scispace - formally typeset

Journal ArticleDOI

A Problem Shared is a Problem Halved: A Survey on the Dimensions of Collective Cyber Defense Through Security Information Sharing

01 Jul 2016-Computers & Security (Elsevier Advanced Technology)-Vol. 60, Iss: 60, pp 154-176

TL;DR: A structured overview about the dimensions of cyber security information sharing is provided, motivated in more detail and work out the requirements for an information sharing system, and a critical review of the state of the art is reviewed.
Abstract: The Internet threat landscape is fundamentally changing. A major shift away from hobby hacking toward well-organized cyber crime can be observed. These attacks are typically carried out for commercial reasons in a sophisticated and targeted manner, and specifically in a way to circumvent common security measures. Additionally, networks have grown to a scale and complexity, and have reached a degree of interconnectedness, that their protection can often only be guaranteed and financed as shared efforts. Consequently, new paradigms are required for detecting contemporary attacks and mitigating their effects. Today, many attack detection tasks are performed within individual organizations, and there is little cross-organizational information sharing. However, information sharing is a crucial step to acquiring a thorough understanding of large-scale cyber-attack situations, and is therefore seen as one of the key concepts to protect future networks. Discovering covert cyber attacks and new malware, issuing early warnings, advice about how to secure networks, and selectively distribute threat intelligence data are just some of the many use cases. In this survey article we provide a structured overview about the dimensions of cyber security information sharing. First, we motivate the need in more detail and work out the requirements for an information sharing system. Second, we highlight legal aspects and efforts from standardization bodies such as ISO and the National Institute of Standards and Technology (NIST). Third, we survey implementations in terms of both organizational and technological matters. In this regard, we study the structures of Computer Emergency Response Teams (CERTs) and Computer Security Incident Response Teams (CSIRTs), and evaluate what we could learn from them in terms of applied processes, available protocols and implemented tools. We conclude with a critical review of the state of the art and highlight important considerations when building effective security information sharing platforms for the future.
Topics: Information sharing (60%), The Internet (52%), Covert (50%), Hacker (50%), Business intelligence (50%)
Citations
More filters

Journal ArticleDOI
TL;DR: It is shown in this paper why having a standardized representation of threat information can improve the quality of TTI, thus providing better automated analytics solutions on large volumes of T TI which are often non-uniform and redundant.
Abstract: Today's cyber attacks require a new line of security defenses. The static approach of traditional security based on heuristic and signature does not match the dynamic nature of new generation of threats that are known to be evasive, resilient and complex. Organizations need to gather and share real-time cyber threat information and to transform it to threat intelligence in order to prevent attacks or at least execute timely disaster recovery. Threat Intelligence (TI) means evidence-based knowledge representing threats that can inform decisions. There is a general awareness for the need of threat intelligence while vendors today are rushing to provide a diverse array of threat intelligence products, specifically focusing on Technical Threat Intelligence (TTI). Although threat intelligence is being increasingly adopted, there is little consensus on what it actually is, or how to use it. Without any real understanding of this need, organizations risk investing large amounts of time and money without solving existing security problems. Our paper aims to classify and make distinction among existing threat intelligence types. We focus particularly on the TTI issues, emerging researches, trends and standards. Our paper also explains why there is a reluctance among organizations to share threat intelligence. We provide sharing strategies based on trust and anonymity, so participating organizations can do away with the risks of business leak. We also show in this paper why having a standardized representation of threat information can improve the quality of TTI, thus providing better automated analytics solutions on large volumes of TTI which are often non-uniform and redundant. Finally, we evaluate most popular open source/free threat intelligence tools, and compare their features with those of a new AlliaCERT TI tool.

135 citations


Proceedings ArticleDOI
24 Oct 2016-
TL;DR: The aim of MISP is to help in setting up preventive actions and counter-measures used against targeted attacks, and to Enable detection via collaborative-knowledge-sharing about existing malware and other threats.
Abstract: The IT community is confronted with incidents of all kinds and nature, new threats appear on a daily basis. Fighting these security incidents individually is almost impossible. Sharing information about threats among the community has become a key element in incident response to stay on top of the attackers. Reliable information resources, providing credible information, are therefore essential to the IT community, or even at broader scale, to intelligence communities or fraud detection groups. This paper presents the Malware Information Sharing Platform (MISP) and threat sharing project, a trusted platform, that allows the collection and sharing of important indicators of compromise (IoC) of targeted attacks, but also threat information like vulnerabilities or financial indicators used in fraud cases. The aim of MISP is to help in setting up preventive actions and counter-measures used against targeted attacks. Enable detection via collaborative-knowledge-sharing about existing malware and other threats.

