Zusammenfassung
Threats, cyber attacks, and security incidents pertain to organizations of all types. Everyday information security is essentially defined by the maturity of security operations and inci-dent response capabilities. However, focusing on intemal information only has proven in-sufficient in an ever-changing threat landscape. Cyber threat intelligence (CTI) and its shar-ing are deemed necessary to ...
Zusammenfassung
Threats, cyber attacks, and security incidents pertain to organizations of all types. Everyday information security is essentially defined by the maturity of security operations and inci-dent response capabilities. However, focusing on intemal information only has proven in-sufficient in an ever-changing threat landscape. Cyber threat intelligence (CTI) and its shar-ing are deemed necessary to cope with advanced threats and strongly influence security capabilities. Therefore, in this work, we develop CTI-SOC2M2, a capability maturity model that uses the degree of CTI integration as a proxy for SOC service maturity. In the course, we examine existing maturity models in the domains of Security Operations Centers (SOCs), incident response, and CTI. In search of adequate maturity assessment, we show threat in-telligence dependencies through applicable data formats. As the systematic development of maturity models demands, our mixed methodology approach contributes a new in-depth analysis of intelligence-driven security operations. The resulting CTI-SOC2M2 model con-tains CTI formats, SOC services and is complemented with an evaluation through expert interviews. A prototypical, tool-based implementation is aimed to document steps towards the model's practical application. (c) 2021 Elsevier Ltd. AH rights reserved.