Слушам 2 часа неква докторантура за оценка на риска при споделяне на Cyber Threat Intelligence и не зацепвам "какво е добавил докторантът".
Engagement Manager-a на Digitall ми беше казал, че на научни изследвания им чете само "заключенията"...
Conclusion
Sharing cyber threat intelligence may help organisations to better protect themselves
against future cyber attacks. However, disclosing of organisation's threat
information may increase the risks for the organisation. This process entails risks
in various aspects, such as privacy, technical, legal, business, reputation, and organisational
aspects. These risks can be evaluated and assessed by providing the
right risk model. Cyber threat intelligence enables organisations to continuously
monitor and support their business and strategic goals by providing insights regarding
existing threat actors and perpetrators trying to target their business.
However, sharing such information should be evaluated and assessed to enhance
and stimulate cyber threat intelligence sharing, while mitigating the potential adverse
effects. Besides, sharing cyber threat intelligence among industry members
and governments poses a legal challenge. Thus, it is necessary to provide a model
that can help organisations to share cyber threat intelligence and stay compliant
with the law.
This chapter presents a thorough discussion of the conclusions of our research, restates
the contribution, and identifies issues and opportunities for future research.
6.1 Revisiting the Contribution
The research described in this thesis is novel in that it combines and extends
concepts found in risk identification, risk assessment and legal aspects, with the
context of cyber threat intelligence within the operations of critical infrastructures.
1. It provides a comprehensive analysis of a cyber incident model to identify
the cybersecurity and privacy related threats of disclosing sensitive data
and identifying information. It turns out that disclosing cyber incident
information consists of risks of disclosing personal information, business information,
financial information, and cybersecurity information. The thesis
has extended CNIL privacy risk management to cover cybersecurity risks
in addition to the privacy risks. Based on this, we calculated the severity
of the identified threats associated with each property in both privacy
and cybersecurity dimensions. Finally, using these results, this thesis has
included a guideline to assist cyber threat intelligence managers to use the
STIX incident model while mitigating the risks of sharing (objective 1).
2. This research provides a means to apply risk assessment to the cyber threat
intelligence sharing process.
It presents a methodology
for
evaluating the risks of sharing threat intelligence based on quantitive assessments
of the
properties in the dataset before sharing.
It extends the first contribution, so
that after it identifies the potential threats associated with sharing a CTI
dataset and
compute the severity for each property
, it
proposes an estimation of the likelihood of the threats in case of property disclosure.
Finally, it
computes the total risk score of sharing a CTI dataset.
Based on the risk value,
the
organisations can select appropriate privacy-preserving techniques to mitigate sharing risk.
During the creation of the risk model,
the methodology was tested on an open-source dataset and multiple use cases.
Then, it empirically evaluated the risk model by using experts' opinion.
Three teams of 24 cybersecurity and privacy experts
in total
evaluated three different use cases.
The results indicate that the experts' selection broadly matches the outcomes produced using our model
(objective 2 and objective 4).
...
{още 5-10 страници алабализми}