The idea behind defining trust and quality metrics for the threat intelligence data that is shared amongst EWS partners is to decrease the level of information overload as well as reduce false positives, which are both common in most cyber threat intelligence sharing platforms. The TQM prototype aims to propose metrics to be used to rate the quality of threat intelligence data shared between partners and, by this, improve the trust in the relevancy of information shared among them. It will also enable an option to assess the trustworthiness of received information and its source based on metrics directly attributed to the trust level.
The incentive for the creation of the prototype is to:
- allow organisations to view automated evaluation of the quality of the information received;
- allow organisations to assess whether they can trust the organization sharing the information;
- help organisations to prioritise the information they should pay attention to.
Capabilities of the tool include
- calculate the score of the Quality of threat Intelligence - A quality score will be given to the threat intelligence that partners have shared with their constituents. This will help them identify which threat intelligence is relevant for their purposes. Also, the quality score will affect the trustworthiness level of the partner based on retroactive sharing activity, which could potentially be another metric used to establish trust between partners.
- calculate the score of the Trustworthiness of the organisation sharing the information - A Trust score is given to each partner producing CTI based on pre-defined metrics. One example of a metric could be whether the partner who shared the threat intelligence is within the same constituent as the partner who is viewing it.
- calculate the score for Reputation of an organization sharing the information – an aggregation of trust scores computed by each instance of the Trust and Quality Metric prototype
The research and development done behind the Trust and Quality Metrics (TQM) prototype aims to help users of information-sharing platforms to navigate through the amount of Cybersecurity Threat Intelligence (CTI) and identify the information of the highest quality, the most relevant to their organisation, shared by the most trustworthy sources. The calculation methods were based on research of related academic literature aiming to address the burning topic of trust in information sharing. Because the evaluation of the quality and trustworthiness of sources is subjective, apart from predefined quality and trust metrics and algorithms for their calculation, the user is given an option to personalise their own preferences and priority areas.
If you wish to know more about TQM, watch the demonstration video on our YouTube channel: