Sat. May 21st, 2022
    en flag
    nl flag
    et flag
    fi flag
    fr flag
    de flag
    pt flag
    ru flag
    es flag

    Content Assessment: Defining Cyber Discovery? A Definition and Framework

    Information - 95%
    Insight - 90%
    Relevance - 90%
    Objectivity - 90%
    Authority - 90%

    91%

    Excellent

    A short percentage-based assessment of the qualitative benefit of the recent post highlighting a definition and framework for cyber discovery.

    Editor’s Note: From time to time, ComplexDiscovery highlights publicly available or privately purchasable announcements, content updates, and research from data discovery and legal discovery providers, research organizations, and ComplexDiscovery community members. While ComplexDiscovery regularly highlights this information, it does not assume any responsibility for content assertions.

    To submit recommendations for consideration and inclusion in ComplexDiscovery’s data and legal discovery-centric service, product, or research announcements, contact us today.


    Defining Cyber Discovery? A Definition and Framework

    Overview

    Provided for your review and use is a non-comprehensive overview of definitions, depictions (graphical), and descriptions that may be helpful in considering the conduct of cyber discovery. The presented overview* represents a framework based on high-level artificial intelligence lifecycle stages as developed by the European Union Agency for Cybersecurity (ENISA) (1) modified through the lens of traditional eDiscovery planning and practices grounded within the Electronic Discovery Reference Model (EDRM) (2). The modification attempts to combine computer-centric artificial intelligence and machine learning models with data and legal discovery developed protocols and tools to provide a high-level generic reference model for considering cyber discovery stages and tasks.

    In discussing the framing of cyber discovery stages and tasks within a generic reference model, it is first important to provide several definitions that may be helpful in understanding the relationships between cyber discovery, data discovery, and legal discovery.


    Reference Definitions

    • Cyber Discovery: The application of a combination of data discovery and legal discovery approaches to enable the exploration of patterns, trends, and relationships within unstructured and structured data with the objective of uncovering insight and intelligence to proactively or reactively respond to cybersecurity-centric challenges. (3)
    • Data Discovery: The exploration of patterns and trends within unstructured data with the objective of uncovering insight. (4)
    • Legal Discovery (eDiscovery): The process of identifying, preserving, collecting, processing, searching, reviewing, and producing electronically stored information that may be relevant to a civil, criminal, or regulatory matter with the objective of uncovering intelligence. (5)
    • Insight: The understanding of cause and effect based on the identification of relationships and behaviors within a model, context, or scenario. (6)
    • Intelligence: The ability to acquire and apply knowledge and skills. (7)

    Reference Model (Stages and Tasks)

    Generic Cyber Discovery Model – May 2021

    Reference Descriptions ( Stages and Tasks) 

    Preparation: Initiation of the Cyber Discovery Process

    • Cyber Discovery Goals: Identifies the purpose of cyber discovery requirements. Links the purpose with the questions to be answered by the models, protocols, and tools to be used in the cyber discovery approach. Identifies model, protocol, and tool types based on the questions to be answered.
    • Data Collection and Ingestion: Identifies the input data to be collected and ingested and the corresponding context metadata. Organizes ingestion according to model and protocol requirements, importing data in a stream, batch, or multi-modal fashion.
    • Data Exploration: Identifies the attributes of data collected and ingested as assessed for use with potential models and protocols. Considers data appropriateness for answering questions related to cyber discovery goals.
    • Data Processing: Converts, integrates, and normalizes ingested data to facilitate data use as part of selected models and protocols with required applications necessary for answering questions related to cyber discovery goals.

    Planning: Model and Protocol Planning

    • Model and Protocol Planning (AI + Experts): Identifies the data set dimensions based on preparation stage efforts and determines the most effective models, protocols, and tools to be selected, built, tested, trained, and tuned prior to cyber discovery.

    Training: Selection, Building, Testing, and Training

    • Model and Protocol Selection and Building: Selection and building (customization) of the models, protocols, and tools most suitable for the identified cyber discovery goals.
    • Model and Protocol Testing and Training: Applies the selected models, protocols, and tools against a training set of appropriate data to validate selected cyber discovery approaches.

    Tuning: Validation and Evaluation

    • Model and Protocol Validation: Applies the selected models, protocols, and tools against a validation set of appropriate data to validate selected cyber discovery approaches.
    • Model and Protocol Evaluation: Applies the selected models, protocols, and tools against a validation set of appropriate data to evaluate selected cyber discovery approaches.

    Discovery: Adaptation, Deployment, and Maintenance

    • Model and Protocol Adaptation (Adjustment): Leverages pre-trained and pre-tuned models, protocols, and tools to serve as the starting point for faster and more efficient achievement of cyber discovery goals as defined by cyber discovery objective questions.
    • Model and Protocol Deployment (Execution): Takes trained models, protocols, and tools and makes them available to data scientists, data providers, and data reviewers to answer questions defined in cyber discovery objective questions.
    • Model and Protocol Maintenance (Monitoring): Monitors models, protocols, and tools and their impact on the achievement of defined cyber discovery objectives.

    Response: Cyber Discovery Understanding

    • Cyber Discovery Action: Assesses the value proposition of the deployed models, protocols, and tools. Estimates (before deployment) and verifies (after deployment) the achievement of insight and intelligence objectives that can answer defined cyber discovery goal questions and drive an appropriate business, legal, or regulatory response.

    This non-all-inclusive reference model may be useful for visualizing one potential approach to cyber discovery. It may also be useful for framing discussions that dive deep into the conduct of specific cyber discovery actions ranging from proactive cybersecurity assessments to reactive post-data breach discovery and review efforts in support of incident responses.

