Conversations on a probable future: interview with Beatrice Fazi

No description supplie

Using Knowledge Management to Leverage Fusion Centers to Assess Regional Threats

Data fusion centers have been around since the 9/11 terrorist attacks but have been shackled with an underperforming label. Products from fusion centers often do not support the mission of the organizations supporting the centers. This paper proposes using Structure Analytic Technique exercises coupled with applying knowledge management tools and concepts to improve knowledge flow and the relevance and quality of the intelligence products produced

How Good is Your Data? Investigating the Quality of Data Generated During Security Incident Response Investigations

An increasing number of cybersecurity incidents prompts organizations to explore alternative security solutions, such as threat intelligence programs. For such programs to succeed, data needs to be collected, validated, and recorded in relevant datastores. One potential source supplying these datastores is an organization’s security incident response team. However, researchers have argued that these teams focus more on eradication and recovery and less on providing feedback to enhance organizational security. This prompts the idea that data collected during security incident investigations may be of insufficient quality for threat intelligence analysis. While previous discussions focus on data quality issues from threat intelligence sharing perspectives, minimal research examines the data generated during incident response investigations. This paper presents the results of a case study identifying data quality challenges in a Fortune 500 organization’s incident response team. Furthermore, the paper provides the foundation for future research regarding data quality concerns in security incident response

Exploring the value of a cyber threat intelligence function in an organization

Organizations can struggle to cope with the rapidly advancing threat landscape. A cyber threat intelligence (CTI) function broadly aims to understand how threats operate to better protect the organization from future attacks. This seems like a natural step to take in hardening security. However, CTI is understood and experienced differently across organizations. To explore the value of this function this study used a qualitative method, guided by the Socio-Technical Framework, to understand how the CTI function is interpreted by organizations in South Africa. Thematic analysis was used to provide an in-depth view of how each organization implemented its CTI function and what benefits and challenges they’ve experienced. Findings show that CTI tasks tend to be more manual and resource-intensive, but these challenges can be resolved through automation. It was noted that only larger organizations seem to have the budget and resources available to implement the CTI function, whereas smaller organizations put more reliance on tools. It was observed that skills for the CTI function can be learned on the job, but that formal education provides a good foundation. The findings illustrate the value the CTI function can provide an organization but also the challenges, thereby enabling other organizations to improve preparation before such a function is adopted

THE EAR OF DIONYSUS: RETHINKING FOREIGN INTELLIGENCE SURVEILLANCE

As the 110th Congress begins to flex its atrophied oversight muscle, it bears remembering that, in the ongoing debate over who should have the authority to authorize and oversee foreign intelligence surveillance programs, someone must, and the existing mechanisms, in particular, the Foreign Intelligence Surveillance Act of 1978 ( FISA\u27) and its related procedures, are no longer adequate and must be updated. The FISA simply did not anticipate the nature of the current threat to national security from transnational terrorism, nor did it anticipate the development of global communication networks or advanced technical methods for intelligence gathering

Cyber threat intelligence sharing: Survey and research directions

Cyber Threat Intelligence (CTI) sharing has become a novel weapon in the arsenal of cyber defenders to proactively mitigate increasing cyber attacks. Automating the process of CTI sharing, and even the basic consumption, has raised new challenges for researchers and practitioners. This extensive literature survey explores the current state-of-the-art and approaches different problem areas of interest pertaining to the larger field of sharing cyber threat intelligence. The motivation for this research stems from the recent emergence of sharing cyber threat intelligence and the involved challenges of automating its processes. This work comprises a considerable amount of articles from academic and gray literature, and focuses on technical and non-technical challenges. Moreover, the findings reveal which topics were widely discussed, and hence considered relevant by the authors and cyber threat intelligence sharing communities

Exploring Incentives and Challenges for Cybersecurity Intelligence Sharing (CIS) across Organizations: A Systematic Review

Cybersecurity intelligence sharing (CIS) has gained significance as an organizational function to protect critical information assets, manage cybersecurity risks, and improve cybersecurity operations. However, few studies have synthesized accumulated scholarly knowledge on CIS practices across disciplines. Synthesizing the pertinent literature through a structured literature review, we investigated the incentives and challenges that influence organizations around adopting CIS practices. We used the overarching TOE framework to categorize these factors and propose a theoretical framework to establish common ground for future studies. We also developed a holistic and inclusive definition for cybersecurity intelligence that we present in the paper. We found 46 papers on CIS in different disciplines and analyzed them to answer our research questions. We identified 35 factors that we classified according to the TOE framework. With this paper, we facilitate further theory development by overviewing theories that researchers can use as a basis for CIS studies, suggesting future directions, providing a reference source, and developing a reference CIS framework for IS scholars

Towards an Evaluation Framework for Threat Intelligence Sharing Platforms

Threat intelligence sharing is an important countermeasure against the increasing number of security threats to which companies and governments are exposed. Its objective is the cross-organizational exchange of information about actual and potential threats. In recent years, a heterogeneous market of threat intelligence sharing platforms (TISPs) has emerged. These platforms are inter-organizational systems that support collaborative collection, aggregation, analysis and dissemination of threat-related information. Organizations that consider using TISPs are often faced with the challenge of selecting suitable platforms. To facilitate the evaluation of threat intelligence sharing platforms, we present a framework for analyzing and comparing relevant TISPs. Our framework provides a set of 25 functional and non-functional criteria that support potential users in selecting suitable platforms. We demonstrate the applicability of our evaluation framework by assessing three platforms: MISP, OTX and ThreatQ. We describe common features and differences between the three platforms