Commit 2d8011affad0b98dec97d722158301ec67d347b0
1 parent
a21ac2b6
Finished graphs and report
Showing
3 changed files
with
258 additions
and
17 deletions
ISO27001effectiveness/DESCRIPTION
@@ -2,15 +2,16 @@ Package: ISO27001effectiveness | @@ -2,15 +2,16 @@ Package: ISO27001effectiveness | ||
2 | Type: Package | 2 | Type: Package |
3 | Title: Study about how ISO27001 certifications affect cyberattacks | 3 | Title: Study about how ISO27001 certifications affect cyberattacks |
4 | Version: 0.1.0 | 4 | Version: 0.1.0 |
5 | -Author: Who wrote it | ||
6 | -Maintainer: The package maintainer <yourself@somewhere.net> | 5 | +Author: Miguel Tuñon, Patricia Lopez, Sara Queipo, Imanol-Mikel Barba |
6 | +Maintainer: The DDS development team <none@gmail.com> | ||
7 | Description: Compare the cyberattacks reported in hackmaggedon website with data | 7 | Description: Compare the cyberattacks reported in hackmaggedon website with data |
8 | obtained from the official ISO survey to 27001. Working around countries, | 8 | obtained from the official ISO survey to 27001. Working around countries, |
9 | industrial sectors, etc. | 9 | industrial sectors, etc. |
10 | -License: What license is it under? | 10 | +License: GPLv3 |
11 | Encoding: UTF-8 | 11 | Encoding: UTF-8 |
12 | LazyData: true | 12 | LazyData: true |
13 | RoxygenNote: 5.0.1 | 13 | RoxygenNote: 5.0.1 |
14 | Imports: xlsx, | 14 | Imports: xlsx, |
15 | ggplot2, | 15 | ggplot2, |
16 | - countrycode | 16 | + countrycode, |
17 | + dplyr |
ISO27001effectiveness/R/graphs.R
1 | -#2014 | ||
2 | -qplot(x = country_short, y = X2014, data = Cert_PerCountry[Cert_PerCountry$X2014 > mean(Cert_PerCountry$X2014),]) | ||
3 | -attacks2k14 <- Attacks[Attacks$Date < "2015-01-01" & Attacks$Date >= "2014-01-01",] | ||
4 | -frameAttacks2k14 <- as.data.frame(table(attacks2k14$Country)) | ||
5 | -colnames(frameAttacks2k14) <- c("Country","Attacks") | ||
6 | -qplot(x = Country, y = Attacks, data = frameAttacks2k14[frameAttacks2k14$Attacks > mean(frameAttacks2k14$Attacks),]) | ||
7 | - | ||
8 | -#2015 | ||
9 | -qplot(x = country_short, y = X2015, data = Cert_PerCountry[Cert_PerCountry$X2015 > mean(Cert_PerCountry$X2015),]) | ||
10 | -attacks2k15 <- Attacks[Attacks$Date < "2016-01-01" & Attacks$Date >= "2015-01-01",] | ||
11 | -frameAttacks2k15 <- as.data.frame(table(attacks2k15$Country)) | ||
12 | -colnames(frameAttacks2k15) <- c("Country","Attacks") | ||
13 | -qplot(x = Country, y = Attacks, data = frameAttacks2k15[frameAttacks2k15$Attacks > mean(frameAttacks2k15$Attacks),]) | 1 | +GetGraphs <- function(Cert_PerCountry,Attacks) { |
2 | + #2012 | ||
3 | + graph1 <- qplot(main = "Countries with above average number of companies certified with ISO 27001 (2012)", | ||
4 | + x = reorder(country_short,X2012), | ||
5 | + y = X2012, | ||
6 | + xlab="Country", | ||
7 | + ylab="Number of certifications", | ||
8 | + data = Cert_PerCountry[Cert_PerCountry$X2012 > mean(Cert_PerCountry$X2012),]) | ||
9 | + attacks2k12 <- Attacks[Attacks$Date < "2013-01-01" & Attacks$Date >= "2012-01-01",] | ||
10 | + frameAttacks2k12 <- as.data.frame(table(attacks2k12$Country)) | ||
