Cyber Threat Intelligence Framework for Incident Response in an Energy Cloud Platform

Gong, Seonghyeon; Lee, Chang‐Hoon

doi:10.3390/electronics10030239

Cited by 15 publications

(5 citation statements)

References 28 publications

(31 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Gong and Lee [ 17 ] proposed a framework intended to assist enterprises in real-time detection, analysis, and response to cyber threats and reduce the effect of cyber-attacks on business operations. The framework was comprised of four stages: threat intelligence collection, threat analysis and triage, incident response planning, and execution.…”

Section: Resultsmentioning

confidence: 99%

“…Additionally, the study highlights the need for organizations to balance the benefits of sharing intelligence with the risks of sharing sensitive information with third parties. Finally, the fast speed of technological progress and the changing character of cyber threats mean that organizations must continually adapt and update their CTI strategies to stay ahead of the threats [ 17 ].…”

Section: Resultsmentioning

confidence: 99%

See 1 more Smart Citation

A Systematic Literature Review on Cyber Threat Intelligence for Organizational Cybersecurity Resilience

Saeed,

Suayyid,

Al-Ghamdi

et al. 2023

Sensors

View full text Add to dashboard Cite

Cybersecurity is a significant concern for businesses worldwide, as cybercriminals target business data and system resources. Cyber threat intelligence (CTI) enhances organizational cybersecurity resilience by obtaining, processing, evaluating, and disseminating information about potential risks and opportunities inside the cyber domain. This research investigates how companies can employ CTI to improve their precautionary measures against security breaches. The study follows a systematic review methodology, including selecting primary studies based on specific criteria and quality valuation of the selected papers. As a result, a comprehensive framework is proposed for implementing CTI in organizations. The proposed framework is comprised of a knowledge base, detection models, and visualization dashboards. The detection model layer consists of behavior-based, signature-based, and anomaly-based detection. In contrast, the knowledge base layer contains information resources on possible threats, vulnerabilities, and dangers to key assets. The visualization dashboard layer provides an overview of key metrics related to cyber threats, such as an organizational risk meter, the number of attacks detected, types of attacks, and their severity level. This relevant systematic study also provides insight for future studies, such as how organizations can tailor their approach to their needs and resources to facilitate more effective collaboration between stakeholders while navigating legal/regulatory constraints related to information sharing.

show abstract

Section: Resultsmentioning

confidence: 99%

Section: Resultsmentioning

confidence: 99%

A Systematic Literature Review on Cyber Threat Intelligence for Organizational Cybersecurity Resilience

Saeed,

Suayyid,

Al-Ghamdi

et al. 2023

Sensors

View full text Add to dashboard Cite

show abstract

“…The application of data mining and machine-learning techniques to improve cybercrime detection skills has been the subject of several pieces of research. Gong and Lee [38] suggested a framework for real-time cyber threat detection, analysis, and response to enhance cybersecurity posture. They emphasized the need to shorten detection times.…”

Section: Conceptsmentioning

confidence: 99%

Insights into Cybercrime Detection and Response: A Review of Time Factor

Taherdoost

2024

Information

View full text Add to dashboard Cite

Amidst an unprecedented period of technological progress, incorporating digital platforms into diverse domains of existence has become indispensable, fundamentally altering the operational processes of governments, businesses, and individuals. Nevertheless, the swift process of digitization has concurrently led to the emergence of cybercrime, which takes advantage of weaknesses in interconnected systems. The growing dependence of society on digital communication, commerce, and information sharing has led to the exploitation of these platforms by malicious actors for hacking, identity theft, ransomware, and phishing attacks. With the growing dependence of organizations, businesses, and individuals on digital platforms for information exchange, commerce, and communication, malicious actors have identified the susceptibilities present in these systems and have begun to exploit them. This study examines 28 research papers focusing on intrusion detection systems (IDS), and phishing detection in particular, and how quickly responses and detections in cybersecurity may be made. We investigate various approaches and quantitative measurements to comprehend the link between reaction time and detection time and emphasize the necessity of minimizing both for improved cybersecurity. The research focuses on reducing detection and reaction times, especially for phishing attempts, to improve cybersecurity. In smart grids and automobile control networks, faster attack detection is important, and machine learning can help. It also stresses the necessity to improve protocols to address increasing cyber risks while maintaining scalability, interoperability, and resilience. Although machine-learning-based techniques have the potential for detection precision and reaction speed, obstacles still need to be addressed to attain real-time capabilities and adjust to constantly changing threats. To create effective defensive mechanisms against cyberattacks, future research topics include investigating innovative methodologies, integrating real-time threat intelligence, and encouraging collaboration.

show abstract

“…Even by applying a standard password policy that forces complex passwords, the company would increase the security budget due to extra costs induced from password creation and storage [48]. As stated in [49], correct modeling of the behavior of attackers and general users and proper calculation of the cost associated with the behavior of each entity could result in costefficient security policies.…”

Section: Challenges and Future Directionsmentioning

confidence: 99%

Healthcare Security Incident Response Strategy - A Proactive Incident Response (IR) Procedure

Μαγλαράς

Aliyu

et al. 2022

Security and Communication Networks

View full text Add to dashboard Cite

The healthcare information system (HIS) has become a victim of cyberattacks. Traditional ways to handle cyber incidents in healthcare organizations follow a predefined incident response (IR) procedure. However, this procedure is usually reactive, missing the opportunities to foresee danger on the horizon. Cyber threat intelligence (CTI) contains information on emerging attacks and should be ideally utilized to inform the IR procedure. However, current research shows that the IR has not been effectively informed by CTI, especially in healthcare organizations. This paper fills in this gap by proposing a proactive IR response procedure based on the National Institute of Standards and Technology (NIST) IR methodology. This paper then presents the NHS WannaCry case study to demonstrate the use of the proposed IR methodology. We collate cyber security advisories from different CTI sources such as US/UK CERT to protect interconnected systems and devices from Ransomware attacks. This research provides novel insights into the IR in healthcare through embedding CTI advisories into IR processes and concludes that our proposed IR procedure can be used to counteract WannaCry Ransomware using CTI advisories. It has the significance of transforming the way of IR from reactive to proactive using the CTI in healthcare.

show abstract

Cyber Threat Intelligence Framework for Incident Response in an Energy Cloud Platform

Cited by 15 publications

References 28 publications

A Systematic Literature Review on Cyber Threat Intelligence for Organizational Cybersecurity Resilience

A Systematic Literature Review on Cyber Threat Intelligence for Organizational Cybersecurity Resilience

Insights into Cybercrime Detection and Response: A Review of Time Factor

Healthcare Security Incident Response Strategy - A Proactive Incident Response (IR) Procedure

Contact Info

Product

Resources

About