{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,23]],"date-time":"2026-04-23T08:01:59Z","timestamp":1776931319793,"version":"3.51.2"},"reference-count":43,"publisher":"Oxford University Press (OUP)","issue":"1","license":[{"start":{"date-parts":[[2022,1,28]],"date-time":"2022-01-28T00:00:00Z","timestamp":1643328000000},"content-version":"vor","delay-in-days":27,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022,1,28]]},"abstract":"<jats:title>Abstract<\/jats:title>\n               <jats:p>Active usage of threat intelligence information supports effective prevention, mitigation and defence against cyberattacks by threat actors ranging from individual amateurs to state organizations. However, threat intelligence highly depends on security specialists\u2019 ability to share incident data on threat information-sharing platforms. Unfortunately, business managers and educational institutions undervalue the information-sharing aspect when planning the professional development of cybersecurity-related specialists. Consequently, cybersecurity specialists are insufficiently motivated to correctly communicate and propagate relevant information with team members, superiors, relevant institutions and the global community about the impact of the incident. Literature review reveals many technological, legal and psychological obstacles hindering successful information exchange. This research aims to improve threat information sharing by focusing on the educational aspect of the problem and analysing the attitude of cybersecurity specialists during cyber defence exercises (CDX). Our case study disclosed nine factors obstructing both proper reporting to relevant authorities and adequate communication among teams. By addressing these factors, CDX organizers could substantially improve the development of highly beneficial soft skills of the technical specialists.<\/jats:p>","DOI":"10.1093\/cybsec\/tyac001","type":"journal-article","created":{"date-parts":[[2022,1,28]],"date-time":"2022-01-28T11:57:53Z","timestamp":1643371073000},"source":"Crossref","is-referenced-by-count":12,"title":["Overcoming information-sharing challenges in cyber defence exercises"],"prefix":"10.1093","volume":"8","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-9768-4258","authenticated-orcid":false,"given":"Agn\u0117","family":"Brilingait\u0117","sequence":"first","affiliation":[{"name":"Institute of Computer Science, Vilnius University , Didlaukio str. 47, LT-08303 Vilnius , Lithuania"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9781-9690","authenticated-orcid":false,"given":"Linas","family":"Bukauskas","sequence":"additional","affiliation":[{"name":"Institute of Computer Science, Vilnius University , Didlaukio str. 47, LT-08303 Vilnius , Lithuania"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8852-8605","authenticated-orcid":false,"given":"Au\u0161rius","family":"Juozapavi\u010dius","sequence":"additional","affiliation":[{"name":"General Jonas \u017demaitis Military Academy of Lithuania , \u0160ilo g. 5A., LT-10322 Vilnius , Lithuania"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4817-2202","authenticated-orcid":false,"given":"Eduardas","family":"Kutka","sequence":"additional","affiliation":[{"name":"Institute of Computer Science, Vilnius University , Didlaukio str. 47, LT-08303 Vilnius , Lithuania"}]}],"member":"286","published-online":{"date-parts":[[2022,1,28]]},"reference":[{"key":"2023052911514014200_bib1","author":"Check Point","year":"2020"},{"key":"2023052911514014200_bib2","doi-asserted-by":"crossref","first-page":"101761","DOI":"10.1016\/j.cose.2020.101761","article-title":"A review and theoretical explanation of the \u2018Cyberthreat-Intelligence (CTI) capability\u2019 that needs to be fostered in information security practitioners and how this can be accomplished","volume":"92","author":"Shin","year":"2020","journal-title":"Comput Secur"},{"key":"2023052911514014200_bib3","doi-asserted-by":"crossref","first-page":"2803","DOI":"10.1287\/mnsc.2014.2132","article-title":"Information sharing in supply chains: an empirical and theoretical valuation","volume":"61","author":"Cui","year":"2015","journal-title":"Manag Sci"},{"key":"2023052911514014200_bib4","volume-title":"Police Information Sharing: All-Crimes Approach to Homeland Security","author":"Scott","year":"2009"},{"key":"2023052911514014200_bib5","article-title":"Detect, share, protect: solutions for improving threat data exchange among CERTs","author":"European Union Agency for Network and Information Security (ENISA)","year":"2013"},{"key":"2023052911514014200_bib6","article-title":"MITRE ATT&CK\u00ae","author":"MITRE Corporation","year":"2020"},{"key":"2023052911514014200_bib7","volume-title":"Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains","author":"Hutchins","year":"2011"},{"key":"2023052911514014200_bib8","first-page":"476","article-title":"Deconstructing information sharing","volume":"20","author":"Beynon-Davies","year":"2019","journal-title":"J Assoc Inf Syst"},{"key":"2023052911514014200_bib9","volume-title":"The