A Business Process Oriented Dynamic Cyber Threat Intelligence Model

Cyber threat intelligence (CTI) is a method for strengthening information security. CTI provides information on threats and the countermeasures. Businesses can benefit from the defensive knowledge if the relevant CTI is found. However, business environments involve miscellaneous dynamics of the business processes that can dynamically change the contexts. Correspondingly, threats associated with the contextual risk factors can change dynamically at the same time. Every time the contextual changes take place, CTI-based defensive strategies for businesses may not be useful and effective any more. However, the existing connection strategies between CTI and business risk contexts are still somewhat static. This paper proposes a business process oriented dynamic CTI model. The model can observe and capture the dynamics from the business environments. Every time the dynamics are captured, the model will then trigger adjustments of the connection strategies within the model. We use a case study to illustrate the use of the model and present how the model adjusts the connection strategies according to the dynamics. We then conclude the paper with future directions of the research.