More Web Proxy on the site http://driver.im/

research-article

Open access

Sharing Communities: The Good, the Bad, and the Ugly

Authors:

Thomas SchreckAuthors Info & Claims

CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security

Pages 2755 - 2769

https://doi.org/10.1145/3576915.3623144

Published: 21 November 2023 Publication History

Abstract

There are many mysteries surrounding sharing communities, mainly due to their hidden workings and the complexity of joining. Nevertheless, these communities are critical to the security ecosystem, so a more profound understanding is necessary. In addition, they face challenges such as building trust, communicating effectively, and addressing social problems.

This work aims to understand better the working methods, organizational structures, goals, benefits, and challenges of sharing communities to help improve their effectiveness and efficiency. To achieve this goal, we conducted video interviews with 25 experts from different countries worldwide who participate in various types of sharing communities. In addition, we applied socio-technical systems (STS) theory in our analysis process to elaborate on our findings from the interviews, identify correlations between them, and explore the interrelationships between social and technical elements of sharing communities.

Our findings underscore the need for a holistic view of how sharing communities work. Instead of looking at individual aspects in isolation, considering the interrelationships between the different elements, especially the social, is crucial. This holistic perspective allows us to understand better the complexity and dynamics of sharing communities and how they can function effectively and efficiently. The findings of this study provide valuable impetus for the further development of sharing communities and can serve as a basis for future research.

References

[1]

Xander Bouwman, Harm Griffioen, Jelle Egbers, Christian Doerr, Bram Klievink, and Michel van Eeten. 2020. A different cup of TI? The added value of commercial threat intelligence. In 29th USENIX Security Symposium (USENIX Security. USENIX Association, USA, 433--450. https://www.usenix.org/conference/ usenixsecurity20/presentation/bouwman

[2]

Xander Bouwman, Victor Le Pochat, Pawel Foremski, Tom Van Goethem, Carlos H. Ganan, Giovane C. M. Moura, Samaneh Tajalizadehkhoob, Wouter Joosen, and Michel van Eeten. 2022. Helping hands: Measuring the impact of a large threat intelligence sharing community. In 31st USENIX Security Symposium (USENIX Security 22). USENIX Association, Boston, MA, 1149--1165. https://www.usenix.org/conference/usenixsecurity22/presentation/bouwman

[3]

G. A. Bowen. 2008. Naturalistic inquiry and the saturation concept: a research note. Qualitative Research 8, 1 (2008), 137--152. https://doi.org/10.1177/ 1468794107085301

[4]

Rose Challenger and Chris W. Clegg. 2011. Crowd disasters: a socio-technical systems perspective. Contemporary Social Science 6, 3 (2011), 343--360. https: //doi.org/10.1080/21582041.2011.619862

[5]

Albert Cherns. 1976. The principles of sociotechnical design. Human relations 29, 8 (1976), 783--792.

[6]

Thomas Y Choi, Kevin J Dooley, and Manus Rungtusanatham. 2001. Supply networks and complex adaptive systems: control versus emergence. Journal of Operations Management 19, 3 (2001), 351--366. https://doi.org/10.1016/S0272-6963(00)00068-1

Digital Library

[7]

Chris W. Clegg, Mark A. Robinson, Matthew C. Davis, Lucy E. Bolton, Rebecca L. Pieniazek, and Alison McKay. 2017. Applying organizational psychology as a design science: A method for predicting malfunctions in socio-technical systems (PreMiSTS). Design Science 3 (2017), e6. https://doi.org/10.1017/dsj.2017.4

[8]

Central University Research Ethics Committee (CUREC). 2020. Elite and Expert Interviewing: Best Practice Guidance 03_Version 4.0. University of Oxford.

[9]

Matthew C. Davis, Rose Challenger, Dharshana N.W. Jayewardene, and Chris W. Clegg. 2014. Advancing socio-technical systems thinking: A call for bravery. Applied Ergonomics 45, 2, Part A (2014), 171--180. https://doi.org/10.1016/j.apergo. 2013.02.009 Advances in Socio-Technical Systems Understanding and Design: A Festschrift in Honour of K.D. Eason.

[10]

FIRST. 2023. FIRST History. https://www.first.org/about/history

[11]

Cornelia Helfferich. 2011. Die Qualität qualitativer Daten (The quality of qualitative data). Vol. 4. Springer, Germany.

