Daniel Schlette scite author profile

IEEE Communications Surveys & Tutorials IEEE COMMUNICATIONS SURVEYS & TUTORIALS 2 followed by Detection & Analysis, Containment, Eradication & Recovery and concludes with Post-Incident Activity. It is worth mentioning that between the four phases feedback loops exist. Other incident handling process models (e.g., CERT/CC [24], ITIL [25], [26], [27]) are in line with the NIST incident response life cycle. Nevertheless, often incident response is narrowed down to only the Containment, Eradication & Recovery activities, whereas incident management and incident handling provide the larger reference framework [27], [21]. We follow this more precise approach and center on the pivotal activities of incident response. An elementary subarea in conjunction with incident response and its community is digital forensics. Digital forensics concerns data gathering and the detailed analysis of circumstances surrounding a security incident [26]. Within the NIST incident response life cycle, digital forensics mainly precedes the incident response action itself and can be attributed to Detection & Analysis. For our work, we separate between digital forensics and incident response and exclude the former. However, due to the nature of the analyzed data formats, there is at times overlap concerning investigative incident response activities. This situation leads to the focus of this survey described in Figure 2. The starting point of incident response and its standardization is hereby defined as trigger, alert, or event detected by an Intrusion Detection System (IDS), Security Information and Event Management (SIEM), or similar system, which then requires incident response actions. Also, CTI feeds, and structured threat reports are possible external starting points.

show abstract

Measuring and visualizing cyber threat intelligence quality

Schlette

Böhm

Caselli

et al. 2020

Int. J. Inf. Secur.

View full text Add to dashboard Cite

The very raison d'être of cyber threat intelligence (CTI) is to provide meaningful knowledge about cyber security threats. The exchange and collaborative generation of CTI by the means of sharing platforms has proven to be an important aspect of practical application. It is evident to infer that inaccurate, incomplete, or outdated threat intelligence is a major problem as only high-quality CTI can be helpful to detect and defend against cyber attacks. Additionally, while the amount of available CTI is increasing it is not warranted that quality remains unaffected. In conjunction with the increasing number of available CTI, it is thus in the best interest of every stakeholder to be aware of the quality of a CTI artifact. This allows for informed decisions and permits detailed analyses. Our work makes a twofold contribution to the challenge of assessing threat intelligence quality. We first propose a series of relevant quality dimensions and configure metrics to assess the respective dimensions in the context of CTI. In a second step, we showcase the extension of an existing CTI analysis tool to make the quality assessment transparent to security analysts. Furthermore, analysts' subjective perceptions are, where necessary, included in the quality assessment concept.

show abstract

Harnessing Digital Twin Security Simulations for systematic Cyber Threat Intelligence

Dietz

Schlette

Pernul

2022

View full text Add to dashboard Cite

SOAR4IoT: Securing IoT Assets with Digital Twins

Empl

Schlette

Zupfer

et al. 2022

View full text Add to dashboard Cite

CTI-SOC2M2 – The quest for mature, intelligence-driven security operations and incident response capabilities

Schlette

Vielberth

Pernul

2021

Computers & Security

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Daniel Schlette

A Comparative Study on Cyber Threat Intelligence: The Security Incident Response Perspective

Measuring and visualizing cyber threat intelligence quality

Harnessing Digital Twin Security Simulations for systematic Cyber Threat Intelligence

SOAR4IoT: Securing IoT Assets with Digital Twins

CTI-SOC2M2 – The quest for mature, intelligence-driven security operations and incident response capabilities

Contact Info

Product

Resources

About