{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,20]],"date-time":"2026-06-20T09:05:38Z","timestamp":1781946338155,"version":"3.54.5"},"reference-count":42,"publisher":"MDPI AG","issue":"1","license":[{"start":{"date-parts":[[2020,3,6]],"date-time":"2020-03-06T00:00:00Z","timestamp":1583452800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/100010661","name":"Horizon 2020","doi-asserted-by":"publisher","award":["740723"],"award-info":[{"award-number":["740723"]}],"id":[{"id":"10.13039\/100010661","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Computers"],"abstract":"<jats:p>Threat intelligence helps businesses and organisations make the right decisions in their fight against cyber threats, and strategically design their digital defences for an optimised and up-to-date security situation. Combined with advanced security analysis, threat intelligence helps reduce the time between the detection of an attack and its containment. This is achieved by continuously providing information, accompanied by data, on existing and emerging cyber threats and vulnerabilities affecting corporate networks. This paper addresses challenges that organisations are bound to face when they decide to invest in effective and interoperable cybersecurity information sharing and categorises them in a layered model. Based on this, it provides an evaluation of existing sources that share cybersecurity information. The aim of this research is to help organisations improve their cyber threat information exchange capabilities, to enhance their security posture and be more prepared against emerging threats.<\/jats:p>","DOI":"10.3390\/computers9010018","type":"journal-article","created":{"date-parts":[[2020,3,6]],"date-time":"2020-03-06T09:26:41Z","timestamp":1583486801000},"page":"18","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":58,"title":["Interoperability Challenges in the Cybersecurity Information Sharing Ecosystem"],"prefix":"10.3390","volume":"9","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-2453-3904","authenticated-orcid":false,"given":"Konstantinos","family":"Rantos","sequence":"first","affiliation":[{"name":"Department of Computer Science, International Hellenic University, Agios Loukas, 654 04 Kavala, Greece"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4681-104X","authenticated-orcid":false,"given":"Arnolnt","family":"Spyros","sequence":"additional","affiliation":[{"name":"Innovative Secure Technologies, 60 Monastiriou, 546 27 Thessaloniki, Greece"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0251-0990","authenticated-orcid":false,"given":"Alexandros","family":"Papanikolaou","sequence":"additional","affiliation":[{"name":"Innovative Secure Technologies, 60 Monastiriou, 546 27 Thessaloniki, Greece"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2158-192X","authenticated-orcid":false,"given":"Antonios","family":"Kritsas","sequence":"additional","affiliation":[{"name":"Department of Computer Science, International Hellenic University, Agios Loukas, 654 04 Kavala, Greece"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8084-4339","authenticated-orcid":false,"given":"Christos","family":"Ilioudis","sequence":"additional","affiliation":[{"name":"Department of Information and Electronic Engineering, International Hellenic University, Sindos, 574 00 Thessaloniki, Greece"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6132-3004","authenticated-orcid":false,"given":"Vasilios","family":"Katos","sequence":"additional","affiliation":[{"name":"Department of Computing and Informatics, Bournemouth University, Poole BH12 5BB, UK"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"1968","published-online":{"date-parts":[[2020,3,6]]},"reference":[{"key":"ref_1","unstructured":"Bissell, K., LaSalle, R.M., and Dal Cin, P. (2020, March 03). The cost of cybercrime\u2014Ninth annual cost of cybercrime study. Technical report, Accenture, 2019. Independently conducted by Ponemon Institute LLC and jointly developed by Accenture. Available online: https:\/\/www.accenture.com\/_acnmedia\/pdf-96\/accenture-2019-cost-of-cybercrime-study-final.pdf."},{"key":"ref_2","unstructured":"Kellermann, T., and Young, B. (2020, March 03). Modern Bank Heists: The Bank Robbery Shifts to Cyberspace. Technical report, Carbon Black, OPTIV, 2019. Available online: https:\/\/www.carbonblack.com\/resources\/threat-research\/modern-bank-heists-the-bank-robbery-shifts-to-cyberspace\/."},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Johnson, C.S., Badger, M.L., Waltermire, D.A., Snyder, J., and Skorupka, C. (2016). Guide to Cyber Threat Information Sharing, National Institute of Standards and Technology. Special Publication (SP) 800-150.","DOI":"10.6028\/NIST.SP.800-150"},{"key":"ref_4","unstructured":"Brown, R., and Lee, R.M. (2020, March 03). The Evolution of Cyber Threat Intelligence (CTI): 2019 SANS CTI Survey, 2019. SANS Institute. Available online: https:\/\/www.sans.org\/reading-room\/whitepapers\/threats\/paper\/38790."