Your Data Zen starts here.

Semantic Analysis of Knowledge Management

The ability to asses the knowledge and the training management process and content in its complexity comes very handy.

By creation of a training map, one can reveal whole new vulnerability surface either to defend or to attack.

For the research purpose, I have created sample data set.

It is composed first only from a static data: Content of the training and assignment matrix.

Then I have added the dynamic part: Actual people getting trained in time.

Model was built on my experience from academic environment, research institution, the two global pharma companies and two global consulting companies.


Below is an overall map of subject of this study:

From malicious point of view:

  • Ability to spear phishing increases with knowledge of skill set of the target.
  • Sending spoofed training content with malicious payloads only to interested parties help avoids detection.
  • Certain strings might be worth to save into the word list for later use.
  • Training content might include procedures, (IP) addresses, (network) maps, sensitive contact information.
  • Semantic map of knowledge management can point to areas not covered by training.
  • Training content might be valuable itself and thus become the attractive to malicious hackers.

Picture below shows the map of the classes, visualized as equal.

For the good point of view:

  • Trained personnel is less prone to social engineering both at work and also at home. It is crucial with home office and BYOD trends.
  • Mature training process is remark of overall maturity in the company.
  • Semantic map of the training can help with proper training assignment and tracking, regular update of the content, etc.
  • Compliance with more and more standards require proper addressing of training needs on time including compliant training tracking. Which is part of all Quality Management processes and standards.

Detailed view on “raw data”:

So far I took into the consideration only static part of the process: The content.

Below is increased complexity showed in couple of pictures as dynamic part was included: The people. I have created generalized set of fictive employees and their training records.

First basic classification by “technically oriented” and “others”.

Next I have added more sample categories of job descriptions to show the patterns in data. Each dot is one fictive employee.

Colors were added to show better the classification by “jobs”.

At the end, reverted picture:

Next Post

Previous Post

© 2020 4n6strider

Theme by Anders Norén