Near-Real Time, Semi-Automated Threat Assessment of Information Environments

Abstract

Threat assessment is a crucial process for monitoring and defending against potential threats in an organization’s information environment and business operations. Ensuring the security of information infrastructure requires effective information security practices. However, existing models and methodologies often fall short of addressing the dynamic and evolving nature of cyberattacks. Moreover, critical threat intelligence extracted from the threat agents lacks the ability to capture essential attributes such as motivation, opportunity, and capability (M, O, C). This contribution to knowledge clarification introduces a semi-automatic threat assessment model that can handle situational awareness data or live acquired data stream from networks, incorporating information security techniques, protocols, and real-time monitoring of specific network types. Additionally, it focuses on analysing and implementing network traffic within a specific real-time information environment. To develop the semi-automatic threat assessment model, the study identifies unique attributes of threat agents by analysing Packet Capture Application Programming Interface (PCAP) files and data stream collected between 2012 and 2019. The study utilizes both hypothetical and real-world examples of threat agents to evaluate the three key factors: motivation, opportunity, and capability. This evaluation serves as a basis for designing threat profiles, critical threat intelligence, and assessing the complexity of process. These aspects are currently overlooked in existing threat agent taxonomies, models, and methodologies. By addressing the limitations of traditional threat assessment approaches, this research contributes to advancing the field of cybersecurity. The proposed semi-automatic threat assessment model offers improved awareness and timely detection of threats, providing organizations with a more robust defence against evolving cyberattacks. This research enhances the understanding of threat agents’ attributes and assists in developing proactive strategies to mitigate the risks associated with cybersecurity in the modern information environment.