Top

Published in:

2020 | OriginalPaper | Chapter

Exploring the Value of a Cyber Threat Intelligence Function in an Organization

Authors : Anzel Berndt, Jacques Ophoff

Published in: Information Security Education. Information Security in Action

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Organizations can struggle to cope with the rapidly advancing threat landscape. A cyber threat intelligence (CTI) function broadly aims to understand how threats operate to better protect the organization from future attacks. This seems like a natural step to take in hardening security. However, CTI is understood and experienced differently across organizations. To explore the value of this function this study used a qualitative method, guided by the Socio-Technical Framework, to understand how the CTI function is interpreted by organizations in South Africa. Thematic analysis was used to provide an in-depth view of how each organization implemented its CTI function and what benefits and challenges they’ve experienced. Findings show that CTI tasks tend to be more manual and resource-intensive, but these challenges can be resolved through automation. It was noted that only larger organizations seem to have the budget and resources available to implement the CTI function, whereas smaller organizations put more reliance on tools. It was observed that skills for the CTI function can be learned on the job, but that formal education provides a good foundation. The findings illustrate the value the CTI function can provide an organization but also the challenges, thereby enabling other organizations to improve preparation before such a function is adopted.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Designing Competency Models for Cybersecurity Professionals for the Banking Sector

next chapter Automating the Communication of Cybersecurity Knowledge: Multi-case Study

Conti, M., Dargahi, T., Dehghantanha, A.: Cyber threat intelligence: challenges and opportunities. Adv. Inf. Secur. 70, 1–6 (2018)CrossRef

Bromiley, M.: Threat Intelligence: What It Is, and How to Use It Effectively. SANS Security Insights (2016)

Veerasamy, N.: Cyber Threat Intelligence Exchange - A Growing Requirement (2017)

Brown, R.: SANS Institute Information Security Reading Room: The Evolution of Cyber Threat Intelligence (CTI): 2019 SANS CTI Survey (2019)

Mbelli, T.M., Dwolatzky, B.: Cyber security, a threat to cyber banking in South Africa: an approach to network and application security. In: Proceedings - 3rd IEEE International Conference on Cyber Security and Cloud Computing, CSCloud 2016 and 2nd IEEE International Conference of Scalable and Smart Cloud, SSC 2016, pp. 1–6 (2016)

Qamar, S., Anwar, Z., Rahman, M.A., Al-Shaer, E., Chu, B.T.: Data-driven analytics for cyber-threat intelligence and information sharing. Comput. Secur. 67, 35–58 (2017)CrossRef

Knights, R., Morris, E., Security, V.C.W.: Move to intelligence. Netw. Secur. 2015, 15–18 (2015)CrossRef

Mavroeidis, V., Bromander, S.: Cyber threat intelligence model: an evaluation of taxonomies, sharing standards, and ontologies within cyber threat intelligence. In: Proceedings - 2017 European Intelligence and Security Informatics Conference, EISIC 2017, January 2017, pp. 91–98 (2017)

Mtsweni, J., Shozi, N.A., Matenche, K., Mutemwa, M.: Development of a semantic-enabled cybersecurity threat intelligence sharing model. In: Proceedings of the International Conference on Cyber Warfare and Security, pp. 244–252 (2016)

10.

Shackleford, D.: Cyber Threat Intelligence Uses, Successes and Failures: The SANS 2017 CTI Survey. SANS Institute (2017)

11.

Grisham, J., Samtani, S., Patton, M., Chen, H.: Identifying mobile malware and key threat actors in online hacker forums for proactive cyber threat intelligence. In: 2017 IEEE International Conference on Intelligence and Security Informatics: Security and Big Data, ISI 2017, pp. 13–18 (2017)

12.

Shackleford, D.: SANS Institute Information Security Reading Room: CTI in Security Operations: SANS 2018 Cyber Threat Intelligence Survey (2019)

13.

Bou-Harb, E., Lucia, W., Forti, N., Weerakkody, S., Ghani, N., Sinopoli, B.: Cyber meets control: a novel federated approach for resilient CPS leveraging real cyber threat intelligence. IEEE Commun. Mag. 55, 198–204 (2017)CrossRef

14.

