Leveraging cyber threat intelligence for a dynamic risk framework

Villagra González, Victor Abraham and Riesco Granadino, Raúl (2019). Leveraging cyber threat intelligence for a dynamic risk framework. "International Journal of Information Security", v. 18 ; pp. 715-739. ISSN 1615-5262. https://doi.org/10.1007/s10207-019-00433-2.


Title: Leveraging cyber threat intelligence for a dynamic risk framework
  • Villagra González, Victor Abraham
  • Riesco Granadino, Raúl
Item Type: Article
Título de Revista/Publicación: International Journal of Information Security
Date: 18 April 2019
ISSN: 1615-5262
Volume: 18
Freetext Keywords: STIX™; SWRL; OWL; Cybersecurity; Dynamic risk management (DRM); Cyber threat intelligence (CTI)
Faculty: E.T.S.I. Telecomunicación (UPM)
Department: Ingeniería de Sistemas Telemáticos
Creative Commons Licenses: Recognition - No derivative works - Non commercial

Full text

PDF - Requires a PDF viewer, such as GSview, Xpdf or Adobe Acrobat Reader
Download (7MB) | Preview


One of the most important goals in an organization is to have risks under an acceptance level along the time. All organizations are exposed to real-time security threats that could have an impact on their risk exposure levels harming the entire organization, their customers and their reputation. New emerging techniques, tactics and procedures (TTP) which remain undetected, the complexity and decentralization of organization assets, the great number of vulnerabilities proportional to the number of new type of devices (IoT) or still the high number of false positives, are only some examples of real risks for any organization. Risk management frameworks are not integrated and automated with near real-time (NRT) risk-related cybersecurity threat intelligence (CTI) information. The contribution of this paper is an integrated architecture based on the Web Ontology Language (OWL), a semantic reasoner and the use of Semantic Web Rule Language (SWRL) to approach a Dynamic Risk Assessment and Management (DRA/DRM) framework at all levels (operational, tactic and strategic). To enable such a dynamic, NRT and more realistic risk assessment and management processes, we created a new semantic version of STIX™v2.0 for cyber threat intelligence as it is becoming a de facto standard for structured threat information exchange. We selected an international leading organization in cybersecurity to demonstrate new dynamic ways to support decision making at all levels while being under attack. Semantic reasoners could be our ideal partners to fight against threats having risks under control along the time, for that, they need to understand the data. Our proposal uses an unprecedented mix of standards to cover all levels of a DRM and ensure easier adoption by users.

More information

Item ID: 63893
DC Identifier: https://oa.upm.es/63893/
OAI Identifier: oai:oa.upm.es:63893
DOI: 10.1007/s10207-019-00433-2
Official URL: https://link.springer.com/article/10.1007/s10207-019-00433-2
Deposited by: Memoria Investigacion
Deposited on: 05 Dec 2020 09:37
Last Modified: 05 Dec 2020 09:37
  • Logo InvestigaM (UPM)
  • Logo GEOUP4
  • Logo Open Access
  • Open Access
  • Logo Sherpa/Romeo
    Check whether the anglo-saxon journal in which you have published an article allows you to also publish it under open access.
  • Logo Dulcinea
    Check whether the spanish journal in which you have published an article allows you to also publish it under open access.
  • Logo de Recolecta
  • Logo del Observatorio I+D+i UPM
  • Logo de OpenCourseWare UPM