Towards an Evaluation Framework for Threat Intelligence Sharing Platforms

Date
2020-01-07
Authors
Bauer, Sara
Fischer, Daniel
Sauerwein, Clemens
Latzel, Simon
Stelzer, Dirk
Breu, Ruth
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Threat intelligence sharing is an important countermeasure against the increasing number of security threats to which companies and governments are exposed. Its objective is the cross-organizational exchange of information about actual and potential threats. In recent years, a heterogeneous market of threat intelligence sharing platforms (TISPs) has emerged. These platforms are inter-organizational systems that support collaborative collection, aggregation, analysis and dissemination of threat-related information. Organizations that consider using TISPs are often faced with the challenge of selecting suitable platforms. To facilitate the evaluation of threat intelligence sharing platforms, we present a framework for analyzing and comparing relevant TISPs. Our framework provides a set of 25 functional and non-functional criteria that support potential users in selecting suitable platforms. We demonstrate the applicability of our evaluation framework by assessing three platforms: MISP, OTX and ThreatQ. We describe common features and differences between the three platforms.
Description
Keywords
Cybersecurity and Privacy in Government, evaluation framework, information security, security information sharing, threat intelligence sharing, threat intelligence sharing platform
Citation
Rights
Access Rights
Email libraryada-l@lists.hawaii.edu if you need this content in ADA-compliant format.