Towards a Comprehensive Cybersecurity Information Sharing Framework

Authors

DOI:

https://doi.org/10.34190/eccws.24.1.3628

Keywords:

Information sharing, Framework, Threat intelligent, Cybersecurity, Information exchange

Abstract

In today's digital age, cybersecurity has become a critical concern for nations around the world. With South Africa facing a significant cybersecurity challenge, ranking as the most targeted country on the African continent. The number and sophistication of cyber-attacks such as ransomware attacks, data breaches, phishing and pharming attacks have been steadily rising in recent years with the public sector and financial institutions being highly prone to these attacks. As cyber threats grow in sophistication and frequency, the need for robust defences and proactive measures is of high importance. Information sharing helps organizations and governments to analyse and understand existing cyber-attack trends and use the intelligence gathered to prevent future cyber-attacks, this helps to improve their overall security posture. It is evident from several scholars that organizations that share cybersecurity information have a high probability of reducing cyber-attacks within their environments. Most scholars agrees that, generally, information sharing, and collaboration may greatly reduce cybersecurity risk while ensuring resilience. But confusion and controversy remain around the following particulars such as: Who should share information? What should be shared? When should it be shared? What is the quality and utility of what is shared? How should it be shared? Why is it being shared? What can be done with the information? This paper therefore seeks to analyse the existing Cybersecurity information sharing frameworks, highlight the gaps and propose a comprehensive framework. Firstly, the paper formulates metrics that are used to evaluate the various identified frameworks, then compare and contract them. We then formulate a comprehensive information sharing framework building from the identified gaps. The proposed framework will then be adopted and used by various stakeholders, such as cybersecurity organizations, government bodies, and security experts who intend to share cybersecurity information.

Author Biographies

Unarine Manari, CSIR

A seasoned cybersecurity specialist with a focus on governance. Her expertise encompasses risk management, information and cybersecurity assurance, gap and maturity assessments, compliance, strategy & policy development and cybersecurity awareness amongst others. She is currently working as a Senior Cybersecurity Specialist/Researcher in the Defence and Security cluster at the CSIR.

Sipho Ngobeni, CSIR

A seasoned Cybersecurity professional with over 15 years of work experience within the Cybersecurity field. He is currently a Research Group Leader for Governance, Privacy and Trust at the CSIR. His experience includes leading national and international RD&I engagements in developing and implementing Cybersecurity Governance, Risk and Compliance solutions.

Mpho Letshwenyo, CSIR

She is a Cybersecurity intern in the Defence and Security cluster at the CSIR with experience in penetration testing, vulnerability assessments, cybersecurity governance and software development. Her work involves identifying and mitigating security threats to ensure robust and secure systems. In addition, she engages in cybersecurity research.

Kedimotse Baruni, CSIR

She is a cybersecurity specialist at the CSIR with a background in software engineering and biometrics. Their work focuses on secure identity systems, digital verification, and emerging technologies like Zero-Knowledge Proofs. Kedimotse contributes to research across academia and industry, regularly sharing insights at cybersecurity conferences.

Nomalisa Ndhlovu, CSIR

She holds a Diploma in Electrical Engineering. Works as an intern at the CSIR under the Defence and Security cluster. She works with biometric systems, embedded software development and research. Passionate about secure authentication, innovation and control systems, she aims to enhance industrial efficiency through innovative engineering solutions.

Pertunia Senamela, CSIR

She is a software engineer at the Council for Scientific and Industrial Research (CSIR), within the Information and Cyber Security Centre (ICSC). Her role involves coding, research, and knowledge dissemination. Beyond her technical responsibilities, Pertunia is deeply involved in cybersecurity research projects that address emerging digital threats.

Downloads

Published

2025-06-25

Issue

Vol. 24 No. 1 (2025): Proceedings of the 24th European Conference on Cyber Warfare and Security

Section

Academic Papers

License

Copyright (c) 2025 European Conference on Cyber Warfare and Security

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.