Cluster of Cyber-Physical Threat Intelligence (CPTI) information and relationships for the infrastructures of the financial sector.
The FINSEC Security Knowledge Base is based on Cyber Threat Intelligence (CTI) information collected from different publicly available sources of relevant threat intelligence, including Common Vulnerabilities and Exposures (CVE) databases, MITRE Common Attack Pattern Enumeration and Classification (CAPEC) patterns and existing OVAL specifications. The content of the SKB is stored as FINSTIX Domain Objects, that can represent both the CTI information and the physical and cyber assets of the financial infrastructures.
Users adopting the FINSEC Security Knowledge Base are facilitated in the detection, analysis and estimation of the adverse consequences of safety-critical cyber-physical attacks in a timely manner.
Currently, the SKB is also browsable through a basic visual interface. The latter simply presents the list of the objects contained in the SKB, allowing to retrieve the details of a specific object and a graph representing the relationships with the other objects contained in the Security Knowledge Base.
In addition, the content of the SKB is consumed by the FINSEC Dashboard, which shows the vulnerabilities, the threats and the risks the aflict the financial infrastructure assets.
The mainly novelty of the FINSEC Security Knowledge Base lies in its coverage of both cyber and physical threats for the infrastructures of the financial sector. Specifically, the knowledge base is populated with widely known cyber and physical attack patterns, as well as combinations of threat intelligence involving both cyber and physical threats. Hence, it enables correlation of physical and cyber events and facilitates the discovery of joined/combined attacks against financial infrastructures.