A review and theoretical explanation of the ‘Cyberthreat-Intelligence (CTI) capability’ that needs to be fostered in information security practitioners and how this can be accomplished

Given the global increase in crippling cyberattacks, organizations are increasingly turning to cyberthreat intelligence (CTI). CTI represents actionable threat information that is relevant to a specific organization and that thus demands its close attention. CTI efforts aim to help organizations “kn...

Full description

Saved in:
Bibliographic Details
Published in:Computers & security 2020-05, Vol.92, p.101761-16, Article 101761
Main Authors: Shin, Bongsik, Lowry, Paul Benjamin
Format: Article
Language:English
Subjects:
CTI analyst
CTI capability model (CTI-CM)
CTI practitioner
Cybersecurity
Cyberthreat intelligence (CTI)
Human factors
Human factors of security
Information security officer
Intelligence
Organizational security (OrgSec)
Organizations
Risk management
Security
Triarchic theory of intelligence (TTI)
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Given the global increase in crippling cyberattacks, organizations are increasingly turning to cyberthreat intelligence (CTI). CTI represents actionable threat information that is relevant to a specific organization and that thus demands its close attention. CTI efforts aim to help organizations “know their enemies better” for proactive, preventive, and timely threat detection and remediation—complementing conventional risk-management paradigms designed to improve ‘general readiness’ against known or unknown threats. Organizational security (OrgSec) and behavioral security research has lagged behind CTI's growing potential to address current cybersecurity challenges. Instead, CTI has largely been the purview of computer science from an algorithmic perspective. However, OrgSec and behavioral researchers can contribute a further combined knowledge of design for the organization, human factors, and organizational governance to foster CTI. In this theory-building and review manuscript, we propose the CTI capability model (CTI-CM) to prescribe the key capabilities necessary for a CTI practitioner to engage effectively in CTI activities. The CTI-CM defines a practitioner's CTI capability in terms of three highly interrelated but conceptually distinctive dimensions: analytical component capability, contextual response capability, and experiential practice capability. We further explain how these capabilities can be fostered, and the key implications for leading security practice in organizations.
ISSN:0167-4048
1872-6208
DOI:10.1016/j.cose.2020.101761