Effective Regional Cyber Threat Information Sharing
Abstract
Cyber threat information sharing exchanges have traditionally formed within the context of industry sectors, either as direct peer-to-peer exchanges or within sector-based Information Sharing and Analysis Centers (ISACs). This has often been effective because organizations from the same sector tend to speak the same business language. They tend to have similar lines of business, hold similar digital assets, face similar cyber threats and have similar organizational practices. However, sector-based sharing organizations can face challenges to effective sharing. The Verizon 2015 Data Breach Investigations Report (DBIR) asserts that "our standard practice of organizing information sharing groups and activities according to broad industries is less than optimal. It then advocates for more thoughtful and thorough research into risk profiles across various types of organizations." This report contributes to that proposed body of research. Our assertions are based on two established MITRE research projects, Cyber Prep and Bilateral Analysis of Information Sharing Exchanges (BLAISE), and on empirical evidence of threat analysis and information sharing.
Document Details
- Document Type
- Technical Report
- Publication Date
- Nov 01, 2016
- Accession Number
- AD1125434
Entities
People
- David E. Mann
- Suneel V. Sundar
Organizations
- MITRE Corporation