11 | + colnames(frameAttacks2k12) <- c("Country","Attacks") | ||
12 | + graph2 <- qplot(main = "Countries with above average number of cyberattacks (2012)", | ||
13 | + x = reorder(Country,Attacks), | ||
14 | + y = Attacks, | ||
15 | + xlab="Country", | ||
16 | + ylab="Number of attacks", | ||
17 | + data = frameAttacks2k12[frameAttacks2k12$Attacks > mean(frameAttacks2k12$Attacks),]) | ||
18 | + | ||
19 | + Attacks2012ByMonth <- mutate(attacks2k12, month = format(attacks2k12$Date, "%m")) %>% group_by(month) | ||
20 | + Attack2012FreqByMonth <- as.data.frame(table(Attacks2012ByMonth$month)) | ||
21 | + colnames(Attack2012FreqByMonth) <- c("Month", "Attacks") | ||
22 | + graph3 <- qplot(x= as.numeric(Month), | ||
23 | + y= Attacks, | ||
24 | + main = "Global cyberattack progression by month (2012)", | ||
25 | + data = Attack2012FreqByMonth, | ||
26 | + geom = c("point", "smooth"), | ||
27 | + xlim = c(1,12), | ||
28 | + xlab="Month") + scale_x_continuous(breaks = 1:12) | ||
29 | + | ||
30 | + #2013 | ||
31 | + graph4 <- qplot(main = "Countries with above average number of companies certified with ISO 27001 (2013)", | ||
32 | + x = reorder(country_short,X2013), | ||
33 | + y = X2013, | ||
34 | + xlab="Country", | ||
35 | + ylab="Number of certifications", | ||
36 | + data = Cert_PerCountry[Cert_PerCountry$X2013 > mean(Cert_PerCountry$X2013),]) | ||
37 | + attacks2k13 <- Attacks[Attacks$Date < "2014-01-01" & Attacks$Date >= "2013-01-01",] | ||
38 | + frameAttacks2k13 <- as.data.frame(table(attacks2k13$Country)) | ||
39 | + colnames(frameAttacks2k13) <- c("Country","Attacks") | ||
40 | + graph5 <- qplot(main = "Countries with above average number of cyberattacks (2013)", | ||
41 | + x = reorder(Country,Attacks), | ||
42 | + y = Attacks, | ||
43 | + xlab="Country", | ||
44 | + ylab="Number of attacks", | ||
45 | + data = frameAttacks2k13[frameAttacks2k13$Attacks > mean(frameAttacks2k13$Attacks),]) | ||
46 | + | ||
47 | + Attacks2013ByMonth <- mutate(attacks2k13, month = format(attacks2k13$Date, "%m")) %>% group_by(month) | ||
48 | + Attack2013FreqByMonth <- as.data.frame(table(Attacks2013ByMonth$month)) | ||
49 | + colnames(Attack2013FreqByMonth) <- c("Month", "Attacks") | ||
50 | + graph6 <- qplot(x= as.numeric(Month), | ||
51 | + y= Attacks, | ||
52 | + main = "Global cyberattack progression by month (2013)", | ||
53 | + data = Attack2013FreqByMonth, | ||
54 | + geom = c("point", "smooth"), | ||
55 | + xlim = c(1,12), | ||
56 | + xlab="Month") + scale_x_continuous(breaks = 1:12) | ||
57 | + | ||
58 | + #2014 | ||
59 | + graph7 <- qplot(main = "Countries with above average number of companies certified with ISO 27001 (2014)", | ||
60 | + x = reorder(country_short,X2014), | ||
61 | + y = X2014, | ||
62 | + xlab="Country", | ||
63 | + ylab="Number of certifications", | ||
64 | + data = Cert_PerCountry[Cert_PerCountry$X2014 > mean(Cert_PerCountry$X2014),]) | ||
65 | + attacks2k14 <- Attacks[Attacks$Date < "2015-01-01" & Attacks$Date >= "2014-01-01",] | ||
66 | + frameAttacks2k14 <- as.data.frame(table(attacks2k14$Country)) | ||
67 | + colnames(frameAttacks2k14) <- c("Country","Attacks") | ||
