{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,13]],"date-time":"2026-01-13T14:33:17Z","timestamp":1768314797167,"version":"3.49.0"},"reference-count":27,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2025,5,4]],"date-time":"2025-05-04T00:00:00Z","timestamp":1746316800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2025,5,4]],"date-time":"2025-05-04T00:00:00Z","timestamp":1746316800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"name":"Centre for Research & Technology Hellas"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2025,6]]},"abstract":"<jats:title>Abstract<\/jats:title>\n          <jats:p>Cyber Threat Intelligence (CTI) plays a vital role in enhancing cybersecurity by enabling organizations to leverage insights from the analysis of past incidents to better manage future threats. Evaluating the actionability of CTI products (CTIPs), namely CTI in a structured format, is essential for prioritizing intelligence and implementing effective security measures. However, existing methodologies often fall short in evaluating the actionability of CTI by focusing on isolated criteria without considering the full context of the CTI sharing lifecycle, which includes production, dissemination, and consumption stages. Additionally, these methodologies suffer from variability issues, referring to the inconsistent selection and application of actionability criteria by different organizations, as well as subjectivity issues, which arise from a lack of standardized assessment approaches. This paper introduces a novel methodology designed to comprehensively evaluate the actionability of CTIPs across all stages of a proposed CTI sharing lifecycle; the proposed methodology is referred to as Evaluating the Actionability of Cyber Threat Intelligence (EVACTI). EVACTI employs the standardized set of actionability criteria of the European Union Agency for Cybersecurity (ENISA) and considers the CTI sharing lifecycle to ensure consistency and mitigate the variability and subjectivity issues prevalent in existing approaches. By considering the operational context of both producers and consumers, EVACTI offers a more accurate and practical evaluation of CTIP actionability. EVACTI also enhances the effectiveness of cybersecurity efforts by impelling producers to refine CTIPs before sharing them and enabling consumers to make decisions about the use and prioritization of CTIPs. Lastly, EVACTI integrates the actionability into the CTI sharing lifecycle through a custom CTI object, further supporting transparent dissemination of actionability values.<\/jats:p>","DOI":"10.1007\/s10207-025-01033-z","type":"journal-article","created":{"date-parts":[[2025,5,4]],"date-time":"2025-05-04T10:06:07Z","timestamp":1746353167000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["EVACTI: evaluating the actionability of cyber threat intelligence"],"prefix":"10.1007","volume":"24","author":[{"given":"Athanasios","family":"Dimitriadis","sequence":"first","affiliation":[]},{"given":"Angelos","family":"Papoutsis","sequence":"additional","affiliation":[]},{"given":"Dimitrios","family":"Kavalieros","sequence":"additional","affiliation":[]},{"given":"Theodora","family":"Tsikrika","sequence":"additional","affiliation":[]},{"given":"Stefanos","family":"Vrochidis","sequence":"additional","affiliation":[]},{"given":"Ioannis","family":"Kompatsiaris","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,5,4]]},"reference":[{"key":"1033_CR1","doi-asserted-by":"crossref","unstructured":"Johnson, C., Badger, L., Waltermire, D., Snyder, J., Skorupka, C., et al.: Guide to cyber threat information sharing. NIST Spec. Publ. 800(150) (2016)","DOI":"10.6028\/NIST.SP.800-150"},{"key":"1033_CR2","unstructured":"National Institute of Standards and Technology (NIST), \u201cThe nist cybersecurity framework (csf) 2.0. Accessed on June 17, 2024. https:\/\/nvlpubs.nist.gov\/nistpubs\/CSWP\/NIST.CSWP.29.pdf (2024)"},{"key":"1033_CR3","unstructured":"European Parliament and Council of the European Union, \u201cDirective (eu) 2022\/2555 of the european parliament and of the council of 14 december 2022 on measures for a high common level of cybersecurity across the union, amending regulation (eu) no 910\/2014 and directive (eu) 2018\/1972 (nis 2 directive). Accessed on August 17, 2024. https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/PDF\/?uri=CELEX:32022L2555 (2022)"},{"key":"1033_CR4","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2019.101589","volume":"87","author":"TD Wagner","year":"2019","unstructured":"Wagner, T.D., Mahbub, K., Palomar, E., Abdallah, A.E.: Cyber threat intelligence sharing: survey and research directions. Comput. Secur. 