[12]

Software Engineering Institute. 2023. The CERT Division | Software Engineering Institute. https://www.sei.cmu.edu/about/divisions/cert/index.cfm

[13]

Neil Johnson. 2009. Simply complexity: A clear guide to complexity theory. Simon and Schuster, England.

[14]

Thomas Kinsella. 2022. Why Your Security Analysts Are Leaving and What You Can Do to Retain Them. https://www.first.org/resources/papers/cti22-berlin/Thomas-Kinsella.pdf

[15]

Nina A. Kollars and Andrew Sellers. 2016. Trust and information sharing: ISACs and U.S. Policy. Journal of Cyber Policy 1, 2 (2016), 265--277. https://doi.org/10. 1080/23738871.2016.1229804 arXiv:https://doi.org/10.1080/23738871.2016.1229804

[16]

Jan Kruse and Christian Schmieder. 2014. Qualitative interviewforschung (Qualitative interview research). Beltz Juventa, Germany.

[17]

Udo Kuckartz. 2007. Einführung in die computergestützte Analyse qualitativer Daten (Introduction to computer-assisted analysis of qualitative data).

[18]

Udo Kuckartz. 2018. Qualitative Inhaltsanalyse. Methoden, Praxis, Computerunterstützung, 4. Aufl. (Qualitative content analysis. Methods, Practice, Computer Support, 4th ed.) Beltz Juventa.

[19]

George Lawton. 2009. On the Trail of the ConfickerWorm. Computer 42, 6 (2009), 19--22. https://doi.org/10.1109/MC.2009.198

Digital Library

[20]

HJ Leavitt and JG March. 1965. Applied Organisational Change in industry: Structural, Technological and Humanistic Approaches, Carnegie Institute of Technology. Graduate School of Industrial Administration 1st edition, 1 (1965), 1144--1170.

[21]

Adobe Systems Software Ireland Limited. 2022. Audio and video editing software, Version 22.5 (Build 62). https://www.adobe.com/

[22]

Bryan Marshall, Peter Cardon, Amit Poddar, and Renee Fontenot. 2013. Does Sample Size Matter in Qualitative Research?: A Review of Qualitative Interviews in is Research. Journal of Computer Information Systems 54, 1 (2013), 11--22. https://doi.org/10.1080/08874417.2013.11645667

[23]

MISP. 2023. MISP Open Source Threat Intelligence Platform; Open Standards For Threat Information Sharing. https://www.misp-project.org/

[24]

Hilarie Orman. 2003. The Morris worm: A fifteen-year perspective. IEEE Security & Privacy 1, 5 (2003), 35--43.

Digital Library

[25]

Hideyuki Tanaka, Kanta Matsuura, and Osamu Sudoh. 2005. Vulnerability and information security investment: An empirical analysis of e-local government in Japan. Journal of Accounting and Public Policy 24, 1 (2005), 37--59.

[26]

Thomas D Wagner, Khaled Mahbub, Esther Palomar, and Ali E Abdallah. 2019. Cyber threat intelligence sharing: Survey and research directions. Computers & Security 87 (2019), 101589.

Digital Library

[27]

Adam Zibak and Andrew Simpson. 2018. Can We Evaluate the Impact of Cyber Security Information Sharing? 2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA) (2018), 1--2. https://doi. org/10.1109/cybersa.2018.8551462

[28]

Adam Zibak and Andrew Simpson. 2019. Cyber Threat Information Sharing. Proceedings of the 14th International Conference on Availability, Reliability and Security (2019), 1--9. https://doi.org/10.1145/3339252.3340528

Digital Library

[29]

Adam Zibak and Andrew Simpson. 2019. Towards Better Understanding of Cyber Security Information Sharing. 2019 International Conference on Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA) (2019), 1--8. https://doi.org/10.1109/cybersa.2019.8899697

[30]

Inc. Zoom Video Communications. 2022. Video conferencing software, Version 5.10.6 (5889). http://zoom.us/

