There is an increased recognition of the importance of information sharing within cyber security. Nevertheless, and despite the widespread use of the term "information sharing", it is difficult to associate a precise meaning with it -not least because it is used to describe a range of different activities that are driven by a variety of goals. Furthermore, when it comes to distinguishing between the various forms of information-sharing efforts, there is evidence of a degree of inconsistency between stakeholders. In this paper we seek to understand the various definitions of cyber security information sharing; we also seek to develop a better categorisation of its different forms. In addition, we try to assess the extent to which practitioners are willing to engage in each of the derived categories. A literature review, combined with an online survey, were used to capture stakeholders' perspectives. We analyse the data with a view to establishing a more nuanced conceptualisation of information sharing. The hope is that our findings will have the potential to serve as a basis for future studies.
Once concentrated on protecting critical infrastructure, cyber security information sharing efforts have evolved in recent years to now include many industries and have resulted in the current complex constellation of situational awareness sharing efforts on various levels. They have also yielded a plethora of cyber threat intelligence sharing technologies. Yet, despite the proliferation of these efforts and technologies, the literature measuring the value and the impact of cyber security information sharing remains limited. We aim to address the lack of empirical studies by using a triangulated mixed-methods research design to explore stakeholder attitudes towards cyber security information sharing benefits and risks, and to investigate the impact of this sharing on the productivity and performance of cyber security analysts.
As the adoption and diversity of cyber threat intelligence solutions continue to grow, questions about their effectiveness, particularly in regards to the quality of the data they provide, remain unanswered. Several studies have highlighted data quality issues as one of the most common barriers to effective threat intelligence sharing. Nevertheless, research and practice lack a common understanding of the expected quality of threat intelligence. To investigate these issues, our research utilised a systematic literature review followed by a modified Delphi study that involved 30 threat intelligence experts in Europe. We identify a set of threat intelligence quality dimensions along with revised definitions for threat data, information and intelligence.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.