Abstract
Organizations can struggle to cope with the rapidly advancing threat landscape. A cyber threat intelligence (CTI) function broadly aims to understand how threats operate to better protect the organization from future attacks. This seems like a natural step to take in hardening security. However, CTI is understood and experienced differently across organizations. To explore the value of this function this study used a qualitative method, guided by the Socio-Technical Framework, to understand how the CTI function is interpreted by organizations in South Africa. Thematic analysis was used to provide an in-depth view of how each organization implemented its CTI function and what benefits and challenges they’ve experienced. Findings show that CTI tasks tend to be more manual and resource-intensive, but these challenges can be resolved through automation. It was noted that only larger organizations seem to have the budget and resources available to implement the CTI function, whereas smaller organizations put more reliance on tools. It was observed that skills for the CTI function can be learned on the job, but that formal education provides a good foundation. The findings illustrate the value the CTI function can provide an organization but also the challenges, thereby enabling other organizations to improve preparation before such a function is adopted.
Original language | English |
---|---|
Title of host publication | Information security education. Information security in action |
Subtitle of host publication | 13th IFIP WG 11.8 World conference, WISE 13, Maribor, Slovenia, September 21–23, 2020, proceedings |
Editors | Lynette Drevin, Suné Von Solms, Marianthi Theocharidou |
Place of Publication | Cham |
Publisher | Springer |
Pages | 96-109 |
Number of pages | 14 |
ISBN (Electronic) | 9783030592912 |
ISBN (Print) | 9783030592905 |
DOIs | |
Publication status | Published - 15 Sep 2020 |
Event | 13th World Conference on Information Security Education: Information Security in Action - online conference, Maribor, Slovenia Duration: 21 Sep 2020 → 23 Sep 2020 Conference number: 13th https://www.ifiptc11.org/wg118-events/wise13 |
Publication series
Name | IFIP Advances in Information and Communication Technology |
---|---|
Publisher | Springer |
Volume | 579 |
ISSN (Print) | 1868-4238 |
ISSN (Electronic) | 1868-422X |
Conference
Conference | 13th World Conference on Information Security Education |
---|---|
Abbreviated title | WISE 13 |
Country | Slovenia |
City | Maribor |
Period | 21/09/20 → 23/09/20 |
Internet address |