87, 101589 (2019)","journal-title":"Comput. Secur."},{"key":"1033_CR5","doi-asserted-by":"publisher","first-page":"212","DOI":"10.1016\/j.cose.2017.09.001","volume":"72","author":"W Tounsi","year":"2018","unstructured":"Tounsi, W., Rais, H.: A survey on technical threat intelligence in the age of sophisticated cyber attacks. Comput. Secur. 72, 212\u2013233 (2018)","journal-title":"Comput. Secur."},{"key":"1033_CR6","unstructured":"OASIS Cyber Threat Intelligence Technical Committee, \u201cIntroduction to stix,\u201d. Accessed on October 2, 2024. https:\/\/oasis-open.github.io\/cti-documentation\/stix\/intro (2023)"},{"issue":"1","key":"1033_CR7","first-page":"371","volume":"10","author":"MS Abu","year":"2018","unstructured":"Abu, M.S., Selamat, S.R., Ariffin, A., Yusof, R.: Cyber threat intelligence-issue and challenges. Indones. J. Electr. Eng. Comput. Sci. 10(1), 371\u2013379 (2018)","journal-title":"Indones. J. Electr. Eng. Comput. Sci."},{"key":"1033_CR8","unstructured":"European Union Agency for Cybersecurity (ENISA): Actionable information for security incident response. Accessed on May. 05 2024. https:\/\/www.enisa.europa.eu\/sites\/default\/files\/publications\/Actionable%20Information%20for%20Security%20Incident%20Response.pdf"},{"issue":"4","key":"1033_CR9","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3484202","volume":"3","author":"A Zibak","year":"2022","unstructured":"Zibak, A., Sauerwein, C., Simpson, A.C.: Threat intelligence quality dimensions for research and practice. Digital Threats Res. Pract. 3(4), 1\u201322 (2022)","journal-title":"Digital Threats Res. Pract."},{"key":"1033_CR10","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1007\/s10207-020-00490-y","volume":"20","author":"D Schlette","year":"2021","unstructured":"Schlette, D., B\u00f6hm, F., Caselli, M., Pernul, G.: Measuring and visualizing cyber threat intelligence quality. Int. J. Inf. Secur. 20, 21\u201338 (2021)","journal-title":"Int. J. Inf. Secur."},{"key":"1033_CR11","doi-asserted-by":"crossref","unstructured":"Lee, R. M.: Intelligence defined and its impact on cyber threat intelligence. http:\/\/www.robertmlee.org\/intelligence-defined-and-its-impact-on-cyber-threat-intelligence\/. Accessed on October. 01 2023","DOI":"10.1002\/9781119861775"},{"key":"1033_CR12","unstructured":"European Parliament and of the Council of 6 July 2016, \u201cDirective (eu) 2016\/1148 of the European parliament and of the council of 6 july 2016 concerning measures for a high common level of security of network and information systems across the union. Accessed on October 2, 2024, https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/HTML\/?uri=CELEX:32016L1148&from=en (2016)"},{"key":"1033_CR13","doi-asserted-by":"crossref","unstructured":"Wagner, C., Dulaunoy, A., Wagener, G., Iklody, A.: Misp: the design and implementation of a collaborative threat intelligence sharing platform. In: Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security, pp. 49\u201356 (2016)","DOI":"10.1145\/2994539.2994542"},{"issue":"6","key":"1033_CR14","doi-asserted-by":"publisher","first-page":"108","DOI":"10.3390\/fi12060108","volume":"12","author":"A de Melo e Silva","year":"2020","unstructured":"de Melo e Silva, A., Costa Gondim, J.J., de Oliveira Albuquerque, R., Garc\u00eda Villalba, L.J.: A methodology to evaluate standards and platforms within cyber threat intelligence. Future Internet 12(6), 108 (2020)","journal-title":"Future Internet"},{"issue":"1","key":"1033_CR15","doi-asserted-by":"publisher","first-page":"18","DOI":"10.3390\/computers9010018","volume":"9","author":"K Rantos","year":"2020","unstructured":"Rantos, K., Spyros, A., Papanikolaou, A., Kritsas, A., Ilioudis, C., Katos, V.: Interoperability challenges in the cybersecurity information sharing ecosystem. Computers 9(1), 18 (2020)","journal-title":"Computers"},{"key":"1033_CR16","unstructured":"Sauerwein, C., Sillaber, C., Mussmann, A., Breu, R.: Threat intelligence sharing platforms: an exploratory study of software vendors and research perspectives (2017)"},{"key":"1033_CR17","unstructured":"European Commission, \u201cCommission implementing decision (eu) 2017\/2288 