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"212","DOI":"10.1016\/j.cose.2017.09.001","article-title":"A survey on technical threat intelligence in the age of sophisticated cyber attacks","volume":"72","author":"Tounsi","year":"2018","journal-title":"Comput. Secur."},{"key":"ref_6","unstructured":"European Parliament and Council (2020, March 03). Directive (EU) 2016\/1148 concerning measures for a high common level of security of network and information systems across the Union. Official Journal of the European Union. Available online: https:\/\/eur-lex.europa.eu\/eli\/dir\/2016\/1148\/oj."},{"key":"ref_7","unstructured":"European Telecommunications Standards Institute (ETSI) (2017). CYBER; Implementation of the Network and Information Security (NIS) Directive, European Telecommunications Standards Institute. TR 103 456."},{"key":"ref_8","unstructured":"ENISA (2020, March 03). CSIRTs in Europe. Available online: https:\/\/www.enisa.europa.eu\/topics\/csirts-in-europe\/csirt-inventory."},{"key":"ref_9","unstructured":"US Department of Homeland Security (2020, March 03). Cyber Information Sharing and Collaboration Program (CISCP), Available online: https:\/\/www.cisa.gov\/ciscp."},{"key":"ref_10","unstructured":"US Department of Homeland Security (2020, March 03). Automated Indicator Sharing (AIS), Available online: https:\/\/www.cisa.gov\/automated-indicator-sharing-ais."},{"key":"ref_11","unstructured":"ODNI (2020, March 03). A Guide to Cyber Attribution. Office of the Director of National Intelligence, 2018, Available online: https:\/\/www.dni.gov\/files\/CTIIC\/documents\/ODNI_A_Guide_to_Cyber_Attribution.pdf."},{"key":"ref_12","unstructured":"Chismon, D., and Ruks, M. (2020, March 03). Threat Intelligence: Collecting, Analysing, Evaluating. MWR InfoSecurity, Whitepaper, 2015. Available online: https:\/\/www.foo.be\/docs\/informations-sharing\/Threat-Intelligence-Whitepaper.pdf."},{"key":"ref_13","unstructured":"ENISA (2014). Actionable Information for Security Incident Response, European Union Agency for Network and Information Security. Available online: https:\/\/www.enisa.europa.eu\/publications\/actionable-information-for-security\/at_download\/fullReport."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Burger, E.W., Goodman, M.D., Kampanakis, P., and Zhu, K.A. (2014, January 23\u201325). Taxonomy Model for Cyber Threat Intelligence Information Exchange Technologies. Proceedings of the 2014 ACM Workshop on Information Sharing & Collaborative Security, Vienna, Austria.","DOI":"10.1145\/2663876.2663883"},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"154","DOI":"10.1016\/j.cose.2016.04.003","article-title":"A problem shared is a problem halved: A survey on the dimensions of collective cyber defense through security information sharing","volume":"60","author":"Skopik","year":"2016","journal-title":"Comput. Secur."},{"key":"#cr-split#-ref_16.1","doi-asserted-by":"crossref","unstructured":"European Parliament and Council (2016). Regulation","DOI":"10.59403\/1v8s9t8"},{"key":"#cr-split#-ref_16.2","unstructured":"(EU) 2016\/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95\/46\/EC (General Data Protection Regulation). Off. J. Eur. Union L, 119, 1-88. Available online: http:\/\/eur-lex.europa.eu\/legal-content\/en\/TXT\/?uri=CELEX%3A32016R0679."},{"key":"ref_17","unstructured":"ISO Central Secretary (2015). ISO\/IEC 27010:2015: Information Technology\u2014Security Techniques\u2014Information Security Management for Inter-Sector and Inter-Organizational Communications, International Organization for Standardization. Standard."},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Schaberreiter, T., Kupfersberger, V., Rantos, K., Spyros, A., Papanikolaou, A., Ilioudis, C., and Quirchmayr, G. (2019, January 26\u201329). A Quantitative Evaluation of Trust in the Quality of Cyber Threat Intelligence Sources. Proceedings of the 14th International Conference on Availability, Reliability and Security, Canterbury, UK.","DOI":"10.1145\/3339252.3342112"},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"59","DOI":"10.1145\/1880153.1880163","article-title":"CYBEX \u2013 The Cybersecurity Information Exchange Framework (X. 1500)","volume":"40","author":"Rutkowski","year":"2010","journal-title":"Comput. Commun. Rev."},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Sadique, F., Bakhshaliyev, K., Springer, J., and Sengupta, S. (2019, January 7\u20139). A System Architecture of Cybersecurity Information Exchange with Privacy (CYBEX-P). Proceedings of the 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC), Las Vegas, NV, USA.","DOI":"10.1109\/CCWC.2019.8666600"},{"key":"ref_21","unstructured":"Bishop, M., Bhumiratana, B., Crawford, R., and Levitt, K. (2004, January 14\u201316). How to sanitize data?. Proceedings of the 13th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, Modena, Italy."},{"key":"ref_22","unstructured":"ISAO Standards Organization (2019). ISAO 300-2: Automated Cyber Threat Intelligence Sharing, ISAO Standards Organization. Standard."