隨著網路攻擊技術的發展和日益嚴峻的安全威脅,政府成立了資安資訊共享與分析中心(ISAC),透過資訊分享和回饋機制增強成員的防禦能力。本研究探討個案組織如何確認威脅情資的終結或緩解並提出改進建議。研究方法包括文獻回顧、資訊安全領域的個案生命週期比較、個案組織處理威脅情資的流程分析、威脅情資生成業者訪談等,建立並確認威脅情資生命週期架構。
研究結果表明,兩個組織的威脅情資生命週期高度相似,時間可以用來驗證情資的有效性並確認情資的終結或緩解。本研究有四點貢獻:一、基於個案組織面臨的實際問題,提出了威脅情資生命週期,明確了威脅情資生命週期各階段的業務內容和工作項目;二、針對日益累積的威脅態勢,提出終結或緩解威脅情資的具體方法;三、整合威脅情資生成業者和個案組織的威脅情資生命週期,提出螺旋式威脅情資生命週期;四、研究結果能夠回應本研究的動機和目的。對於個案組織在處理威脅情資時面臨的七個問題的解決或緩解方法,可以在其相對應階段使用本研究成果的螺旋式威脅情資生命週期,尋找解決或緩解這七個問題的方法。
With the development of cyber-attack technology and increasingly severe security threats, the government established the Information Sharing and Analysis Center (ISAC) to enhance members' defense capabilities through intelligence sharing and feedback mechanisms. This study investigates how case organizations confirm the ter-mination or mitigation of threat intelligence and recommends improvements. Research methods include literature review, case life cycle comparison in network security, analysis of the process of handling threat intelligence by case organizations, interviews with threat intelligence generators, etc., to establish and confirm the threat intelligence life cycle framework.
The research results show that the threat intelligence life cycle of the two organi-zations is highly similar. Time can be used to verify the intelligence's effectiveness and confirm the intelligence's termination or mitigation. This study makes four contribu-tions: 1. Based on the practical problems faced by the case organization, the threat in-telligence life cycle is proposed, and the business content and work items of each threat intelligence life cycle stage are clarified; 2. In response to the increasingly ac-cumulated threat situation, we propose specific methods for ending or mitigating threat intelligence; 3. Integrating the threat intelligence life cycle of threat intelligence gen-erators and threat intelligence processing organizations and proposing a "Spiral threat intelligence life cycle." 4. The research results can respond to the motivation and pur-pose of this study. For the solutions or relief methods to the seven problems faced by the case organization when dealing with threat intelligence, the spiral threat intelli-gence lifecycle through the results of this research can be used in its corresponding stages. Find ways to resolve or soothe these seven problems.