Threat Intelligence Handbook: Moving Toward a Security Intelligence Program","author":"Pokorny","year":"2019","edition":"2nd edn"},{"key":"2023052911514014200_bib10","doi-asserted-by":"crossref","first-page":"154","DOI":"10.1016\/j.cose.2016.04.003","article-title":"A problem shared is a problem halved: a survey on the dimensions of collective cyber defense through security information sharing","volume":"60","author":"Skopik","year":"2016","journal-title":"Comput Secur"},{"key":"2023052911514014200_bib11","article-title":"CWE: common weaknesses enumeration","author":"MITRE Corporation","year":"2020"},{"key":"2023052911514014200_bib12","article-title":"National vulnerability database","author":"National Institute of Standards and Technology","year":"2020"},{"key":"2023052911514014200_bib13","article-title":"Standardizing cyber threat intelligence information with the structured threat information expression (STIX\u2122)","author":"Barnum","year":"2014"},{"key":"2023052911514014200_bib14","article-title":"The trusted automated eXchange of indicator information (TAXII\u2122)","author":"Connolly","year":"2014"},{"key":"2023052911514014200_bib15","article-title":"ECHO information sharing models. European network of cybersecurity centres and competence Hub for innovation and operations, research and innovation action, European Commission","author":"Rajam\u00e4ki","year":"2019"},{"key":"2023052911514014200_bib16","article-title":"Public cybersecurity and rationalizing information sharing","volume-title":"Opinion Piece for the International Risk Governance Center (IRGC)","author":"Schneider","year":"2016"},{"key":"2023052911514014200_bib17","article-title":"Cybersecurity Information sharing incentives and barriers","author":"Koepke","year":"2017"},{"key":"2023052911514014200_bib18","article-title":"MISP: open source threat intelligence platform & open standards for threat information sharing","author":"MISP Project","year":"2019"},{"key":"2023052911514014200_bib19","doi-asserted-by":"crossref","first-page":"49","DOI":"10.1145\/2994539.2994542","article-title":"MISP: the design and implementation of a collaborative threat intelligence sharing platform","volume-title":"Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security, WISCS","author":"Wagner","year":"2016"},{"key":"2023052911514014200_bib20","doi-asserted-by":"crossref","first-page":"23","DOI":"10.1145\/2808128.2808135","article-title":"ACTRA: a case study for threat information sharing","volume-title":"Proceedings of the 2nd ACM Workshop on Information Sharing and Collaborative Security","author":"Haass","year":"2015"},{"key":"2023052911514014200_bib21","doi-asserted-by":"crossref","first-page":"369","DOI":"10.5220\/0007978103690376","article-title":"The quest for the appropriate cyber-threat intelligence sharing platform","volume-title":"Proceedings of the 8th International Conference on Data Science, Technology and Applications, DATA","author":"Chantzios","year":"2019"},{"key":"2023052911514014200_bib22","first-page":"161","article-title":"Unifying cyber threat intelligence","volume-title":"Trust, Privacy and Security in Digital Business - 16th International Conference, TrustBus, Proceedings, volume 11711 of Lecture Notes in Computer Science Springer","author":"Menges","year":"2019"},{"key":"2023052911514014200_bib23","doi-asserted-by":"crossref","first-page":"43","DOI":"10.1145\/2808128.2808133","article-title":"From cyber security information sharing to threat management","volume-title":"Proceedings of the 2nd ACM Workshop on Information Sharing and Collaborative Security","author":"Brown","year":"2015"},{"key":"2023052911514014200_bib24","article-title":"Report on cyber security information sharing in the energy sector","author":"European Union Agency for Network and Information Security (ENISA)","year":"2016"},{"key":"2023052911514014200_bib25","article-title":"NIST special publication 800-150: guide to cyber threat information sharing","author":"Johnson","year":"2016"},{"key":"2023052911514014200_bib26","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1016\/S1361-3723(14)70469-5","article-title":"Threat intelligence: why people don\u2019t share","volume":"2014","author":"Ring","year":"2014","journal-title":"Comput Fraud Secur"},{"key":"2023052911514014200_bib27","first-page":"63","article-title":"Legal issues related to cyber threat information sharing among private entities for critical infrastructure protection","volume-title":"12th International Conference on Cyber Conflict, CyCon IEEE","author":"Nweke","year":"2020"},{"key":"2023052911514014200_bib28","doi-asserted-by":"crossref","first-page":"35","DOI":"10.1145\/2994539.2994544","article-title":"Private sharing of IOCs and sightings","volume-title":"Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security, WISCS","author":"van\u00a0de\u00a0Kamp","year":"2016"},{"key":"2023052911514014200_bib29","doi-asserted-by":"crossref","first-page":"28","DOI":"10.1007\/978-3-030-21752-5_3","article-title":"Sharing cyber threat