This HTML5 document contains 25 embedded RDF statements represented using HTML+Microdata notation.

The embedded RDF content will be recognized by any processor of HTML5 Microdata.

Namespace Prefixes

PrefixIRI
dctermshttp://purl.org/dc/terms/
n11doi:10.22024/UniKent/
n2https://kar.kent.ac.uk/id/eprint/
n19https://kar.kent.ac.uk/90779/
wdrshttp://www.w3.org/2007/05/powder-s#
n20http://purl.org/ontology/bibo/status/
rdfshttp://www.w3.org/2000/01/rdf-schema#
n16https://demo.openlinksw.com/about/id/entity/https/raw.githubusercontent.com/annajordanous/CO644Files/main/
n5http://eprints.org/ontology/
n13http://www.loc.gov/loc.terms/relators/
bibohttp://purl.org/ontology/bibo/
n4https://kar.kent.ac.uk/id/org/
rdfhttp://www.w3.org/1999/02/22-rdf-syntax-ns#
n9http://purl.org/ontology/bibo/degrees/
owlhttp://www.w3.org/2002/07/owl#
n8https://kar.kent.ac.uk/id/
n12https://kar.kent.ac.uk/id/document/
xsdhhttp://www.w3.org/2001/XMLSchema#
n17https://demo.openlinksw.com/about/id/entity/https/www.cs.kent.ac.uk/people/staff/akj22/materials/CO644/
n14https://kar.kent.ac.uk/id/person/
n7https://kar.kent.ac.uk/id/eprint/90779#

Statements

Subject Item
n2:90779
rdf:type
n5:ThesisEPrint bibo:Article n5:EPrint bibo:Thesis
rdfs:seeAlso
n19:
owl:sameAs
n11:01.02.90779
n13:THS
n14:ext-p.j.rodgers@kent.ac.uk
n5:hasDocument
n12:3250983 n12:3250988 n12:3251041 n12:3251042 n12:3251043 n12:3251044
dcterms:issuer
n4:ext-e69ffaf65adbe669a239fc71d288812e n4:ext-6cd37a476c4a651d5173fe60c50f2f23
dcterms:title
Managing Cybersecurity and Privacy Risks of Cyber Threat intelliegence
wdrs:describedby
n16:export_kar_RDFN3.n3 n17:export_kar_RDFN3.n3
dcterms:date
2021-10
dcterms:creator
n14:ext-aa795@kent.ac.uk
bibo:status
n20:published
bibo:abstract
In recent years, the number of cyber-attacks that affect critical infrastructures such as health, telecommunications and banks has been rapidly increasing. Sharing Cyber Threat Intelligence (CTI) is being encouraged and mandated as a way of improving overall cyber intelligence and defence, but its take up is slow. Organisations may well be justified in perceiving risks in sharing and disclosing cyber incident information, but they tend to express such worries in broad and vague terms. There are risks of breaching regulations and laws regarding privacy. With laws and regulations such as the General Data Protection Regulation (GDPR), the managers of CTI datasets need clear guidance on how and when it is legal to share such information. This thesis supports the decision of sharing CTI datasets as it proposes a novel contribution through a detailed understanding of which information in cyber incident reports requires protection against specific threats with assessed severity. It presents a specific and granular analysis of the risks in cyber incident information sharing, looking in detail at what information may be contained in incident reports and which specific risks are associated with its disclosure. It provides a set of guidelines for the disciplined use of the STIX incident model in order to reduce information security risk. Then, it proposes a quantitative risk model to assess the risk of sharing CTI datasets enabled by sharing with different entities in various situations. The evaluation of the cyber incident model analysis and the quantative risk model has been validated by means of experts' opinions. As a final contribution, this thesis defines the impact that GDPR legal aspects may have on the sharing of CTI that helps technical people and CTI managers with limited legal expertise to encompass legal consideration before sharing CTI datasets. In addition, it recommends protection levels for sharing CTI to ensure compliance with the GDPR.
dcterms:isPartOf
n8:repository
bibo:authorList
n7:authors
bibo:degree
n9:phd