68 | + graph8 <- qplot(main = "Countries with above average number of cyberattacks (2014)", | ||
69 | + x = reorder(Country,Attacks), | ||
70 | + y = Attacks, | ||
71 | + xlab="Country", | ||
72 | + ylab="Number of attacks", | ||
73 | + data = frameAttacks2k14[frameAttacks2k14$Attacks > mean(frameAttacks2k14$Attacks),]) | ||
74 | + | ||
75 | + Attacks2014ByMonth <- mutate(attacks2k14, month = format(attacks2k14$Date, "%m")) %>% group_by(month) | ||
76 | + Attack2014FreqByMonth <- as.data.frame(table(Attacks2014ByMonth$month)) | ||
77 | + colnames(Attack2014FreqByMonth) <- c("Month", "Attacks") | ||
78 | + graph9 <- qplot(x= as.numeric(Month), | ||
79 | + y= Attacks, | ||
80 | + main = "Global cyberattack progression by month (2014)", | ||
81 | + data = Attack2014FreqByMonth, | ||
82 | + geom = c("point", "smooth"), | ||
83 | + xlim = c(1,12), | ||
84 | + xlab="Month") + scale_x_continuous(breaks = 1:12) | ||
85 | + | ||
86 | + #2015 | ||
87 | + graph10 <- qplot(main = "Countries with above average number of companies certified with ISO 27001 (2015)", | ||
88 | + x = reorder(country_short,X2015), | ||
89 | + y = X2015, | ||
90 | + xlab="Country", | ||
91 | + ylab="Number of certifications", | ||
92 | + data = Cert_PerCountry[Cert_PerCountry$X2015 > mean(Cert_PerCountry$X2015),]) | ||
93 | + attacks2k15 <- Attacks[Attacks$Date < "2016-01-01" & Attacks$Date >= "2015-01-01",] | ||
94 | + frameAttacks2k15 <- as.data.frame(table(attacks2k15$Country)) | ||
95 | + colnames(frameAttacks2k15) <- c("Country","Attacks") | ||
96 | + graph11 <- qplot(main = "Countries with above average number of cyberattacks (2015)", | ||
97 | + x = reorder(Country,Attacks), | ||
98 | + y = Attacks, | ||
99 | + xlab="Country", | ||
100 | + ylab="Number of attacks", | ||
101 | + data = frameAttacks2k15[frameAttacks2k15$Attacks > mean(frameAttacks2k15$Attacks),]) | ||
102 | + | ||
103 | + Attacks2015ByMonth <- mutate(attacks2k15, month = format(attacks2k15$Date, "%m")) %>% group_by(month) | ||
104 | + Attack2015FreqByMonth <- as.data.frame(table(Attacks2015ByMonth$month)) | ||
105 | + colnames(Attack2015FreqByMonth) <- c("Month", "Attacks") | ||
106 | + graph12 <- qplot(x = as.numeric(Month), | ||
107 | + y = Attacks, | ||
108 | + main = "Global cyberattack progression by month (2015)", | ||
109 | + data = Attack2015FreqByMonth, | ||
110 | + geom = c("point", "smooth"), | ||
111 | + xlim = c(1,12), | ||
112 | + xlab="Month") + scale_x_continuous(breaks = 1:12) | ||
113 | + | ||
114 | + | ||
115 | + | ||
116 | + | ||
117 | + list(graph1,graph2,graph3,graph4,graph5,graph6,graph7,graph8,graph9,graph10,graph11,graph12) | ||
118 | +} |
ISO27001effectiveness/Report.Rmd
0 → 100644
1 | +--- | ||
2 | +title: "ISO 27001 Effectiveness" | ||
3 | +output: html_document | ||
4 | +--- | ||
5 | + | ||
6 | +```{r setup, include=FALSE} | ||
7 | +knitr::opts_chunk$set(echo = TRUE) | ||
8 | +library(xlsx) | ||
9 | +library(ggplot2) | ||
10 | +library(dplyr) | ||
11 | + | ||
12 | +devtools::load_all(".") | ||
13 | +source("Main.R") | ||
14 | +graphs <- GetGraphs(Cert_PerCountry,Attacks) | ||
15 | +``` | ||
16 | + | ||