111 citations


Cites background from "A Problem Shared is a Problem Halve..."

  • ...In [18], a survey on the implementation and organization of information sharing platforms was realized to discuss the overall dimension of information sharing....

    [...]


Journal ArticleDOI
TL;DR: The index assesses the spatial, ecological and financial contributions of 152 nations towards conservation of the world’s terrestrial megafauna to emphasise the need for measuring conservation performance, help nations identify how best they could improve their efforts, and present a starting point for the development of more robust and inclusive measures.
Abstract: Surprisingly little attention has been paid to variation among countries in contributions to conservation. As a first step, we developed a Megafauna Conservation Index (MCI) that assesses the spatial, ecological and financial contributions of 152 nations towards conservation of the world’s terrestrial megafauna. We chose megafauna because they are particularly valuable in economic, ecological and societal terms, and are challenging and expensive to conserve. We categorised these 152 countries as being above- or below-average performers based on whether their contribution to megafauna conservation was higher or lower than the global mean; ‘major’ performers or underperformers were those whose contribution exceeded 1 SD over or under the mean, respectively. Ninety percent of countries in North/Central America and 70% of countries in Africa were classified as major or above-average performers, while approximately one-quarter of countries in Asia (25%) and Europe (21%) were identified as major underperformers. We present our index to emphasise the need for measuring conservation performance, to help nations identify how best they could improve their efforts, and to present a starting point for the development of more robust and inclusive measures (noting how the IUCN Red List evolved over time). Our analysis points to three approaches that countries could adopt to improve their contribution to global megafauna conservation, depending on their circumstances: (1) upgrading or expanding their domestic protected area networks, with a particular emphasis on conserving large carnivore and herbivore habitat, (2) increase funding for conservation at home or abroad, or (3) ‘rewilding’ their landscapes. Once revised and perfected, we recommend publishing regular conservation rankings in the popular media to recognise major-performers, foster healthy pride and competition among nations, and identify ways for governments to improve their performance.

45 citations


Cites background from "A Problem Shared is a Problem Halve..."

  • ...Finally, megafauna tend to require large areas for their conservation and so are likely to act as umbrella species whereby their conservation will indirectly benefit a suite of other species (Macdonald et al., 2012)....

    [...]

  • ...areas for their conservation and so are likely to act as umbrella species whereby their 99 conservation will indirectly benefit a suite of other species (Macdonald et al., 2012)....

    [...]


Journal ArticleDOI
TL;DR: This paper outlines the main elements and relevant technologies for a multi-layer framework that create the necessary knowledge and awareness in relation to network threats over large and heterogeneous computing and networking environments.
Abstract: The growing interest in fog and edge computing is gradually but inexorably outlining new architectural and usage models, distinguished by geographical dispersion and device heterogeneity. Unfortunately, the evolution of cyber-security paradigms has not gone with the same pace, leading to a substantial difficulty in protecting the new forms of distributed and heterogeneous systems against cyber-threats. In this paper, we focus on situational awareness for network threats. We briefly review the main limitations of current cyber-security paradigms with respect to emerging fog/edge architectures, and we discuss how current challenges and emerging trends are pushing from vertical security frameworks to horizontal and distributed architectures. In this respect, we outline the main elements and relevant technologies for a multi-layer framework that create the necessary knowledge and awareness in relation to network threats over large and heterogeneous computing and networking environments.

