire, you can create a focus group to create conversation and focus on a specific topic with certain stakeholders that are relevant to your question or problem.
O Allows you to collect fresh data and create a community.
O Gives you direct access to people in your industry.
O Allows you to go in-depth into certain topics as opposed to a generic questionnaire.
O Might be time-consuming.
O Might be costly especially if it requires multiple people from your team to manage the focus group.
5. Use Cases or Case Studies
With use cases and case studies, you get to uncover direct experiences between your brand or product and your customers.
O You get to showcase how customers feel about your product or service and use this to acquire new customers.
O Allows you to uncover what customers like and dislike about your products.
O Enables you to work on the weak areas in your product or improve already-available features.
O Gives you a wider understanding of how customers use your product or service.
O Might be costly in finding people to write the case study effectively.
O Might be costly in collecting the data and conducting interviews.
Information Gathering Tools
To collect data, you need to have some tools at your disposal to help you gather this data and analyze it.
A data collection tool is an instrument or tool that you can use to gather information. It's important to determine the information gathering tools you'll be using because different types of data have different objectives and require different tools.
For questionnaires and surveys, you may opt to use an online tool such as Survey Monkey.
However, in the case of one-on-one interviews, use cases, and focus groups, you're likely to have to conduct interviews.
Interviews can be divided into three sub-categories depending on how you'll pose your questions:
O Structured Interviews
A structured interview means you'll write down a number of questions and ask all interviewees or groups those same questions in that particular order.
- Allows for accurate comparison.
- Prevents you from missing any questions.
- Does not leave room for a broader discussion.
O Unstructured Interviews
These are the opposite of structured interviews. Unstructured interviews mean you ask interviewees and focus group questions off the top of your mind.
- Creates a conversation.
- Allows you to ask follow-up questions you may not have prepared.
- You're likely to forget some questions.
- You won't be asking everyone the same questions.
- Doesn't allow you to accurately compare answers when or if needed.
O Semi-structured Interviews
These are a combination of structured and unstructured interviews.
- Provides the pros of both structured and unstructured interviews.
- Allows you to create conversations, add follow-up questions, and get a deeper understanding of your problem and how to solve it.
- Might be more time-consuming than the other two.
- Might be expensive to collect the data
If you're conducting your information gathering using observation or monitoring of certain cybersecurity tools or processes, you may opt to choose one of the following tools instead:
Security researchers and professionals can use Nmap to uncover open ports that may have vulnerabilities or vulnerable services running that need to be patched up.
This easy-to-use but powerful cybersecurity tool helps security professionals gather information. However, it may be used by ethical hackers and cyber attackers alike. Using Metaspoilt, users can identify network and server vulnerabilities.
The Maltego tool helps users create graph-based data via data mining and network visualization and analysis. In terms of information gathering, security researchers can use Maltego to build IP ranges, find connected devices on a company's network, or map out domains.
Netcat is a tool that creates simple connections between hosts. According to Kali Linux, "Netcat can be used in conjunction with the TCP and UDP protocols for things like port scanning or door channels."
Wireshark is a widely-used packet-sniffing tool. Cybersecurity professionals and network administrators as well as hackers all use Wireshark to gather information from network packets and analyze it.
What is the Process of Gathering Information?
Now that you're familiar with the broader types of data collection, it's time to look at the information gathering process you'll be following.
For best results, we recommend you carry out the following steps in this order or with minor variations.
1. Identify the problem and ask questions that need answering.
2. Identify the objective of answering those questions.
3. Determine how you will collect this data (questionnaires, surveys, research, observatioN, etc).
4. Determine the time available to gather this information (Depending on how much time you have, you may have to avoid time-consuming data collection methods like surveys).
5. Determine the information gathering tools you will use.
6. Compile the information you've gathered.
7. Analyze the information you've collected (This step will depend on the objective for gathering the information).
The information gathering process is important and the skills associated with it are essential for any cybersecurity analyst, researcher, or anyone looking to enter the cybersecurity field.
As a cybersecurity professional, part of your job will involve researching, gathering information, and finding solutions to various kinds of problems.
Data collection may also help you assess the strengths and weaknesses of your organization. This, in turn, will help you uncover potential cybersecurity threats that your organization may be subject to and create risk assessments to support and bolster your company's overall security.
To learn more about how you can develop your cybersecurity skills, visit CyberTalents' For Talent page.