Towards an Evaluation Framework for Threat Intelligence Sharing Platforms

Threat intelligence sharing is an important countermeasure against the increasing number of security threats to which companies and governments are exposed. Its objective is the cross-organizational exchange of information about actual and potential threats. In recent years, a heterogeneous market of threat intelligence sharing platforms (TISPs) has emerged. These platforms are inter-organizational systems that support collaborative collection, aggregation, analysis and dissemination of threat-related information. Organizations that consider using TISPs are often faced with the challenge of selecting suitable platforms. To facilitate the evaluation of threat intelligence sharing platforms, we present a framework for analyzing and comparing relevant TISPs. Our framework provides a set of 25 functional and non-functional criteria that support potential users in selecting suitable platforms. We demonstrate the applicability of our evaluation framework by assessing three platforms: MISP, OTX and ThreatQ. We describe common features and differences between the three platforms

Revisión sistemática para la construcción de una arquitectura con tecnologías emergentes IoT, técnicas de inteligencia artificial, monitoreo y almacenamiento de tráfico malicioso

This article presents a systematic review to determine the guidelines that allow the construction of an architecture based on emerging IoT technologies, artificial intelligence techniques, monitoring and storage of malicious traffic, in order to safeguard information, given that there are security flaws in IoT devices, which are intercepted by malicious systems that perform unwanted actions without the consent of the user, causing damage and theft of data, that is why three phases were established to carry out: in the first phase an exhaustive search of information was carried out in specialized databases, where they are selected and classified for the development of the guidelines, in the second phase the information collected was identified and analyzed to define an appropriate algorithm for the study, emerging technologies and key components of the cybersecurity system and finally in the third phase defined the necessary and pertinent guidelines for the struction of an architecture based on emerging technologies

Implementación de la plataforma de intercambio de información de malware para la predicción de ciberataques del departamento de ciberseguridad, Lima

La presente investigación titulada “Implementación de la plataforma de intercambio de información de malware para la predicción de ciberataques en el Departamento de Ciberseguridad de la División de Informática de la DIRTIC PNP”, la problemática se ha basado en establecer si la implementación de la plataforma de intercambio de información de malware mejora la predicción de ciberataques, continuando con el objetivo fue determinar que la implementación de la plataforma de intercambio de información de malware mejora la predicción de ciberataques. Asimismo, se planteó la metodología de la investigación aplicada, con un enfoque cuantitativo y diseño de investigación experimental. En efecto, la conclusión de la investigación se da por necesidades y requerimientos funcionales que ostentó para la predicción de ciberataques y que, con la implementación de la plataforma de intercambio de información de malware (MISP) ayudó a fortalecer los niveles de seguridad en el Departamento de Ciberseguridad

Harnessing Human Potential for Security Analytics

Humans are often considered the weakest link in cybersecurity. As a result, their potential has been continuously neglected. However, in recent years there is a contrasting development recognizing that humans can benefit the area of security analytics, especially in the case of security incidents that leave no technical traces. Therefore, the demand becomes apparent to see humans not only as a problem but also as part of the solution. In line with this shift in the perception of humans, the present dissertation pursues the research vision to evolve from a human-as-a-problem to a human-as-a-solution view in cybersecurity. A step in this direction is taken by exploring the research question of how humans can be integrated into security analytics to contribute to the improvement of the overall security posture. In addition to laying foundations in the field of security analytics, this question is approached from two directions. On the one hand, an approach in the context of the human-as-a-security-sensor paradigm is developed which harnesses the potential of security novices to detect security incidents while maintaining high data quality of human-provided information. On the other hand, contributions are made to better leverage the potential of security experts within a SOC. Besides elaborating the current state in research, a tool for determining the target state of a SOC in the form of a maturity model is developed. Based on this, the integration of security experts was improved by the innovative application of digital twins within SOCs. Accordingly, a framework is created that improves manual security analyses by simulating attacks within a digital twin. Furthermore, a cyber range was created, which offers a realistic training environment for security experts based on this digital twin