17 | +## Abstract | ||
18 | + | ||
19 | +La creciente preocupación de muchas empresas con infraestructura IT crítica frente a ciberataques ha llevado a algunas de ellas a tomar medidas de seguridad como la creación de departamentos de Seguridad de la Información, llevar a cabo auditorías de seguridad y obtener certificaciones de seguridad entre otras. | ||
20 | + | ||
21 | +El objetivo de este estudio es determinar, en la medida de lo posible, si conformar los sistemas de la empresa según la certificación ISO 27001 conlleva una merma en el número de ciberataques producidos. | ||
22 | + | ||
23 | +## Datos analizados | ||
24 | + | ||
25 | +La primera barrera a superar en este estudio es la obtención de datos directos sobre ciberataques en empresas, ya que en muchos de los ciberataques producidos no se dan a conocer los nombres de todas las empresas a las que estos afectan. No obstante, hemos optado por obtener datos más generalizados que nos permitan hacer un análisis, si bien no por empresa sino por país o sector, de la cuestión que se plantea. Desafortunadamente, esto compromete el análisis, ya que al generalizar los datos son muchos más los efectos que alteran los resultados de los datos analizados, ya que se incluye mayor cantidad de factores externos que este estudio no cubre. | ||
26 | + | ||
27 | +Los datos que se han recogido para este estudio son: | ||
28 | + | ||
29 | +* Lista de países y sectores profesionales que han obtenido certificación ISO 27001 (2007-2015) <http://www.iso.org/iso/iso_27001_iso_survey2015.xls> | ||
30 | +* Lista de ciberataques producidos (con éxito) por país, sector profesional y tipo de ataque (2012-2016) <http://www.hackmageddon.com> | ||
31 | + | ||
32 | +El análisis se realizará desde 2012 hasta 2015 | ||
33 | + | ||
34 | +## Análisis | ||
35 | +Para minimizar los factores externos, se realizan dos tipos de análisis de los datos, contrastando los dos resultados y llegando a una conclusión si los resultados son congruentes o se halla una explación que determine las incongruencias. | ||
36 | + | ||
37 | +A continuación se muestran para cada uno de los años del estudio, los países que obtuvieron de media más certificaciones y los que de media sufrieron más ataques: | ||
38 | + | ||
39 | +<!-- | ||
40 | + | ||
41 | +NOTA: Nos gustaría poner las figuras lado a lado, pero ocurría esto: | ||
42 | +> grid.arrange(graph[3],graph[6],ncol=2) | ||
43 | +Error in gList(list(list(data = list(Month = 1:12, Attacks = c(119L, 121L, : | ||
44 | + only 'grobs' allowed in "gList" | ||
45 | + | ||
46 | +:( | ||
47 | + | ||
48 | + --> | ||
49 | + | ||
50 | +### 2012 | ||
51 | +```{r echo=FALSE} | ||
52 | +graphs[1] | ||
53 | +``` | ||
54 | + | ||
55 | +```{r echo=FALSE} | ||
56 | +graphs[2] | ||
57 | +``` | ||
58 | + | ||
59 | +### 2013 | ||
60 | +```{r echo=FALSE} | ||
61 | +graphs[4] | ||
62 | +``` | ||
63 | + | ||
64 | +```{r echo=FALSE} | ||
65 | +graphs[5] | ||
66 | +``` | ||
67 | + | ||
68 | +### 2014 | ||
69 | +```{r echo=FALSE} | ||
70 | +graphs[7] | ||
71 | +``` | ||
72 | + | ||
73 | +```{r echo=FALSE} | ||
74 | +graphs[8] | ||
75 | +``` | ||