35 citations


Journal ArticleDOI
Giuseppe Settanni1, Florian Skopik1, Yegor Shovgenya1, Roman Fiedler1  +10 moreInstitutions (2)
01 Jun 2017-
TL;DR: This paper proposes a system architecture for a National SOC, defining the functional components and interfaces it comprises, and describes the functionalities provided by the different system components to support SOC operators in performing incident management tasks.
Abstract: Today's Industrial Control Systems (ICSs) operating in critical infrastructures (CIs) are becoming increasingly complex; moreover, they are extensively interconnected with corporate information systems for cost-efficient monitoring, management and maintenance. This exposes ICSs to modern advanced cyber threats. Existing security solutions try to prevent, detect, and react to cyber threats by employing security measures that typically do not cross the organization's boundaries. However, novel targeted multi-stage attacks such as Advanced Persistent Threats (APTs) take advantage of the interdependency between organizations. By exploiting vulnerabilities of various systems, APT campaigns intrude several organizations using them as stepping stones to reach the target infrastructure. A coordinated effort to timely reveal such attacks, and promptly deploy mitigation measures is therefore required. Organizations need to cooperatively exchange security-relevant information to obtain a broader knowledge on the current cyber threat landscape and subsequently obtain new insight into their infrastructures and timely react if necessary. Cyber security operation centers (SOCs), as proposed by the European NIS directive, are being established worldwide to achieve this goal. CI providers are asked to report to the responsible SOCs about security issues revealed in their networks. National SOCs correlate all the gathered data, analyze it and eventually provide support and mitigation strategies to the affiliated organizations. Although many of these tasks can be automated, human involvement is still necessary to enable SOCs to adequately take decisions on occurring incidents and quickly implement counteractions. In this paper we present a collaborative approach to cyber incident information management for gaining situational awareness on interconnected European CIs. We provide a scenario and an illustrative use-case for our approach; we propose a system architecture for a National SOC, defining the functional components and interfaces it comprises. We further describe the functionalities provided by the different system components to support SOC operators in performing incident management tasks.

34 citations


Cites methods from "A Problem Shared is a Problem Halve..."

  • ...In our work (Skopik et al., 2016) we support this thesis and we outline the main dimensions of cyber security information sharing....

    [...]


References
More filters

Journal ArticleDOI
01 May 2011-
TL;DR: Last year marked a turning point in the history of cybersecurity-the arrival of the first cyber warfare weapon ever, known as Stuxnet, which followed a completely new approach that's no longer aligned with confidentiality, integrity, and availability thinking.
Abstract: Last year marked a turning point in the history of cybersecurity-the arrival of the first cyber warfare weapon ever, known as Stuxnet Not only was Stuxnet much more complex than any other piece of malware seen before, it also followed a completely new approach that's no longer aligned with conven tional confidentiality, integrity, and availability thinking Con trary to initial belief, Stuxnet wasn't about industrial espionage: it didn't steal, manipulate, or erase information Rather, Stuxnet's goal was to physically destroy a military target-not just meta phorically, but literally Let's see how this was done

1,230 citations


Proceedings ArticleDOI
Sachchidanand Singh1, Nirmala Singh2Institutions (2)
31 Dec 2012-
TL;DR: This analysis illustrates that the Big Data analytics is a fast-growing, influential practice and a key enabler for the social business and is critical for success in the age of social media.
Abstract: In this paper, we explain the concept, characteristics & need of Big Data & different offerings available in the market to explore unstructured large data. This paper covers Big Data adoption trends, entry & exit criteria for the vendor and product selection, best practices, customer success story, benefits of Big Data analytics, summary and conclusion. Our analysis illustrates that the Big Data analytics is a fast-growing, influential practice and a key enabler for the social business. The insights gained from the user generated online contents and collaboration with customers is critical for success in the age of social media.

804 citations


Proceedings ArticleDOI
09 Jun 2003-
TL;DR: This work formalizes the notion of minimal information sharing across private databases, and develops protocols for intersection, equijoin, intersection size, and Equijoin size.
Abstract: Literature on information integration across databases tacitly assumes that the data in each database can be revealed to the other databases. However, there is an increasing need for sharing information across autonomous entities in such a way that no information apart from the answer to the query is revealed. We formalize the notion of minimal information sharing across private databases, and develop protocols for intersection, equijoin, intersection size, and equijoin size. We also show how new applications can be built using the proposed protocols.

683 citations


"A Problem Shared is a Problem Halve..." refers background in this paper

  • ...Usually there is a crucial economic tradeoff to be considered between economic benefit of sharing (Agrawal et al., 2003; Skopik and Li, 2013) and potential disadvantages, such as harm of reputation and commitment of costly resources....

    [...]


Journal ArticleDOI
TL;DR: This work conducted interviews in 20 organizations to identify ways in which interpersonal trust in a knowledge-sharing context develops and summarize behaviors and practices for managers interested in promoting trust (and thereby knowledge creation and sharing) within their own organizations.
Abstract: Executive Overview In many organizations, informal networks are the primary means by which employees find information, solve complex problems, and learn how to do their work. Two forms of interpersonal trust—trust in a person's competence and in a person's benevolence—enable effective knowledge creation and sharing in these networks. Yet, though conceptually appealing, trust is an elusive concept that is often difficult for managers to influence. We conducted interviews in 20 organizations to identify ways in which interpersonal trust in a knowledge-sharing context develops. Based on this work, we summarize behaviors (e.g., discretion, consistency, collaboration) and practices (e.g., building shared vision, ensuring transparency in decision-making, holding people accountable for trust) for managers interested in promoting trust (and thereby knowledge creation and sharing) within their own organizations.

