Guide to Cyber Threat Information Sharing
04 Oct 2016-
TL;DR: This guidance helps organizations establish information sharing goals, identify cyber threat information sources, scope information sharing activities, develop rules that control the publication and distribution of threat information, engage with existing sharing communities, and make effective use of threat Information in support of the organization’s overall cybersecurity practices.
About: The article was published on 2016-10-04 and is currently open access. It has received 161 citations till now. The article focuses on the topics: Information security & Information sharing.
Citations
More filters
TL;DR: It is shown in this paper why having a standardized representation of threat information can improve the quality of TTI, thus providing better automated analytics solutions on large volumes of T TI which are often non-uniform and redundant.
259 citations
TL;DR: A structured overview about the dimensions of cyber security information sharing is provided, motivated in more detail and work out the requirements for an information sharing system, and a critical review of the state of the art is reviewed.
166 citations
24 Oct 2016
TL;DR: The aim of MISP is to help in setting up preventive actions and counter-measures used against targeted attacks, and to Enable detection via collaborative-knowledge-sharing about existing malware and other threats.
Abstract: The IT community is confronted with incidents of all kinds and nature, new threats appear on a daily basis. Fighting these security incidents individually is almost impossible. Sharing information about threats among the community has become a key element in incident response to stay on top of the attackers. Reliable information resources, providing credible information, are therefore essential to the IT community, or even at broader scale, to intelligence communities or fraud detection groups. This paper presents the Malware Information Sharing Platform (MISP) and threat sharing project, a trusted platform, that allows the collection and sharing of important indicators of compromise (IoC) of targeted attacks, but also threat information like vulnerabilities or financial indicators used in fraud cases. The aim of MISP is to help in setting up preventive actions and counter-measures used against targeted attacks. Enable detection via collaborative-knowledge-sharing about existing malware and other threats.
166 citations
01 Sep 2017
TL;DR: In this paper, the Cyber Threat Intelligence (CTI) model is introduced, which enables cyber defenders to explore their threat intelligence capabilities and understand their position against the ever-changing cyber threat landscape.
Abstract: Threat intelligence is the provision of evidence-based knowledge about existing or potential threats Benefits of threat intelligence include improved efficiency and effectiveness in security operations in terms of detective and preventive capabilities Successful threat intelligence within the cyber domain demands a knowledge base of threat information and an expressive way to represent this knowledge This purpose is served by the use of taxonomies, sharing standards, and ontologiesThis paper introduces the Cyber Threat Intelligence (CTI) model, which enables cyber defenders to explore their threat intelligence capabilities and understand their position against the ever-changing cyber threat landscape In addition, we use our model to analyze and evaluate several existing taxonomies, sharing standards, and ontologies relevant to cyber threat intelligence Our results show that the cyber security community lacks an ontology covering the complete spectrum of threat intelligence To conclude, we argue the importance of developing a multi-layered cyber threat intelligence ontology based on the CTI model and the steps should be taken under consideration, which are the foundation of our future work
132 citations
TL;DR: A systematic mapping study was conducted, and in total, 78 primary studies were identified and analyzed, showing that most of the selected studies in this review targeted only a few common security vulnerabilities such as phishing, denial-of-service and malware.
Abstract: There has been a tremendous increase in research in the area of cyber security to support cyber applications and to avoid key security threats faced by these applications. The goal of this study is to identify and analyze the common cyber security vulnerabilities. To achieve this goal, a systematic mapping study was conducted, and in total, 78 primary studies were identified and analyzed. After a detailed analysis of the selected studies, we identified the important security vulnerabilities and their frequency of occurrence. Data were also synthesized and analyzed to present the venue of publication, country of publication, key targeted infrastructures and applications. The results show that the security approaches mentioned so far only target security in general, and the solutions provided in these studies need more empirical validation and real implementation. In addition, our results show that most of the selected studies in this review targeted only a few common security vulnerabilities such as phishing, denial-of-service and malware. However, there is a need, in future research, to identify the key cyber security vulnerabilities, targeted/victimized applications, mitigation techniques and infrastructures, so that researchers and practitioners could get a better insight into it.
123 citations
References
More filters
01 Feb 2007
TL;DR: The National Institute of Standards and Technology (NIST) developed this document in furtherance of its statutory responsibilities under the Federal Information Security Management Act (FISMA) of 2002, Public Law 107-347.
