Reference Model to Identify the Maturity Level of Cyber Threat Intelligence on the Dark Web

Abstract

In this article, we propose a reference model to identify the maturity level of the cyber intelligence threat process. This proposal considers the dark web as an important source of cyber threats causing a latent risk that organizations do not consider in their cybersecurity strategies. The proposed model aims to increase the maturity level of the process through a set of proposed controls according to the information found on the dark web. The model consists of three phases: (1) Identification of information assets using cyber threat intelligence tools. (2) Diagnosis of the exposure of information assets. (3) Proposal of controls according to the proposed categories and criteria. The validation of the proposal was carried out in an insurance institution in Lima, Peru, with data obtained by the institution. The measurement was made with artifacts that allowed to obtain an initial value of the current panorama of the company. Preliminary results showed 196 emails and passwords exposed on the dark web of which one corresponded to the technology manager of the company under evaluation. With this identification, it was diagnosed that the institution was at a “Normal” maturity level, and from the implementation of the proposed controls, the “Advanced” level was reached.