Measures, Metrics, and a Scale for Appraisal of Cyber Threat Intelligence-Informed Decision-Making

Authors

  • Mona Kriesten University of South Australia, Adelaide, Australia https://orcid.org/0000-0001-9348-8428
  • Mamello Thinyane University of South Australia, Adelaide, Australia
  • David Ormrod University of South Australia, Adelaide, Australia

DOI:

https://doi.org/10.34190/eccws.24.1.3421

Keywords:

Cybersecurity, Cyber Security, Cyber Threat Intelligence (CTI), Cyber Threat Intelligence, metrics, Decision Making, decision-making

Abstract

Cyber threat intelligence (CTI) is information from past, present, and evolving threats which, if correlated and put in context, aims to enhance cybersecurity decision-making at strategic, operational, and tactical levels. Despite the multiple benefits of CTI, such as identifying and profiling threat actors, tuning systems and cybersecurity controls, and providing context to incidents, the field faces challenges that must be overcome for effective implementation of CTI. The bulk of existing research tackling these challenges focuses on the technical aspects of collecting, analysing, using, and sharing CTI. However, one of the main benefits of CTI lies in its intelligence affordances to inform decision-making for key actors in cybersecurity. Unfortunately, there is generally a dearth of research on human factors associated with disseminating and utilising CTI. Further, while some research has been undertaken investigating the quality of CTI, there has not been much research investigating the quality of CTI-informed decision-making. This research is targeted to address this gap within the context of a larger project investigating the effectiveness of gamification in enhancing CTI use for defence against cyberattacks. To measure the benefits of CTI throughout the decision-making process, this research has developed a gamification platform and some of the relevant metrics and measures. Firstly, this paper presents these proposed measures and the derived metrics that can be used to quantify the benefits of using CTI at the individual decision level to measure the overall effectiveness of CTI. Secondly, the paper presents a scale that is developed to provide a yardstick for future CTI performance testing – specifically for CTI gamification solutions and generally for CTI-informed cybersecurity decision-making. The research addresses the need to quantify the impact of CTI on decision-making processes in cybersecurity through the measures, metrics, and a scale to inform the actual assessments.

Author Biography

Mona Kriesten, University of South Australia, Adelaide, Australia

Mona Kriesten is a cyber security industry practitioner, undertaking a full-time PhD at the University of South Australia. Mona is researching the application of cyber threat intelligence to improve satellite cyber supply chain security. Mona has several years of experience working in Europe designing solution architectures for network security, supporting the operation of Security Information and Event Management systems, and assisting enterprises to build cyber defence security strategies. Mona has experience in security detection and response, cyber threat intelligence and vulnerability management. Building on her practical experience, Mona's research interests include cyber threat intelligence, threat modelling, and improving incident detection and response capabilities.

Downloads

Published

2025-06-25

Issue

Vol. 24 No. 1 (2025): Proceedings of the 24th European Conference on Cyber Warfare and Security

Section

Academic Papers

License

Copyright (c) 2025 European Conference on Cyber Warfare and Security

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.