},{"key":"ref_23","unstructured":"FIRST (2020, March 03). Traffic Light Protocol (TLP), FIRST Standards Definitions and Usage Guidance\u2014Version 1.0. Forum of Incident Response and Security Teams (FIRST). Available online: https:\/\/www.first.org\/tlp\/docs\/tlp-v1.pdf."},{"key":"ref_24","unstructured":"FIRST (2020, March 03). Information Exchange Policy Framework, Version 1.0. Forum of Incident Response and Security Teams (FIRST). Available online: https:\/\/www.first.org\/iep\/."},{"key":"ref_25","unstructured":"OASIS (2020, March 03). Structured Threat Information Expression (STIX). Available online: https:\/\/www.oasis-open.org\/committees\/tc_home.php?wg_abbrev=cti."},{"key":"ref_26","unstructured":"MITRE (2020, March 03). Cyber Observable eXpression. A Structured Language for Cyber Observables (CybOX). Available online: https:\/\/cybox.mitre.org\/about\/."},{"key":"ref_27","unstructured":"(2020, March 03). Malware Information Sharing Platform (MISP). Available online: https:\/\/www.misp-project.org\/."},{"key":"ref_28","unstructured":"MITRE (2020, March 03). Common Attack Pattern Enumeration and Classification (CAPEC). Available online: https:\/\/capec.mitre.org\/index.html."},{"key":"ref_29","unstructured":"(2020, March 03). Malware Attribute Enumeration and Characterization (MAEC). Available online: https:\/\/maecproject.github.io\/."},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Danyliw, R. (2020, March 03). The Incident Object Description Exchange Format Version 2. RFC 7970, 2016. Available online: https:\/\/tools.ietf.org\/html\/rfc7970.","DOI":"10.17487\/RFC7970"},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Kampanakis, P., and Suzuki, M. (2020, March 03). Incident Object Description Exchange Format Usage Guidance. RFC 8274, 2017. Available online: https:\/\/tools.ietf.org\/html\/rfc8274.","DOI":"10.17487\/RFC8274"},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Debar, H., Curry, D., and Feinstein, B. (2020, March 03). The Intrusion Detection Message Exchange Format (IDMEF). RFC 4765, 2007. Available online: https:\/\/tools.ietf.org\/html\/rfc4765.","DOI":"10.17487\/rfc4765"},{"key":"ref_33","unstructured":"(2020, March 03). Characterizing Malware with MAEC and STIX, Version 1.0, 2014. Available online: https:\/\/stixproject.github.io\/about\/Characterizing_Malware_MAEC_and_STIX_v1.0.pdf."},{"key":"ref_34","unstructured":"OASIS (2019). stix2-elevator Documentation, OASIS Open. Release 1.0.0."},{"key":"ref_35","unstructured":"OASIS (2020, March 03). stix2-elevator \u2013 Mappings from STIX 1.x to STIX 2.x. Available online: https:\/\/stix2-elevator.readthedocs.io\/en\/latest\/stix-mappings.html."},{"key":"ref_36","unstructured":"Common Vulnerability Reporting Framework (CVRF) (2020, March 03). Version 1.2. OASIS Common Security Advisory Framework (CSAF). Available online: http:\/\/docs.oasis-open.org\/csaf\/csaf-cvrf\/v1.2\/csaf-cvrf-v1.2.html\/."},{"key":"ref_37","unstructured":"OASIS (2020, March 03). TAXIITM Version 2.0, Working Draft 02. OASIS standard, 2017. Available online: https:\/\/www.oasis-open.org\/committees\/cti\/."},{"key":"ref_38","doi-asserted-by":"crossref","unstructured":"Field, J., Banghart, S., and Waltermire, D. (2020, March 03). Resource-Oriented Lightweight Information Exchange (ROLIE). RFC 8322, 2018. Available online: https:\/\/tools.ietf.org\/html\/rfc8322.","DOI":"10.17487\/RFC8322"},{"key":"ref_39","unstructured":"Banghart, S., and Field, J. (2020, March 03). Definition of ROLIE CSIRT Extension. Internet-Draft draft-ietf-mile-rolie-csirt-05, IETF Secretariat, 2019. Available online: http:\/\/www.ietf.org\/internet-drafts\/draft-ietf-mile-rolie-csirt-05.txt."},{"key":"ref_40","unstructured":"Banghart, S. (2020, March 03). Definition of the ROLIE Vulnerability Extension. Internet-Draft draft-ietf-mile-rolie-vuln-02, IETF Secretariat, 2019. Available online: http:\/\/www.ietf.org\/internet-drafts\/draft-ietf-mile-rolie-vuln-02.txt."},{"key":"ref_41","unstructured":"ENISA (2020, March 03). State of Vulnerabilities 2018\/2019\u2014Analysis of Events in the Life of Vulnerabilities. Technical report, European Union Agency for Network and Information Security, 2019. Available online: https:\/\/www.enisa.europa.eu\/publications\/technical-reports-on-cybersecurity-situation-the-state-of-cyber-security-vulnerabilities\/."}],"container-title":["Computers"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2073-431X\/9\/1\/18\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T09:04:42Z","timestamp":1760173482000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2073-431X\/9\/1\/18"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,3,6]]},"references-count":42,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2020,3]]}},"alternative-id":["computers9010018"],"URL":"https:\/\/doi.org\/10.3390\/computers9010018","relation":{},"ISSN":["2073-431X"],"issn-type":[{"value":"2073-431X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,3,6]]}}}