Proactive Cyber Resilience: A Unified Assessment Methodology for Incident Forecasting With Cyber Threat Intelligence Integration

Proactive Cyber Resilience: A Unified Assessment Methodology for Incident Forecasting With Cyber Threat Intelligence Integration

Traditional cybersecurity assessments rely on the qualitative aspects of framework implementation, limiting the ability to quantify an organization’s cybersecurity posture and prioritize measures for incident prevention. In the first phase of our research, we designed a Center for Interne...

Full description

Saved in:
Bibliographic Details
Main Authors: Hayat Abdulla Asad Cue, Thirimachos Bourlai, Mark Lupo
Format: Article
Language:English
Published: IEEE 2025-01-01
Series:IEEE Access
Subjects:
Center for internet security (CIS) controls
cyber threat intelligence (CTI)
incident forecasting
MITRE ATT&CK
random over sampler
rank-weight scores
Online Access:https://ieeexplore.ieee.org/document/11114947/
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Traditional cybersecurity assessments rely on the qualitative aspects of framework implementation, limiting the ability to quantify an organization’s cybersecurity posture and prioritize measures for incident prevention. In the first phase of our research, we designed a Center for Internet Security (CIS) Controls v8.0 Ranking-Weight scoring system to enhance vulnerability assessment and management in real organizations. In this study, we go a step further in adopting a proactive defense approach by incorporating the forecast of MITRE ATT&CK techniques frequently used to breach security controls that lack implementation. The second phase of our research integrates Cyber Threat Intelligence (CTI) gathered from industry data into the CIS Controls v8.1 quantitative assessment, through automatic mapping and risk categorization. We evaluated our methodology in 13 real case studies from U.S. organizations across different sectors after signing data usage approval agreements. The results show that these organizations have variable cybersecurity posture scores, ranging between 2.92/100 and 62.25/100. The forecast number of exploitable techniques was also variable and dependent on the risk categories. To address some of the limitations introduced by our real-world dataset’s scarcity and unbalanced characteristics, we expanded the number of observations 15 times by generating and balancing over 200 synthetic assessment results using Random-OverSampling and SMOTE. Experimental results show that synthetic data contribute positively to identifying risk categories based on cybersecurity posture scores below 45/100 and above 61/100, predicting additional attack techniques under variable implementation conditions, such as T1027, and confirming a multifold reduction in assessment time from months to days.
ISSN:2169-3536

Similar Items