Governance of cybersecurity communities

Understanding threat intelligence sharing as a collective action problem through incentivization of the National Detection Network

Master Thesis (2018)
Author(s)

X.B. Bouwman (TU Delft - Technology, Policy and Management)

Contributor(s)

Michel Van Eeten – Mentor

ME Warnier – Graduation committee member

Faculty
Technology, Policy and Management
Copyright
© 2018 Xander Bouwman
More Info
expand_more
Publication Year
2018
Language
English
Copyright
© 2018 Xander Bouwman
Graduation Date
25-09-2018
Awarding Institution
Delft University of Technology
Programme
['Complex Systems Engineering and Management (CoSEM)']
Faculty
Technology, Policy and Management
Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Abstract

Organizations benefit from improved cybersecurity threat detection capabilities if they share information in a community of their peers. However, organizations are unlikely to share the sensitive information that is most valuable as this poses individual risks. Information sharing in cybersecurity communities therefore forms a collective action problem. Currently, cybersecurity information sharing is being studied primarily as a technological challenge. Drawing on theory from economics and the social sciences, this study proposes governance requirements to overcome individual interests and improve information sharing. These are used to design a governance structure for the case of the National Detection Network, a cybersecurity community initiated by the government of the Netherlands. The proposed governance meets interests of parties through a process of interactive decision-making in four phases, while incentivizing sharing of cybersecurity information. Lessons are drawn from the case for cybersecurity communities in general.

Files

License info not available