Relationship Between Threat Modelling, Cyber Threat Intelligence, and Cyber Resilience: a Systematic Literature Review
Purpose:
This research aims to examine the relationship between threat modelling, cyber threat intelligence (CTI), and cyber resilience conceptualized in the recent literature. Current literature reviews focus mainly on each domain and do not examine their relationship.
Design/Methods/Approach:
We conducted a systematic literature review of academic journals and conference papers published after 2018. We queried three databases: IEEE Xplore, Scopus, and Web of Science, and used data synthesis to extrapolate key insights.
Findings:
Our research indicates that both threat modelling and cyber threat intelligence can contribute to enhancing cyber resilience. Some indications suggest that integrating cyber threat intelligence and threat modelling might have synergistic benefits for strengthening cyber resilience, but more research is needed to explore the potential synergies between them. We propose a conceptual model where threat modelling and cyber threat intelligence work together in a complementary manner to strengthen cyber resilience. Threat intelligence provides the latest threat context to inform threat modelling. In contrast, threat modelling provides a structured approach for prioritizing and addressing the most critical threats identified through cyber threat intelligence.
Research Limitations / Implications:
This article focuses only on threat modelling and cyber threat intelligence in relation to cyber resilience. The research was limited to academic journals and conference papers published after 2018.
Value:
The findings of the article offer insight into how recent research addresses the relations between threat modelling and cyber threat intelligence in the context of cyber resilience, and the conceptual model is proposed where threat modelling and cyber threat intelligence work together in a complementary manner to strengthen cyber resilience.
UDC: 004.056.53
Keywords: threat modelling, cyber threat intelligence, cyber resilience, cyber security