intelligence under the general data protection regulation","volume-title":"Privacy Technologies and Policy - 7th Annual Privacy Forum, APF","author":"Albakri","year":"2019"},{"key":"2023052911514014200_bib30","doi-asserted-by":"crossref","first-page":"27","DOI":"10.1145\/2808128.2808134","article-title":"Anonymity vs. trust in cyber-security collaboration","volume-title":"Proceedings of the 2nd ACM Workshop on Information Sharing and Collaborative Security","author":"Murdoch","year":"2015"},{"key":"2023052911514014200_bib31","doi-asserted-by":"crossref","first-page":"9634507:1","DOI":"10.1155\/2018\/9634507","article-title":"A novel trust taxonomy for shared cyber threat intelligence","volume":"2018","author":"Wagner","year":"2018","journal-title":"Secur Commun Netw"},{"key":"2023052911514014200_bib32","doi-asserted-by":"crossref","first-page":"51","DOI":"10.1145\/2663876.2663883","article-title":"Taxonomy model for cyber threat intelligence information exchange technologies","volume-title":"Proceedings of the 2014 ACM Workshop on Information Sharing & Collaborative Security","author":"Burger","year":"2014"},{"key":"2023052911514014200_bib33","doi-asserted-by":"crossref","first-page":"51","DOI":"10.1145\/2808128.2808136","article-title":"UX aspects of threat information sharing platforms: an examination & lessons learned using personas","volume-title":"Proceedings of the 2nd ACM Workshop on Information Sharing and Collaborative Security","author":"Sander","year":"2015"},{"key":"2023052911514014200_bib34","doi-asserted-by":"crossref","first-page":"929","DOI":"10.1111\/isj.12181","article-title":"IT-mediated social interactions and knowledge sharing: role of competence-based trust and background heterogeneity","volume":"28","author":"Qureshi","year":"2018","journal-title":"Inf Syst J"},{"key":"2023052911514014200_bib35","doi-asserted-by":"crossref","first-page":"101607","DOI":"10.1016\/j.cose.2019.101607","article-title":"A framework for competence development and assessment in hybrid cybersecurity exercises","volume":"88","author":"Brilingait\u0117","year":"2020","journal-title":"Comput Secur"},{"key":"2023052911514014200_bib36","first-page":"136","article-title":"What LEGAD needs to know? Analysis of AARs from locked shields (2012\u20132018)","volume-title":"Proceedings of the 19th European Conference on Cyber Warfare and Security","author":"Hara\u0161ta","year":"2020"},{"key":"2023052911514014200_bib37","article-title":"Proposal for a directive of the European parliament and of the council on measures for high common level of cybersecurity across the Union","author":"European Commission","year":"2020"},{"key":"2023052911514014200_bib38","article-title":"Using the system: user guide of MISP malware information sharing platform, a threat sharing platform","author":"MISP User Guide","year":"2020"},{"key":"2023052911514014200_bib39","doi-asserted-by":"crossref","DOI":"10.1145\/3485832.3488030","article-title":"What\u2019s in a cyber threat intelligence sharing platform?: A mixed-methods user experience investigation of MISP","volume-title":"Annual Computer Security Applications Conference (ACSAC\u201921) ACM","author":"Stojkovski","year":"2021"},{"key":"2023052911514014200_bib40","first-page":"324","article-title":"A workflow and toolchain proposal for analyzing users\u2019 perceptions in cyber threat intelligence sharing platforms","volume-title":"IEEE International Conference on Cyber Security and Resilience","author":"Stojkovski","year":"2021"},{"key":"2023052911514014200_bib41","article-title":"Cybersecurity curricula 2017: curriculum guidelines for post-secondary degree programs in cybersecurity","author":"Joint Task Force on Cybersecurity Education","year":"2017"},{"key":"2023052911514014200_bib42","first-page":"144","article-title":"National initiative for cybersecurity education (NICE) cybersecurity workforce framework","volume":"800-181","author":"Newhouse","year":"2017","journal-title":"NIST Spec Publ"},{"key":"2023052911514014200_bib43","first-page":"18","article-title":"NICE framework competencies: assessing learners for cybersecurity work","author":"Wetzel"}],"container-title":["Journal of Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article-pdf\/8\/1\/tyac001\/50476500\/tyac001.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article-pdf\/8\/1\/tyac001\/50476500\/tyac001.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,5,29]],"date-time":"2023-05-29T11:52:22Z","timestamp":1685361142000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article\/doi\/10.1093\/cybsec\/tyac001\/6516499"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,1,1]]},"references-count":43,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2022,1,28]]}},"URL":"https:\/\/doi.org\/10.1093\/cybsec\/tyac001","relation":{},"ISSN":["2057-2085","2057-2093"],"issn-type":[{"value":"2057-2085","type":"print"},{"value":"2057-2093","type":"electronic"}],"subject":[],"published-other":{"date-parts":[[2022,1,1]]},"published":{"date-parts":[[2022,1,1]]},"article-number":"tyac001"}}