PROTECTIVE will develop a “Knowledge Exchange” to facilitate the sharing of threat intelligence (TI) and will apply this to the NREN domain to significantly improve the degree of TI sharing. It will develop novel approaches to assessing data quality trust in order to improve acceptance and usage of TI.
PROTECTIVE will develop tools to allow both internal and external CSIRTs to model their mission and constituency (i.e. assets) and to link these together to indicate the criticality of assets to the organisation.
PROTECTIVE will apply several novel techniques to the development of security alert prioritisation. The prioritisation framework algorithms will utilize several different alert attributes, including context awareness, to determine the ranking of the alerts.
PROTECTIVE will develop a novel requirements modelling approach to capture the CSIRT security operations work-flow in order to understand their concepts and processes and hence develop an optimised workflow for the implementation of the PROTECTIVE solution.