Reference : What's in a Cyber Threat Intelligence sharing platform?: A mixed-methods user experie...
Scientific congresses, symposiums and conference proceedings : Paper published in a book
Engineering, computing & technology : Computer science
Security, Reliability and Trust
http://hdl.handle.net/10993/48192
What's in a Cyber Threat Intelligence sharing platform?: A mixed-methods user experience investigation of MISP
English
Stojkovski, Borce mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > IRiSC >]
Lenzini, Gabriele mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > IRiSC >]
Koenig, Vincent mailto [University of Luxembourg > Faculty of Humanities, Education and Social Sciences (FHSE) > Department of Behavioural and Cognitive Sciences (DBCS) >]
Rivas, Salvador mailto [University of Luxembourg > Faculty of Humanities, Education and Social Sciences (FHSE) > LUCET >]
2021
Annual Computer Security Applications Conference (ACSAC ’21)
ACM
Yes
International
New York, NY
USA
Annual Computer Security Applications Conference (ACSAC ’21)
6/12/2021 to 10/12/2021
ACM
Virtual Event
USA
[en] user studies ; user experience ; usability ; cyber threat intelligence ; information sharing ; sharing platforms
[en] The ever-increasing scale and complexity of cyber attacks and cyber-criminal activities necessitate secure and effective sharing of cyber threat intelligence (CTI) among a diverse set of stakeholders and communities. CTI sharing platforms are becoming indispensable tools for cooperative and collaborative cybersecurity. Nevertheless, despite the growing research in this area, the emphasis is often placed on the technical aspects, incentives, or implications associated with CTI sharing, as opposed to investigating challenges encountered by users of such platforms. To date, user experience (UX) aspects remain largely unexplored.

This paper offers a unique contribution towards understanding the constraining and enabling factors of security information sharing within one of the leading platforms. MISP is an open source CTI sharing platform used by more than 6,000 organizations worldwide. As a technically-advanced CTI sharing platform it aims to cater for a diverse set of security information workers with distinct needs and objectives. In this respect, MISP has to pay an equal amount of attention to the UX in order to maximize and optimize the quantity and quality of threat information that is contributed and consumed.

Using mixed methods we shed light on the strengths and weaknesses of MISP from an end-users’ perspective and discuss the role UX could play in effective CTI sharing. We conclude with an outline of future work and open challenges worth further exploring in this nascent, yet highly important socio-technical context.
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Other
Fonds National de la Recherche - FnR
Researchers ; Professionals ; Students ; General public
http://hdl.handle.net/10993/48192
10.1145/3485832.3488030
FnR ; FNR10621687 > Sjouke Mauw > SPsquared > Security And Privacy For System Protection > 01/01/2017 > 30/06/2023 > 2015

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Limited access
acsac21-misp.pdfAuthor preprint1.13 MBRequest a copy

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.