Risk Assessment of Sharing Cyber Threat Intelligence

Sharing Cyber Threat Intelligence (CTI) is advocated to get better defence against new sophisticated cyber-attacks. CTI may contain critical information about the victim infrastructure, existing vulnerabilities and business processes so sharing CTI may carry a risk. However, evaluating the risk of sharing CTI datasets is challenging due to the nature of the CTI context which is associated with the evolution of the threat landscape and new cyber attacks that are difficult to evaluate. In this paper, we present a quantitative risk model to assess the risk of sharing CTI datasets enabled by sharing with different entities in various situations. The model enables the identification of the threats and evaluation of the impacts of disclosing this information. We present two use cases that help to determine the risk level of sharing a CTI dataset and consequently the mitigation techniques to enable responsible sharing. Risk identification and evaluation have been validated using experts' opinions.