Exploring the value of a cyber threat intelligence function in an organization

Anzel Berndt; Jacques Ophoff

doi:10.1007/978-3-030-59291-2_7

Exploring the value of a cyber threat intelligence function in an organization

Anzel Berndt, Jacques Ophoff^*

^*Corresponding author for this work

SDI - Cyber Security

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Downloads (Pure)

Abstract

Organizations can struggle to cope with the rapidly advancing threat landscape. A cyber threat intelligence (CTI) function broadly aims to understand how threats operate to better protect the organization from future attacks. This seems like a natural step to take in hardening security. However, CTI is understood and experienced differently across organizations. To explore the value of this function this study used a qualitative method, guided by the Socio-Technical Framework, to understand how the CTI function is interpreted by organizations in South Africa. Thematic analysis was used to provide an in-depth view of how each organization implemented its CTI function and what benefits and challenges they’ve experienced. Findings show that CTI tasks tend to be more manual and resource-intensive, but these challenges can be resolved through automation. It was noted that only larger organizations seem to have the budget and resources available to implement the CTI function, whereas smaller organizations put more reliance on tools. It was observed that skills for the CTI function can be learned on the job, but that formal education provides a good foundation. The findings illustrate the value the CTI function can provide an organization but also the challenges, thereby enabling other organizations to improve preparation before such a function is adopted.

Original language	English
Title of host publication	Information security education. Information security in action
Subtitle of host publication	13th IFIP WG 11.8 World conference, WISE 13, Maribor, Slovenia, September 21–23, 2020, proceedings
Editors	Lynette Drevin, Suné Von Solms, Marianthi Theocharidou
Place of Publication	Cham
Publisher	Springer
Pages	96-109
Number of pages	14
ISBN (Electronic)	9783030592912
ISBN (Print)	9783030592905
DOIs	https://doi.org/10.1007/978-3-030-59291-2_7
Publication status	E-pub ahead of print - 15 Sep 2020
Event	13th World Conference on Information Security Education: Information Security in Action - online conference, Maribor, Slovenia Duration: 21 Sep 2020 → 23 Sep 2020 Conference number: 13th https://www.ifiptc11.org/wg118-events/wise13

Publication series

Name	IFIP Advances in Information and Communication Technology
Publisher	Springer
Volume	579
ISSN (Print)	1868-4238
ISSN (Electronic)	1868-422X

Conference

Conference	13th World Conference on Information Security Education
Abbreviated title	WISE 13
Country	Slovenia
City	Maribor
Period	21/09/20 → 23/09/20
Internet address	https://www.ifiptc11.org/wg118-events/wise13

Access to Document

10.1007/978-3-030-59291-2_7

Ophoff_ExploringTheValueOfACyberThreatIntelligence_Accepted_2020Accepted author manuscript, 387 KB

Fingerprint Dive into the research topics of 'Exploring the value of a cyber threat intelligence function in an organization'. Together they form a unique fingerprint.

Cite this

Berndt, A., & Ophoff, J. (2020). Exploring the value of a cyber threat intelligence function in an organization. In L. Drevin, S. Von Solms, & M. Theocharidou (Eds.), Information security education. Information security in action: 13th IFIP WG 11.8 World conference, WISE 13, Maribor, Slovenia, September 21–23, 2020, proceedings (pp. 96-109). (IFIP Advances in Information and Communication Technology; Vol. 579). Springer. https://doi.org/10.1007/978-3-030-59291-2_7

Berndt, Anzel ; Ophoff, Jacques. / Exploring the value of a cyber threat intelligence function in an organization. Information security education. Information security in action: 13th IFIP WG 11.8 World conference, WISE 13, Maribor, Slovenia, September 21–23, 2020, proceedings. editor / Lynette Drevin ; Suné Von Solms ; Marianthi Theocharidou. Cham : Springer, 2020. pp. 96-109 (IFIP Advances in Information and Communication Technology).

@inproceedings{53cb5bbf91294479acc9ce02854542ce,

title = "Exploring the value of a cyber threat intelligence function in an organization",

abstract = "Organizations can struggle to cope with the rapidly advancing threat landscape. A cyber threat intelligence (CTI) function broadly aims to understand how threats operate to better protect the organization from future attacks. This seems like a natural step to take in hardening security. However, CTI is understood and experienced differently across organizations. To explore the value of this function this study used a qualitative method, guided by the Socio-Technical Framework, to understand how the CTI function is interpreted by organizations in South Africa. Thematic analysis was used to provide an in-depth view of how each organization implemented its CTI function and what benefits and challenges they{\textquoteright}ve experienced. Findings show that CTI tasks tend to be more manual and resource-intensive, but these challenges can be resolved through automation. It was noted that only larger organizations seem to have the budget and resources available to implement the CTI function, whereas smaller organizations put more reliance on tools. It was observed that skills for the CTI function can be learned on the job, but that formal education provides a good foundation. The findings illustrate the value the CTI function can provide an organization but also the challenges, thereby enabling other organizations to improve preparation before such a function is adopted.",