Skopik, F., Settanni, G., Fiedler, R.: A problem shared is a problem halved: a survey on the dimensions of collective cyber defense through security information sharing. Comput. Secur. 60, 154–176 (2016)CrossRef

15.

Abu, M.S., Selamat, S.R., Ariffin, A., Yusof, R.: Cyber threat intelligence – issue and challenges. Ind. J. Electr. Eng. Comput. Sci. 10, 371–379 (2018)

16.

Johnson, C., Badger, L., Waltermire, D.: NIST Special Publication (SP) 800-150 Guide to Cyber Threat Information Sharing October 2016. 150 (2016)

17.

Johnson, C.S., Badger, M.L., Waltermire, D.A., Snyder, J., Skorupka, C.: Guide to Cyber Threat Information Sharing. NIST Special Publication (2016)

18.

Mutemwa, M., Mtsweni, J., Mkhonto, N.: Developing a cyber threat intelligence sharing platform for South African organisations. In: 2017 Conference on Information Communication Technology and Society, ICTAS 2017 – Proceedings, pp. 1–6 (2017)

19.

Samtani, S., Chinn, R., Chen, H., Nunamaker, J.F.: Exploring emerging hacker assets and key hackers for proactive cyber threat intelligence. J. Manage. Inf. Syst. 34, 1023–1053 (2017)CrossRef

20.

Mohaisen, A., Al-Ibrahim, O., Kamhoua, C., Kwiat, K., Njilla, L.: Rethinking information sharing for actionable threat intelligence. arXiv:1702.00548 (2017)

21.

Newhouse, W., Keith, S., Scribner, B., Witte, G.: National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, p. 144 (2017)

22.

Kerr, K.: Research Methods in Physical Education (2005)

23.

Punch, K., Oancea, A.: Introduction to Research Methods in Education. SAGE Publishing, Thousand Oaks (2014)

24.

Leitch, C.M., Hill, F.M., Harrison, R.T.: The philosophy and practice of interpretivist research in entrepreneurship. Organ. Res. Methods 13, 67–84 (2010)CrossRef

25.

Seale, C.: Quality in qualitative research. Qual. Inq. 5, 465–478 (1999)CrossRef

26.

Robinson, O.C., Robinson, O.C.: Sampling in interview-based qualitative research: a theoretical and practical guide. Qual. Res. Psychol. 11, 25–41 (2016). AbstractCrossRef

27.

Grant, C., Osanloo, A.: Understanding, selecting, and integrating a theoretical framework in dissertation research: creating the blueprint for your “house”. Adm. Issues J. Connecting Educ. Pract. Res. 4, 12–26 (2014). https://doi.org/10.5929/2014.4.2.9CrossRef

28.

Bostrom, R.P., Heinen, J.S.: MIS problems and failures: a socio-technical perspective. Part I: The causes. MIS Q. 1, 17–32 (1977). https://doi.org/10.2307/248710CrossRef

29.

Wilkinson, D., Birmingham, P.: Using Research Instruments a Guide for Researchers. Psychology Press, East Sussex (2003)

30.

Fereday, J., Muir-Cochrane, E.: Demonstrating rigor using thematic analysis: a hybrid approach of inductive and deductive coding and theme development. Int. J. Qual. Methods 5, 80–92 (2017)CrossRef

31.

Berndt, A.: Investigating the role of a cyber threat intelligence function in an organization [Unpublished manuscript]. Department of Information Systems, University of Cape Town, South Africa (2019)

Title: Exploring the Value of a Cyber Threat Intelligence Function in an Organization
Authors: Anzel Berndt
Jacques Ophoff
Publisher: Springer International Publishing
Book: Information Security Education. Information Security in Action
Print ISBN: 978-3-030-59290-5

Electronic ISBN: 978-3-030-59291-2

Copyright Year: 2020
DOI: https://doi.org/10.1007/978-3-030-59291-2_7

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner