A Systematic Mapping Study on Cyber Security Indicator Data
Peer reviewed, Journal article
Published version
View/ Open
Date
2021Metadata
Show full item recordCollections
- Publikasjoner fra CRIStin - SINTEF AS [5911]
- SINTEF Digital [2550]
Original version
10.3390/electronics10091092Abstract
A security indicator is a sign that shows us what something is like or how a situation is
changing and can aid us in making informed estimations on cyber risks. There are many different
breeds of security indicators, but, unfortunately, they are not always easy to apply due to a lack
of available or credible sources of data. This paper undertakes a systematic mapping study on the
academic literature related to cyber security indicator data. We identified 117 primary studies from
the past five years as relevant to answer our research questions. They were classified according to a
set of categories related to research type, domain, data openness, usage, source, type and content.
Our results show a linear growth of publications per year, where most indicators are based on free
or internal technical data that are domain independent. While these indicators can give valuable
information about the contemporary cyber risk, the increasing usage of unconventional data sources
and threat intelligence feeds of more strategic and tactical nature represent a more forward-looking
trend. In addition, there is a need to take methods and techniques developed by the research
community from the conceptual plane and make them practical enough for real-world application.