76 | + | ||
77 | +### 2015 | ||
78 | +```{r echo=FALSE} | ||
79 | +graphs[10] | ||
80 | +``` | ||
81 | + | ||
82 | +```{r echo=FALSE} | ||
83 | +graphs[11] | ||
84 | +``` | ||
85 | + | ||
86 | +De los datos mostrados se pueden hacer diferentes observaciones: | ||
87 | + | ||
88 | +* De 2014 a 2015, USA pasa de tener 654 a 1247 empresas con certificación ISO 27001, sin embargo la cifra de ciberataques se mantiene constante de 383 a 386 ataques recibidos. De 2013 a 2014 por ejemplo, pasa de recibir 505 a 383 ataques pese a sólo haber pasado de 566 a 654 empresas con dicha certificación. | ||
89 | +* Japón tiene un número inusualmente alto de empresas con la ISO 27001, no obstante sufre una cantidad de ciberataques comparativa a la de Israel, que tiene muchas menos empresas con la certificación. | ||
90 | + | ||
91 | +Ambas observaciones son de especial interés ya que ponen de relieve situaciones en las que de ser efectivo reformar los sistemas para cumplir la ISO 27001, debería poder apreciarse un efecto en la cantidad de ciberataques recibidos. En el caso de los USA, sólo podría explicarse mediante alguna de las siguientes hipótesis: | ||
92 | + | ||
93 | +* Entre 2013 y 2014 se produjo un número especialmente alto de ciberataques a USA | ||
94 | +* Se crean más empresas de las que logran certificarse, y además, sufren ataques antes de obtenerla | ||
95 | + | ||
96 | +La primera hipótesis puede ser comprobada con los datos que disponemos. A continuación se muestra una línea temporal de ciberataques globales entre los años 2012 y 2015. | ||
97 | + | ||
98 | +### 2012 | ||
99 | +```{r echo=FALSE} | ||
100 | +graphs[3] | ||
101 | +``` | ||
102 | + | ||
103 | +### 2013 | ||
104 | +```{r echo=FALSE} | ||
105 | +graphs[6] | ||
106 | +``` | ||
107 | + | ||
108 | +### 2014 | ||
109 | +```{r echo=FALSE} | ||
110 | +graphs[9] | ||
111 | +``` | ||
112 | + | ||
113 | +### 2015 | ||
114 | +```{r echo=FALSE} | ||
115 | +graphs[12] | ||
116 | +``` | ||
117 | + | ||
118 | +Observamos que se produjo lo contrario, bajó el número de ciberataques. | ||
119 | + | ||
120 | +## Conclusiones | ||
121 | +Por lo observado anteriormente, se puede concluir que: | ||
122 | + | ||
123 | +* La cantidad de ciberataques que recibe un país no se mitiga por el número de empresas que han obtenido la certificación ISO 270001 | ||
124 | + | ||
125 | +Esto lleva a concluir que obtener la certificación ISO 27001 no es efectiva para reducir el número de ciberataques, sino que probablemente dependa de factores externos ajenos a este estudio | ||
126 | + | ||
127 | +## Trabajo futuro | ||
128 | +Como trabajo futuro querríamos poder seguir en la línea de investigación acerca de los siguientes puntos: | ||
129 | + | ||
130 | +* ¿Qué factores producen un aumento o recesión en la cantidad de ciberataques recibidos? | ||
131 | +* ¿Qué sectores industriales reciben más ciberataques? | ||
132 | +* ¿Cuáles de esos sectores son los que más certificaciones obtienen? | ||
133 | + | ||
134 | +Creemos que la investigación de estas cuestiones puede dar más robustez a las conclusiones expuestas en este estudio. | ||
135 | + |