Cited By

Geras TSchreck T(2024)The "Big Beast to Tackle": Practices in Quality Assurance for Cyber Threat IntelligenceProceedings of the 27th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3678890.3678903(337-352)Online publication date: 30-Sep-2024
https://dl.acm.org/doi/10.1145/3678890.3678903
Baumer TGrill JAdan JPernul G(2024)A Trust and Reputation System for Examining Compliance with Access ControlProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3670883(1-10)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3670883
Hiesgen RNawrocki MBarcellos MKopp DHohlfeld OChan EDobbins RDoerr CRossow CThomas DJonker MMok RLuo XKristoff JSchmidt TWählisch Mclaffy kVallina-Rodríguez NSuarez-Tángil GLevin DPelsser C(2024)The Age of DDoScovery: An Empirical Comparison of Industry and Academic DDoS AssessmentsProceedings of the 2024 ACM on Internet Measurement Conference10.1145/3646547.3688451(259-279)Online publication date: 4-Nov-2024
https://dl.acm.org/doi/10.1145/3646547.3688451
Show More Cited By

Index Terms

Sharing Communities: The Good, the Bad, and the Ugly
1. Security and privacy
  1. Human and societal aspects of security and privacy
    1. Economics of security and privacy
    2. Social aspects of security and privacy

Recommendations

Examining information sharing in social networking communities

We investigated social networking communities users' social capital elements and information sharing behaviors.Information sharing behaviors were measured by the lens of identity-and bond-based attachment.We conduct surveys and apply structural equation ...
People who create knowledge sharing communities
JSAI'06: Proceedings of the 20th annual conference on New frontiers in artificial intelligence

Web-based knowledge sharing communities, which are supported by countless voluntary Internet users, are in widespread use in our lives. In one of these communities, Yahoo! Chiebukuro, one of the most famous web-based knowledge sharing communities in ...
An Investigation of Knowledge Sharing Behaviors of Students on an Online Community of Practice
ICIET '17: Proceedings of the 5th International Conference on Information and Education Technology

One typically expects that sharing and re-use of information improve both quality and process cost effectiveness. To explore this in a learning environment, we have developed the UnRizkNow forum. The purpose of this study is to investigate the students' ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security

November 2023

3722 pages

ISBN:9798400700507

DOI:10.1145/3576915

General Chairs:
Weizhi Meng
Technical University of Denmark
,
Christian D. Jensen
Technical University of Denmark
,
Program Chairs:
Cas Cremers
CISPA Helmholtz Center for Information Security
,
Engin Kirda
Khoury College of Computer Sciences

Copyright © 2023 Owner/Author.

This work is licensed under a Creative Commons Attribution-ShareAlike International 4.0 License.

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 November 2023

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Bundesministerium für Bildung und Forschung

Conference

CCS '23

Sponsor:

SIGSAC

CCS '23: ACM SIGSAC Conference on Computer and Communications Security

November 26 - 30, 2023

Copenhagen, Denmark

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
825
Total Downloads

Downloads (Last 12 months)603
Downloads (Last 6 weeks)55

Reflects downloads up to 01 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Geras TSchreck T(2024)The "Big Beast to Tackle": Practices in Quality Assurance for Cyber Threat IntelligenceProceedings of the 27th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3678890.3678903(337-352)Online publication date: 30-Sep-2024
https://dl.acm.org/doi/10.1145/3678890.3678903
Baumer TGrill JAdan JPernul G(2024)A Trust and Reputation System for Examining Compliance with Access ControlProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3670883(1-10)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3670883
Hiesgen RNawrocki MBarcellos MKopp DHohlfeld OChan EDobbins RDoerr CRossow CThomas DJonker MMok RLuo XKristoff JSchmidt TWählisch Mclaffy kVallina-Rodríguez NSuarez-Tángil GLevin DPelsser C(2024)The Age of DDoScovery: An Empirical Comparison of Industry and Academic DDoS AssessmentsProceedings of the 2024 ACM on Internet Measurement Conference10.1145/3646547.3688451(259-279)Online publication date: 4-Nov-2024
https://dl.acm.org/doi/10.1145/3646547.3688451
Nitz LGurabi MCermak MZadnik MKarpuk DDrichel ASchäfer SHolmes BMandal A(undefined)On Collaboration and Automation in the Context of Threat Detection and Response with Privacy-Preserving FeaturesDigital Threats: Research and Practice10.1145/3707651
https://dl.acm.org/doi/10.1145/3707651

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents