Organizations, which are the foundation of today’s society and economics, are growing an ever wider knowledge about Cyber Threat Intelligence (CTI), risk assessment, and management, in an ever more connected environment. In this context, cybersecurity is essential to ensure the safety of any Asset. These valuable entities are subject to being compromised by Threat Actors and thereafter lead to a possible wide range of consequences. An attacker could exploit a given vulnerability to its advantage and leverage it to gather, forge, and disclose sensitive information. Therefore, it has been found to be a must to detect Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE) to protect valuable Assets. Once a vulnerability has been identified, such information could be used to assess other related vulnerabilities that might have happened throughout the Cyber Kill Chain. This paper presents methods and procedures to study known attack patterns, those that might be encountered starting from initial attack patterns and calculate the probability of being attacked by known intrusion sets based on the patterns found. The goal is to obtain a risk assessment of the organization through an approach that allows the retrieval and consultation of mitigation techniques and all information of the CTI and the relationships between them. It can be affirmed that the resulting system supports analysts in the assessment of risk exposure, as well as providing ways to comprehend the effort needed to secure vulnerabilities and their returning benefits.
CTI4RA: Cyber Threat Intelligence for Risk Assessment
Barletta V. S.;Pagano A.;Piccinno A.;Sohail Q.
2024-01-01
Abstract
Organizations, which are the foundation of today’s society and economics, are growing an ever wider knowledge about Cyber Threat Intelligence (CTI), risk assessment, and management, in an ever more connected environment. In this context, cybersecurity is essential to ensure the safety of any Asset. These valuable entities are subject to being compromised by Threat Actors and thereafter lead to a possible wide range of consequences. An attacker could exploit a given vulnerability to its advantage and leverage it to gather, forge, and disclose sensitive information. Therefore, it has been found to be a must to detect Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE) to protect valuable Assets. Once a vulnerability has been identified, such information could be used to assess other related vulnerabilities that might have happened throughout the Cyber Kill Chain. This paper presents methods and procedures to study known attack patterns, those that might be encountered starting from initial attack patterns and calculate the probability of being attacked by known intrusion sets based on the patterns found. The goal is to obtain a risk assessment of the organization through an approach that allows the retrieval and consultation of mitigation techniques and all information of the CTI and the relationships between them. It can be affirmed that the resulting system supports analysts in the assessment of risk exposure, as well as providing ways to comprehend the effort needed to secure vulnerabilities and their returning benefits.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
