Planned maintenance
A system upgrade is planned for 10/12-2024, at 12:00-13:00. During this time DiVA will be unavailable.
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
An Analysis and Classification of Public Information Security Data Sources used in Research and Practice
University of Innsbruck, AUT.
University of Innsbruck, AUT.
Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.ORCID iD: 0000-0003-3818-4442
University of Innsbruck, AUT.
2019 (English)In: Computers & security (Print), ISSN 0167-4048, E-ISSN 1872-6208, Vol. 82, p. 140-155Article in journal (Refereed) Published
Abstract [en]

In order to counteract today’s sophisticated and increasing number of cyber threats the timely acquisition of information regarding vulnerabilities, attacks, threats, countermeasures and risks is crucial. Therefore, employees tasked with information security risk management processes rely on a variety of information security data sources, ranging from inter-organizational threat intelligence sharing platforms to public information security data sources, such as mailing lists or expert blogs. However, research and practice lack a comprehensive overview about these public information security data sources, their characteristics and dependencies. Moreover, comprehensive knowledge about these sources would be beneficial to systematically use and integrate them to information security processes. In this paper, a triangulation study is conducted to identify and analyze public information security data sources. Furthermore, a taxonomy is introduced to classify and compare these data sources based on the following six dimensions: (1) Type of information, (2) Integrability, (3) Timeliness, (4) Originality, (5) Type of Source,and (6) Trustworthiness. In total, 68 public information security data sources were identified and classified. The investigations showed that research and practice rely on a large variety of heterogeneous information security data sources, which makes it more difficult to integrate and use them for information security and risk management processes.

Place, publisher, year, edition, pages
Elsevier, 2019. Vol. 82, p. 140-155
Keywords [en]
Cyber Threat Intelligence Sharing, Cyber Security Information Source, Taxonomy, Classification, Characteristic, Information Security and Risk Management, Data Format, Research, Practice
National Category
Software Engineering
Identifiers
URN: urn:nbn:se:bth-17447DOI: 10.1016/j.cose.2018.12.011ISI: 000459525800009OAI: oai:DiVA.org:bth-17447DiVA, id: diva2:1274646
Available from: 2019-01-02 Created: 2019-01-02 Last updated: 2019-03-21Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full texthttps://www.sciencedirect.com/science/article/pii/S0167404818304978

Authority records

Felderer, Michael

Search in DiVA

By author/editor
Felderer, Michael
By organisation
Department of Software Engineering
In the same journal
Computers & security (Print)
Software Engineering

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 613 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf