| Summary: | <p>Cyber security information sharing is increasingly playing an important role in
improving the organisational and national overall security posture. Efforts in the
public and private sectors to foster information sharing initiatives have intensified in
recent years resulting in the current complex constellation of sharing organisations,
forums, platforms and tools, including threat intelligence management solutions.
However, despite the growing interest, a number of questions pertaining to the
nature of cyber security information sharing and its success remain unanswered.</p>
<p>This dissertation uses mixed methods to consider <em>How can cyber security
information sharing be made more successful?</em> In answering this question we
draw on practitioners’ experiences and collect empirical data to ensure that our
conclusions can contribute to practice and theory. As with all evaluation efforts,
this dissertation relies on the well-established premise that the success of a process
cannot be reasonably assessed without a coherent understanding of the goals
it is designed to attain.</p>
<p>Our first contribution therefore provides a nuanced conceptualisation of cyber
security information sharing. This includes surveying practitioners for their understandings and attitudes towards different aspects of the process and what it is
trying to achieve. It also addresses the disparity among them when it comes to
distinguishing between the different forms information sharing can take by proposing
a high-level classification of these forms and their objectives.</p>
<p>Our second contribution examines the extent to which the benefits and barriers to
successful cyber security information sharing mentioned in the literature are reflected
in the attitudes of cyber security professionals. A categorisation of the benefits
and barriers is introduced followed by a self-administered survey of practitioners.
The results show a degree of inconsistency between theory and practice. It also
highlights quality issues as a primary concern for practitioners and a hindrance
impacting the success of these efforts.</p>
<p>Our third and main contribution is two-fold. First, we investigate the quality
problem further in the context of threat intelligence platforms. Through a systematic
review of the literature and a modified Delphi study we identify a set of quality
dimensions practitioners employ in determining the quality of the platform’s content.
Second, we draw together the previous findings, as well as the theories and practices
of information systems literature to develop and test a holistic success model —
a framework for understanding and measuring the key success factors and their
interrelationships — for threat intelligence management platforms.</p>
|
|---|