An Empirical Evaluation of Cyber Threat Intelligence Sharing in the ECHO Early Warning System

Authors: Chalkias, I., Yucel, C., Mallis, D., Rajamaki, J., De Vecchis, F., Hagstrom, P. and Katos, V.

Volume: 1790 CCIS

Pages: 23-40

DOI: 10.1007/978-3-031-44440-1_3

Abstract:

This paper reports on the information sharing practices of cyber competency centres representing different sectors and constituencies. The cyber competency centres participated in the form of CSIRTs employed the ECHO Early Warning System. Through a structured tabletop exercise, over 10 CSIRTS were engaged and a number of features were captured and monitored. A key research question was to determine the factors that can potentially hinder or amplify Cyber Threat Intelligence information sharing. The exercise imitated real attack scenarios using state-of-the-art tactics techniques and procedures as observed by real-world APT groups and daily incidents. The findings revealed differences in terms of timeliness, response time and handling tickets with different Traffic Light Protocol classifications, duration of handling a ticket and intention to disclose.

https://eprints.bournemouth.ac.uk/39211/

Source: Scopus

An Empirical Evaluation of Cyber Threat Intelligence Sharing in the ECHO Early Warning System

Authors: Chalkias, I., Yucel, C., Mallis, D., Katos, V., De Vecchis, F. and Jyri, R.

Publisher: Springer

DOI: 10.1007/978-3-031-44440-1_3

https://eprints.bournemouth.ac.uk/39211/

Source: Manual

An Empirical Evaluation of Cyber Threat Intelligence Sharing in the ECHO Early Warning System

Authors: Chalkias, I., Yucel, C., Mallis, D., Rajamaki, J., De Vecchis, F., Hagstrom, P. and Katos, V.

Editors: Tagarev, T. and Stoianov, N.

Volume: 1790 C

Pages: 23-40

Publisher: Springer

Place of Publication: Cham

ISBN: 9783031444395

Abstract:

This paper reports on the information sharing practices of cyber competency centres representing different sectors and constituencies. The cyber competency centres participated in the form of CSIRTs employed the ECHO Early Warning System. Through a structured tabletop exercise, over 10 CSIRTS were engaged and a number of features were captured and monitored. A key research question was to determine the factors that can potentially hinder or amplify Cyber Threat Intelligence information sharing. The exercise imitated real attack scenarios using state-of-the-art tactics techniques and procedures as observed by real-world APT groups and daily incidents. The findings revealed differences in terms of timeliness, response time and handling tickets with different Traffic Light Protocol classifications, duration of handling a ticket and intention to disclose.

https://eprints.bournemouth.ac.uk/39211/

Source: BURO EPrints