    References

    (1) European Union Agency for Cybersecurity, 2020. Artificial Intelligence Cybersecurity Challenges. [online] European Union Agency for Cybersecurity. Available at: https://digital-strategy.ec.europa.eu/en/library/report-artificial-intelligence-cybersecurity-challenges [Accessed 2 May 2021].

    (2) EDRM | Empowering the Global Leaders of eDiscovery. 2021. EDRM. [online] Available at: https://edrm.net/ [Accessed 2 May 2021].

    (3) Robinson, R., 2021. Considering Cyber Discovery? A Strategic Framework. [online] ComplexDiscovery. Available at: https://complexdiscovery.com/ [Accessed 2 May 2021].

    (4) All, A., 2014. Data Discovery Is Changing Business Intelligence. [online] Enterprise Apps Today. Available at: http://www.enterpriseappstoday.com/business-intelligence/data-discovery-is-changing-business-intelligence.html [Accessed 2 May 2021].

    (5) Grossman, M. and Cormack, G., 2013. The Grossman-Cormack Glossary of Technology-Assisted Review. Federal Courts Law Review, [online] 7(1). Available at: https://www.fclr.org/fclr/articles/html/2010/grossman.pdf [Accessed 2 May 2021].

    (6) Wikipedia. 2021. Insight. [online] Available at: https://en.wikipedia.org/wiki/Insight [Accessed 2 May 2021].

    (7) In: Lexico (Oxford). 2021. Intelligence. [online] Available at: https://www.lexico.com/definition/intelligence [Accessed 2 May 2021].

    *Modified and shared with permission under Creative Commons – Attribution 4.0 International (CC BY 4.0) – license.

    Additional Reading

    Source: ComplexDiscovery

     

    Have a Request?

    If you have information or offering requests that you would like to ask us about, please let us know and we will make our response to you a priority.

    ComplexDiscovery is an online publication that highlights cyber, data, and legal discovery insight and intelligence ranging from original research to aggregated news for use by cybersecurity, information governance, and eDiscovery professionals. The highly targeted publication seeks to increase the collective understanding of readers regarding cyber, data, and legal discovery information and issues and to provide an objective resource for considering trends, technologies, and services related to electronically stored information.

    ComplexDiscovery OÜ is a technology marketing firm providing strategic planning and tactical execution expertise in support of cyber, data, and legal discovery organizations. Focused primarily on supporting the ComplexDiscovery publication, the company is registered as a private limited company in the European Union country of Estonia, one of the most digitally advanced countries in the world. The company operates virtually worldwide to deliver marketing consulting and services.

    Challenged by Leaky Forms? A Study of Email and Password Exfiltration

    The report "Leaky Forms: A Study of Email and Password Exfiltration...

    Automating Incident Response? Considering Artificial Intelligence in Cyberspace

    According to the recent research report from the CCDCOE on Automated/Autonomous...

    Russian Cyberattack Activity in Ukraine: A Special Report from Microsoft

    According to an April 27, 2022 report from Microsoft's Digital Security...

    Informing Business Decisions? Cybersecurity Market Analysis Framework from ENISA

    The ENISA Cybersecurity Market Analysis Framework is designed to improve market...

    Smarsh to Acquire TeleMessage

    “As in many other service industries, mobile communication is ubiquitous in...

    A Milestone Quarter? DISCO Announces First Quarter 2022 Financial Results

    According to Kiwi Camara, Co-Founder and CEO of DISCO, “This quarter...

    New from Nuix? Macquarie Australia Conference 2022 Presentation and Trading Update

    From a rebalanced leadership team to three concurrent horizons to drive...

    Strong Growth? KLDiscovery Inc. Announces First Quarter 2022 Financial Results

    According to Christopher Weiler, CEO of KLDiscovery Inc, “The first quarter...

    On the Move? 2022 eDiscovery Market Kinetics: Five Areas of Interest

    Recently ComplexDiscovery was provided an opportunity to share with the eDiscovery...

    Trusting the Process? 2021 eDiscovery Processing Task, Spend, and Cost Data Points

    Based on the complexity of cybersecurity, information governance, and legal discovery,...

    The Year in Review? 2021 eDiscovery Review Task, Spend, and Cost Data Points

    Based on the complexity of cybersecurity, information governance, and legal discovery,...

    A 2021 Look at eDiscovery Collection: Task, Spend, and Cost Data Points

    Based on the complexity of cybersecurity, information governance, and legal discovery,...

    Five Great Reads on Cyber, Data, and Legal Discovery for May 2022

    From eDiscovery pricing and buyers to cyberattacks and incident response, the...

    Five Great Reads on Cyber, Data, and Legal Discovery for April 2022

    From cyber attack statistics and frameworks to eDiscovery investments and providers,...

    Five Great Reads on Cyber, Data, and Legal Discovery for March 2022

    From new privacy frameworks and disinformation to business confidence and the...

    Five Great Reads on Cyber, Data, and Legal Discovery for February 2022

    From biometric recognition and artificial intelligence to data embassies and processing...

    Feeding the Frenzy? Summer 2022 eDiscovery Pricing Survey Results

    Initiated in the winter of 2019 and conducted eight times with...

    Surge or Splurge? Eighteen Observations on eDiscovery Business Confidence in the Spring of 2022

    In the spring of 2022, 63.5% of survey respondents felt that...

    Types and Shadows? Issues Impacting eDiscovery Business Performance: A Spring 2022 Overview

    In the spring of 2022, 36.5% of respondents viewed increasing types...

    The Tide is In? eDiscovery Operational Metrics in the Spring of 2022

    In the spring of 2022, 46 eDiscovery Business Confidence Survey participants...