652 citations


Book
01 Jan 2003-
Abstract: Part 1: Establishing the Foundation: Shared Understanding, Integration, & Trust.Introduction: Establishing the Foundation: Shared Understanding, Integration, & Trust (Susan G. Cohen and Cristina B. Gibson).Chapter 1: In the Beginning: Introduction and Framework (Susan G. Cohen and Cristina B. Gibson).Chapter 2: Knowledge Sharing And Shared Understanding In Virtual Teams (Pamela Hinds and Suzanne Weisband).Chapter 3: Managing The Global New Product Development Network: A Sensemaking Perspective (Susan Albers Mohrman, Janice A. Klein, and David Finegold).Chapter 4: Building Trust: Effective Multi-Cultural Communication Processes in Virtual Teams (Cristina B. Gibson and Jennifer A. Manuel).Summary: Establishing the Foundation (Susan G. Cohen and Cristina B. Gibson).Part 2: The Raw Materials: People and Context.Introduction: The Raw Materials: People and Context (Cristina B. Gibson and Susan G. Cohen).Chapter 5: Building a Winning Virtual Team: KSAs, Selection, Training, and Evaluation (Richard Blackburn, Stacie Furst, and Benson Rosen).Chapter 6: Pay Systems for Virtual Teams (Edward E. Lawler III).Chapter 7: Meeting the Performance Challenge: Calculating ROI for Virtual Teams (Alec R. Levenson and Susan G. Cohen).Summary: The Raw Materials (Cristina B. Gibson and Susan G. Cohen).Part 3: Constructing the Design: Leadership, Knowledge Management and Information Sharing.Introduction: Constructing the Design: Leadership, Knowledge Management and Information Sharing (Susan G. Cohen and Cristina B. Gibson).Chapter 8: Exploring Emerging Leadership in Virtual Teams (Kristi Lewis Tyran, Craig K. Tyran, and Morgan Shepherd).Chapter 9: Designing the Knowledge-Management Infrastructure for Virtual Teams: Building and Using Social Networks and Social Capital (Martha L. Maznevski and Nicholas A. Athanassiou).Chapter 10: Overcoming Barriers to Information Sharing in Virtual Teams (Catherine Durnell Cramton and Kara L. Orvis).Summary: Constructing the Design (Susan G. Cohen and Cristina B. Gibson).Part 4: Wiring that Connects: Implementing Information Technology.Introduction: Wiring that Connects: Implementing Information Technology (Susan G. Cohen and Cristina B. Gibson).Chapter 11: Context, Task and the Evolution of Technology Use in Global Virtual Teams (Kenneth Riopelle, Julia Gluesing, Tara Alcordo, Marietta Baba, David Britt, Willie McKether, Leslie Monplaisir, Hilary Ratner, and Kimberly Harris Wagner).Chapter 12: Technology Alignment and Adaptation for Virtual Teams Involved in Unstructured Knowledge Work (Nelson King and Ann Majchrzak).Chapter 13: Team or Community of Practice Aligning Tasks, Structures and Technologies (Arjan Raven).Summary: Wiring that Connects (Susan G. Cohen and Cristina B. Gibson).Part 5: It's All About Action: Processes and Development.Introduction: It's All About Action: Processes and Development (Cristina B. Gibson and Susan G. Cohen).Chapter 14: Influence and Political Processes in Virtual Teams (Efrat Elron and Eran Vigoda).Chapter 15: Conflict and Virtual Teams (Terri L. Griffith, Elizabeth A. Mannix, and Margaret A. Neale).Chapter 16: The Development of Global Virtual Teams (Julia Gluesing, Tara Alcordo, Marietta Baba, David Britt, Kimberly Harris Wagner, Willie McKether, Leslie Monplaisir, Hilary Ratner, and Kenneth Riopelle).Chapter 17: Closing the Time Gap in Virtual Teams (Janice A. Klein & Astrid Kleinhanns).Summary: It's All About Action (Cristina B. Gibson and Susan G. Cohen).Chapter 18: The Last Word: Conclusions and Implications (Cristina B. Gibson and Susan G. Cohen).

622 citations


Network Information
Performance
Metrics
No. of citations received by the Paper in previous years
YearCitations
20222
202137
202031
201930
201819
201716