of 11 december 2017 on the identification of ict technical specifications for referencing in public procuremen. Accessed on May 2, 2024. https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/PDF\/?uri=CELEX:32017D2288&from=EL (2017)"},{"issue":"14","key":"1033_CR18","doi-asserted-by":"publisher","first-page":"4890","DOI":"10.3390\/s21144890","volume":"21","author":"A Dimitriadis","year":"2021","unstructured":"Dimitriadis, A., Prassas, C., Flores, J.L., Kulvatunyou, B., Ivezic, N., Gritzalis, D.A., Mavridis, I.K.: Contextualized filtering for shared cyber threat information. Sensors 21(14), 4890 (2021)","journal-title":"Sensors"},{"key":"1033_CR19","unstructured":"Farnham, G., Leune, K.: Tools and standards for cyber threat intelligence projects. SANS Inst. 3(2), 25\u201331 (2013)"},{"key":"1033_CR20","doi-asserted-by":"crossref","unstructured":"Mavzer, K.B., Konieczna, E., Alves, H., Yucel, C., Chalkias, I., Mallis, D., Cetinkaya, D., Sanchez, L.A.G.: Trust and quality computation for cyber threat intelligence sharing platforms. In: 2021 IEEE International Conference on Cyber Security and Resilience (CSR), pp. 360\u2013365. IEEE (2021)","DOI":"10.1109\/CSR51186.2021.9527975"},{"key":"1033_CR21","doi-asserted-by":"crossref","unstructured":"Schaberreiter, T., Kupfersberger, V., Rantos, K., Spyros, A., Papanikolaou, A., Ilioudis, C., Quirchmayr, G.: A quantitative evaluation of trust in the quality of cyber threat intelligence sources. In: Proceedings of the 14th International Conference on Availability, Reliability and Security, pp.\u00a01\u201310 (2019)","DOI":"10.1145\/3339252.3342112"},{"key":"1033_CR22","doi-asserted-by":"crossref","unstructured":"Yucel, C., Chalkias, I., Mallis, D., Karagiannis, E., Cetinkaya, D., Katos, V.: On the assessment of completeness and timeliness of actionable cyber threat intelligence artefacts. In: Multimedia Communications, Services and Security: 10th International Conference, MCSS 2020, Krak\u00f3w, Poland, October 8\u20139, 2020, Proceedings 10, pp\u00a051\u201366. Springer (2020)","DOI":"10.1007\/978-3-030-59000-0_5"},{"key":"1033_CR23","doi-asserted-by":"crossref","unstructured":"Griffioen, H., Booij, T., Doerr, C.: Quality evaluation of cyber threat intelligence feeds. In: Applied Cryptography and Network Security: 18th International Conference, ACNS 2020, Rome, Italy, October 19\u201322, 2020, Proceedings, Part II 18, pp.\u00a0277\u2013296. Springer (2020)","DOI":"10.1007\/978-3-030-57878-7_14"},{"issue":"1","key":"1033_CR24","first-page":"80","volume":"1","author":"EM Hutchins","year":"2011","unstructured":"Hutchins, E.M., Cloppert, M.J., Amin, R.M., et al.: Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Lead. Issues Inf. Warfare Secur. Res. 1(1), 80 (2011)","journal-title":"Lead. Issues Inf. Warfare Secur. Res."},{"key":"1033_CR25","first-page":"37","volume":"2","author":"M Faiella","year":"2019","unstructured":"Faiella, M., Granadillo, G.G., Medeiros, I., Azevedo, R., Zarzosa, S.G.: Enriching threat intelligence platforms capabilities. ICETE 2, 37\u201348 (2019)","journal-title":"ICETE"},{"key":"1033_CR26","doi-asserted-by":"crossref","unstructured":"Dimitriadis, A., Lontzetidis, E., Mavridis, I.: Evaluation and enhancement of the actionability of publicly available cyber threat information in digital forensics. In: 2021 IEEE International Conference on Cyber Security and Resilience (CSR), pp.\u00a0318\u2013323. IEEE (2021)","DOI":"10.1109\/CSR51186.2021.9527934"},{"key":"1033_CR27","unstructured":"\u201cvirustotal.com\u201d. Accessed on October 25, 2024. https:\/\/www.virustotal.com\/ (2024)"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-01033-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-025-01033-z\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-01033-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,21]],"date-time":"2025-06-21T10:11:59Z","timestamp":1750500719000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-025-01033-z"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,5,4]]},"references-count":27,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2025,6]]}},"alternative-id":["1033"],"URL":"https:\/\/doi.org\/10.1007\/s10207-025-01033-z","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,5,4]]},"assertion":[{"value":"4 May 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no Conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}],"article-number":"123"}}