Date of Conferral

11-14-2024

Degree

Doctor of Information Technology (D.I.T.)

School

Management

Advisor

Dr. Jon McKeeby

Abstract

Ransomware cyberattacks on critical infrastructure can disrupt critical services with the capacity to impact human lives. Some security operations center (SOC) analysts feel overwhelmed by the influx of threat indicators of compromise (IoC), making it challenging to discern which alerts are significant for their organization. Grounded in John Boyd's OODA (Observe, Orient, Decide, Act) theoretical framework, the purpose of this quantitative correlational study was to examine the relationship between cyber threat intelligence (CTI) and critical infrastructure assets on information technology critical infrastructure attacks. Data were collected by ingesting information from a U.S. CTI vendor and alerting IoCs related to critical infrastructure assets from trusted open-source intelligence sources. The analysis using the Jaccard index and Cosine similarity revealed a strong, positive association between the size of CTI data and the number of matching Alert IoCs. When the CTI data increased from 8K to 328.7K IoCs, the number of matches rose significantly from 55 to 138. This relationship is supported by a high Jaccard index of 0.793 and a cosine similarity of 0.891, indicating strong similarity between CTI data and the resulting Alert IoCs. A key recommendation for IT leaders is integrating CTI into the organization's cybersecurity application with OODA loop automation, CTI threat monitoring, and meaningful alerts. The implications for positive social change include the potential to provide SOC analysts with fast-acting mitigation responses, preventing disruptions in critical infrastructure services to the local community.

Download

Share

 
COinS