author = "Anzel Berndt and Jacques Ophoff",

year = "2020",

month = sep,

day = "15",

doi = "10.1007/978-3-030-59291-2_7",

language = "English",

isbn = "9783030592905",

series = "IFIP Advances in Information and Communication Technology",

publisher = "Springer",

pages = "96--109",

editor = "Lynette Drevin and {Von Solms}, Sun{\'e} and Marianthi Theocharidou",

booktitle = "Information security education. Information security in action",

note = "13th World Conference on Information Security Education : Information Security in Action, WISE 13 ; Conference date: 21-09-2020 Through 23-09-2020",

url = "https://www.ifiptc11.org/wg118-events/wise13",

}

Berndt, A & Ophoff, J 2020, Exploring the value of a cyber threat intelligence function in an organization. in L Drevin, S Von Solms & M Theocharidou (eds), Information security education. Information security in action: 13th IFIP WG 11.8 World conference, WISE 13, Maribor, Slovenia, September 21–23, 2020, proceedings. IFIP Advances in Information and Communication Technology, vol. 579, Springer, Cham, pp. 96-109, 13th World Conference on Information Security Education, Maribor, Slovenia, 21/09/20. https://doi.org/10.1007/978-3-030-59291-2_7

Exploring the value of a cyber threat intelligence function in an organization. / Berndt, Anzel; Ophoff, Jacques.

Information security education. Information security in action: 13th IFIP WG 11.8 World conference, WISE 13, Maribor, Slovenia, September 21–23, 2020, proceedings. ed. / Lynette Drevin; Suné Von Solms; Marianthi Theocharidou. Cham : Springer, 2020. p. 96-109 (IFIP Advances in Information and Communication Technology; Vol. 579).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Exploring the value of a cyber threat intelligence function in an organization

AU - Berndt, Anzel

AU - Ophoff, Jacques

N1 - Conference code: 13th

PY - 2020/9/15

Y1 - 2020/9/15

N2 - Organizations can struggle to cope with the rapidly advancing threat landscape. A cyber threat intelligence (CTI) function broadly aims to understand how threats operate to better protect the organization from future attacks. This seems like a natural step to take in hardening security. However, CTI is understood and experienced differently across organizations. To explore the value of this function this study used a qualitative method, guided by the Socio-Technical Framework, to understand how the CTI function is interpreted by organizations in South Africa. Thematic analysis was used to provide an in-depth view of how each organization implemented its CTI function and what benefits and challenges they’ve experienced. Findings show that CTI tasks tend to be more manual and resource-intensive, but these challenges can be resolved through automation. It was noted that only larger organizations seem to have the budget and resources available to implement the CTI function, whereas smaller organizations put more reliance on tools. It was observed that skills for the CTI function can be learned on the job, but that formal education provides a good foundation. The findings illustrate the value the CTI function can provide an organization but also the challenges, thereby enabling other organizations to improve preparation before such a function is adopted.

AB - Organizations can struggle to cope with the rapidly advancing threat landscape. A cyber threat intelligence (CTI) function broadly aims to understand how threats operate to better protect the organization from future attacks. This seems like a natural step to take in hardening security. However, CTI is understood and experienced differently across organizations. To explore the value of this function this study used a qualitative method, guided by the Socio-Technical Framework, to understand how the CTI function is interpreted by organizations in South Africa. Thematic analysis was used to provide an in-depth view of how each organization implemented its CTI function and what benefits and challenges they’ve experienced. Findings show that CTI tasks tend to be more manual and resource-intensive, but these challenges can be resolved through automation. It was noted that only larger organizations seem to have the budget and resources available to implement the CTI function, whereas smaller organizations put more reliance on tools. It was observed that skills for the CTI function can be learned on the job, but that formal education provides a good foundation. The findings illustrate the value the CTI function can provide an organization but also the challenges, thereby enabling other organizations to improve preparation before such a function is adopted.

U2 - 10.1007/978-3-030-59291-2_7

DO - 10.1007/978-3-030-59291-2_7

M3 - Conference contribution

SN - 9783030592905

T3 - IFIP Advances in Information and Communication Technology

SP - 96

EP - 109

BT - Information security education. Information security in action

A2 - Drevin, Lynette

A2 - Von Solms, Suné

A2 - Theocharidou, Marianthi

PB - Springer

CY - Cham

T2 - 13th World Conference on Information Security Education

Y2 - 21 September 2020 through 23 September 2020

ER -

Berndt A, Ophoff J. Exploring the value of a cyber threat intelligence function in an organization. In Drevin L, Von Solms S, Theocharidou M, editors, Information security education. Information security in action: 13th IFIP WG 11.8 World conference, WISE 13, Maribor, Slovenia, September 21–23, 2020, proceedings. Cham: Springer. 2020. p. 96-109. (IFIP Advances in Information and Communication Technology). https://doi.org/10.1007/978-3-030-59291-2_7