Abstract
The last couple of years we have seen an increase in interests and initiatives in establishing threat intelligence sharing communities, and on the development of standards and platforms for automated cyber security information sharing. These initiatives are focused on helping organisations to increase their resilience to new attacks and threats.
In this paper we will investigate how we can leverage from cyber security information sharing infrastructures to gain early insight into the large scale effects of cyber threats and incidents. In particular we focus on those that might have a disruptive effect on society. Furthermore, in this paper we will discuss what information needs to be shared and how this can be done using the dominant threat intelligence sharing standards.
Zusammenfassung
In den letzten paar Jahren erlebten wir einen Anstieg des Interesses als auch den Aufbau von Initiativen für den Austausch von Informationen über Cyber-Bedrohung zwischen Organisationen und für die Entwicklung von Standards und Plattformen für den automatischen Austausch von Cyber Security-Informationen. Diese Initiativen zielen darauf ab, Organisationen bei der Erhöhung ihrer Widerstandsfähigkeit gegen neue Attacken und Bedrohungen zu unterstützen.
In diesem Beitrag erörtern die Autoren, wie eine Infrastruktur zum Cyber Security-Informationsaustausch zu einem frühen Einblick in die großflächigen Effekte der Cyber-Bedrohungen und -Vorfälle verhilft. Im Besonderen sind jene Bedrohungsszenarien im Fokus, welche einen nachhaltigen negativen Effekt auf die Gesellschaft ausüben. Darüber hinaus wird in diesem Beitrag diskutiert, welche Information ausgetauscht werden muss und wie dies unter Einsatz der vorhandenen Standards in diesem Bereich geschehen kann.
Similar content being viewed by others
Notes
In this context an incident is a single or a series of unwanted or unexpected security events that have a significant probability of compromising business operations. A security event is an identified occurrence of a system, service or network state indicating a possible breach of security policy or failure of controls, or a previously unknown situation that may be security relevant [16].
References
MITRE (2014): Trusted automated eXchange of indicator information. [ONLINE] Available at http://taxii.mitre.org/.
MITRE (2014): Cyber observable eXpression. [ONLINE] Available at http://cybox.mitre.org/.
MITRE (2014): Structured threat information eXpression. [ONLINE] Available at http://stix.mitre.org/.
MITRE (2014): Incident vs. indicator. [ONLINE] Available at http://stixproject.github.io/documentation/idioms/incident-vs-indicator/index.html.
National Cyber Security Centrum (2013): Cybersecuritybeeld Nederland, CSBN-3. Den Haag: NCSC, Ministerie van Veiligheid en Justitie.
National Institute of Standards and Technology (2012): Computer security incident handling guide NCSC. NIST: Ministerie van Veiligheid en Justitie.
National Institute of Standards and Technology (2011): Information security continuous monitoring (ISCM) for federal information systems and organizations.
The Open Group (2009): Risk taxonomy. Berkshire: The Open Group.
Multinational Alliance for Collaborative Cyber Situational Awareness (2013): Information sharing framework v2.4. Multinational Alliance for Collaborative Cyber Situational Awareness.
European Network and Information Security Agency (2013): Technical guidance on the incident reporting in Article 13a. ENISA.
VERIS Community: Impact [VERIS Community]. 24 12 2012. [Online]. Available: http://www.veriscommunity.net/doku.php?id=impact [Accessed 17 March 2014].
VERIS Community: Overview [VERIS Community], VERIS, 2012. [Online]. Available: http://www.veriscommunity.net/doku.php?id=overview. [Accessed 29 04 2014].
ISO/IEC 27035-2: Information technology—security techniques—information security incident management—Part 2: Guidelines to plan and prepare for incident response, ISO 2014.
MITRE (2014): Victim targeting by sector. [ONLINE] Available at http://stixproject.github.io/documentation/idioms/industry-sector/.
OASIS (2014): OASIS customer information quality (CIQ) TC. [ONLINE] Available at https://www.oasis-open.org/committees/ciq/.
ISO (2014): ISO/IEC 27000:2014 Information technology----security techniques—information security management systems—overview and vocabulary.
http://en.wikipedia.org/wiki/Security_breach_notification_laws.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Fransen, F., Smulders, A. & Kerkdijk, R. Cyber security information exchange to gain insight into the effects of cyber threats and incidents. Elektrotech. Inftech. 132, 106–112 (2015). https://doi.org/10.1007/s00502-015-0289-2
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00502-015-0289-2