Abstract: The National Institute of Standards and Technology (NIST) developed this document in furtherance of its statutory responsibilities under the Federal Information Security Management Act (FISMA) of 2002, Public Law 107-347. This publication seeks to assist organizations in understanding intrusion detection system (IDS) and intrusion prevention system (IPS) technologies and in designing, implementing, configuring, securing, monitoring, and maintaining intrusion detection and prevention systems (IDPS). It provides practical, real-world guidance for each of four classes of IDPS: network-based, wireless, network behavior analysis software, and host-based. The publication also provides an overview of complementary technologies that can detect intrusions, such as security information and event management software. It focuses on enterprise IDPS, but most of the information in the publication is also applicable to standalone and small-scale IDPS deployments.
1,056 citations
01 Sep 2006
TL;DR: In this paper, the authors describe the processes for performing effective forensics activities and provide advice regarding different data sources, including files, operating systems (OS), network traffic, and applications.
Abstract: This publication is intended to help organizations in investigating computer security incidents and troubleshooting some information technology (IT) operational problems by providing practical guidance on performing computer and network forensics. The guide presents forensics from an IT view, not a law enforcement view. Specifically, the publication describes the processes for performing effective forensics activities and provides advice regarding different data sources, including files, operating systems (OS), network traffic, and applications. The publication is not to be used as an all-inclusive step-by-step guide for executing a digital forensic investigation or construed as legal advice. Its purpose is to inform readers of various technologies and potential ways of using them in performing incident response or troubleshooting activities. Readers are advised to apply the recommended practices only after consulting with management and legal counsel for compliance concerning laws and regulations (i.e., local, state, Federal, and international) that pertain to their situation.
484 citations
Book•
30 Jun 2014TL;DR: This glossary of common security terms has been extracted from NIST Federal Information Processing Standards (FIPS), the Special Publication 800 series, NIST Interagency Reports (NISTIRs), and from the Committee for National Security Systems Instruction 4009 (CNSSI-4009).
Abstract: The National Institute of Standards and Technology (NIST) has received numerous requests to provide a summary glossary for our publications and other relevant sources, and to make the glossary available to practitioners As a result of these requests, this glossary of common security terms has been extracted from NIST Federal Information Processing Standards (FIPS), the Special Publication (SP) 800 series, NIST Interagency Reports (NISTIRs), and from the Committee for National Security Systems Instruction 4009 (CNSSI-4009) This glossary includes most of the terms in the NIST publications It also contains nearly all of the terms and definitions from CNSSI-4009 This glossary provides a central resource of terms and definitions most commonly used in NIST information security publications and in CNSS information assurance publications For a given term, we do not include all definitions in NIST documents – especially not from the older NIST publications Since draft documents are not stable, we do not refer to terms/definitions in them Each entry in the glossary points to one or more source NIST publications, and/or CNSSI-4009, and/or supplemental sources where appropriate The NIST publications referenced are the most recent versions of those publications (as of the date of this document)
289 citations
30 Aug 2007
TL;DR: The Common Vulnerability Scoring System enables IT managers, vulnerability bulletin providers, security vendors, application vendors and researchers to all benefit by adopting this common language of scoring IT vulnerabilities.
Abstract: The Common Vulnerability Scoring System (CVSS) provides an open framework for communicating the characteristics and impacts of IT vulnerabilities. The National Vulnerability Database (NVD) provides specific CVSS scores for publicly known vulnerabilities. Federal agencies can use the Federal Information Processing Standards (FIPS) 199 security categories with the NVD CVSS scores to obtain impact scores that are tailored to each agency’s environment. CVSS consists of three groups: Base, Temporal and Environmental. Each group produces a numeric score ranging from 0.0 to 10.0, and a vector, a compressed textual representation that reflects the values used to derive the score. The Base group represents the intrinsic qualities of a vulnerability. The Temporal group reflects the characteristics of a vulnerability that change over time. The Environmental group represents the characteristics of a vulnerability that are unique to any user’s environment. CVSS enables IT managers, vulnerability bulletin providers, security vendors, application vendors and researchers to all benefit by adopting this common language of scoring IT vulnerabilities.
98 citations
22 Jul 2013
TL;DR: Recommendations are provided for improving an organization’s malware incident prevention measures and enhancing an organization's existing incident response capability so that it is better prepared to handle malware incidents, particularly widespread ones.
Abstract: Malware, also known as malicious code, refers to a program that is covertly inserted into another program with the intent to destroy data, run destructive or intrusive programs, or otherwise compromise the confidentiality, integrity, or availability of the victim’s data, applications, or operating system. Malware is the most common external threat to most hosts, causing widespread damage and disruption and necessitating extensive recovery efforts within most organizations. This publication provides recommendations for improving an organization’s malware incident prevention measures. It also gives extensive recommendations for enhancing an organization’s existing incident response capability so that it is better prepared to handle malware incidents, particularly widespread ones.
62 citations