Incident taxonomy analysis on MISP using a quantitative threat assessment approach

Prioritizing cyber threats is essential to security systems as the number of cyber threats grows. Cyberthreat prioritization helps determine the appropriate response in addressing an incident. Assessing the severity level of cyber threats is one approach that can be used. This assessment process can utilize an incident taxonomy found in the threat intelligence platform. One of the widely used platforms is Malware Information Sharing Platform (MISP), an open-source threat-intelligence platform used to collaborate, share, and store Indicator of Compromise (IoC) of an incident. However, an incident taxonomy should have a numerical value in order to use it as a parameter in incident severity score calculation. Therefore, it is necessary to analyze and process the taxonomy data. This research analyzes incident taxonomy to generate numerical values representing the severity score of each taxonomy in numerical form using the existing quantitative threat assessment method. Thus, the incident taxonomy can be used as a parameter for calculating the severity score of occurred incidents. © 2023 Author(s).