fa تحلیل چارچوب‌ها، استانداردها، پلتفرم‌ها و ائتلاف‌های پشتیبان توسعه شواهد تهدید سایبری در سازمان رمز و امنیت اطلاعات Cryptology and Information Security پژوهشی Research Article <div style="text-align: justify;"><span style="font-size:9pt"><span style="line-height:15pt"><span style="direction:rtl"><span style="unicode-bidi:embed"><span new="" roman="" style="font-family:" times=""><span style="font-style:italic"><span lang="AR-SA" style="font-size:11.0pt"><span b="" nazanin="" style="font-family:"><span style="font-style:normal">در دنیای مدرن امروزی و با ظهور پیشرفت‌های فناورانه، امنیت سایبری به یکی از مسائل حیاتی تبدیل شده است. هرروزه میلیون‌ها قلم داده در سطح اینترنت جابجا می‌شوند و سازمان‌ها و افراد را با تهدیداتی همچون نفوذهای سایبری، دسترسی غیرمجاز به اطلاعات و ... مواجه نموده‌است. در این محیط پویا، شواهد تهدید به‌عنوان یک ابزار برجسته و کارآمد برای مقابله با این تهدیدات -به دور از اغماض و حساسیت‌های لازم- مورد توجه قرار گرفته است. این رویکرد نوین، سازمان‌ها را قادر می‌سازد تا با تحلیل دقیق داده‌های شواهد تهدید و به‌صورت پیشگیرانه، واکنش مناسبی را نسبت به حملات سایبری ارائه دهند و شرایط امنیت اطلاعات مدنظر خود را تضمین نمایند. با توجه به روند رو به رشد حملات سایبری، دولت‌ها و سازمان‌های مختلف در سراسر جهان به دنبال راهبردها و راهکارهایی برای تقویت ظرفیت‌های شواهد تهدید در سطح نهادی هستند. در این مقاله، محقق ضمن </span></span></span><span lang="FA" style="font-size:11.0pt"><span b="" nazanin="" style="font-family:"><span style="font-style:normal">مطالعه مقایسه</span></span></span><span lang="FA" style="font-size:11.0pt"><span b="" border="" niki="" style="font-family:"><span style="font-style:normal">‌</span></span></span><span lang="FA" style="font-size:11.0pt"><span b="" nazanin="" style="font-family:"><span style="font-style:normal">ای </span></span></span><span lang="AR-SA" style="font-size:11.0pt"><span b="" nazanin="" style="font-family:"><span style="font-style:normal">چارچوب‌ها، استانداردها، پلتفرم‌ها و ائتلاف‌های شواهد تهدید (به‌عنوان ابزارهای کلیدی برای افزایش سطح امنیت سایبری و پیشگیری از حملات)، به بررسی تحلیلی و دقیق‌تری از این ابزارها و نحوه نقش‌آفرینی آن‌ها در تقویت نظام امنیت سایبری پرداخته‌است. درواقع، این تحقیق با تمرکز بر نقاط قوت ساختار و مؤلفه‌های پیاده‌سازی شواهد تهدید در سازمان‌ها و با بهره‌گیری از تجارب مرتبط دولت‌ها و ائتلاف‌های بین‌المللی، تلاش می‌کند تا نقش اساسی این مؤلفه‌ها در تولید، انتشار و بهره‌برداری از </span></span></span><span lang="FA" style="font-size:11.0pt"><span b="" nazanin="" style="font-family:"><span style="font-style:normal">رویکرد </span></span></span><span lang="AR-SA" style="font-size:11.0pt"><span b="" nazanin="" style="font-family:"><span style="font-style:normal">شواهد تهدید را برای مخاطب تصویرسازی نماید و اهمیت استفاده مؤثر از این راهکار در چرخه امنیت اطلاعات سازمان را مورد بررسی قرار دهد.</span></span></span></span></span></span></span></span></span><br> <span dir="RTL" lang="AR-SA" style="font-size:11.0pt"><span b="" nazanin="" style="font-family:">دستیابی به شواهد تهدید از طریق چارچوب‌ها، استانداردها، پلتفرم‌ها و ائتلاف‌های مرتبط مستلزم توجه به الزامات و اقدامات متنوعی است. در این راستا و با استفاده از نتایج حاصل از این تحقیق، تصمیم‌سازان و متولیان امر می‌توانند زمینه اقدامات لازم جهت پیاده‌سازی رویکرد شواهد تهدید در سطح سازمان را پیش‌بینی و عملیاتی نمایند. علاوه‌براین، پیاده‌سازی چارچوب‌ها، استانداردها، پلتفرم‌ها و ائتلاف‌های شواهد تهدید نه‌تنها به سازمان‌ها کمک می‌کند تا از شواهد تهدید بهتر استفاده نمایند، بلکه در امر تصمیم‌گیری‌ و مقابله با حملات سایبری نیز برای مجموعه بسیار حائز اهمیت باشد. </span></span></div> In today&rsquo;s modern world, with the emergence of technological advancements, cybersecurity has become one of the most critical issues. Every day, millions of data items are exchanged across the internet, exposing organizations and individuals to threats such as cyber intrusions, unauthorized access to information, and more. In this dynamic environment, Threat Intelligence has emerged as a prominent and effective tool to combat these threats&mdash;without overlooking necessary sensitivities. This modern approach enables organizations to analyze threat intelligence data meticulously, respond proactively to cyberattacks, and ensure the desired level of information security.<br> Given the increasing trend of cyberattacks, governments and organizations worldwide are pursuing strategies to strengthen institutional capacities for threat intelligence. In this article, through a comparative study of frameworks, standards, platforms, and coalitions (as key tools for enhancing cybersecurity and preventing attacks), the researcher provides a detailed analytical examination of these tools and their role in reinforcing cybersecurity systems. By focusing on the structural strengths and implementation components of threat intelligence in organizations&mdash;and leveraging the experiences of governments and international coalitions&mdash;this research aims to illustrate the essential role of these components in the production, dissemination, and utilization of threat intelligence. It also highlights the importance of effectively integrating these solutions into an organization&rsquo;s information security cycle.<br> Achieving threat intelligence through frameworks, standards, platforms, and related coalitions requires attention to diverse requirements and actions. Based on the findings of this research, decision-makers and stakeholders can anticipate and operationalize necessary measures to implement threat intelligence approaches at an organizational level. Furthermore, adopting these frameworks, standards, platforms, and coalitions not only helps organizations utilize threat intelligence more effectively but also plays a critical role in decision-making and countering cyberattacks.<br> Frameworks, standards, platforms, and coalitions supporting threat intelligence development represent the most vital components, tools, and approaches used in the collection, analysis, and application of threat intelligence. These tools and standards have advanced significantly over time to assist organizations in effectively combating cyber threats. They enable organizations to better produce, disseminate, and implement threat intelligence strategies to address diverse attacks and threats.<br> This article is based on an extensive and in-depth study of major international frameworks for implementing and developing threat intelligence, as well as adopting standards and structures aligned with organizational needs&mdash;including principles, processes, responsibilities, and roles&mdash;within the threat intelligence lifecycle. By analyzing published best practices and insights from this research, practical recommendations are provided to organizations for managing threat intelligence. The production, dissemination, analysis, and application of threat intelligence are critically important for organizations due to the following reasons:<br> &bull; Threat Identification and Prediction: Threat intelligence helps organizations identify and analyze patterns and trends in cyberattacks. This information guides organizations in predicting future attack types and planning appropriate countermeasures.<br> &bull; Enhancing Incident Response: By leveraging threat intelligence, organizations can respond swiftly and effectively to cyberattacks. This minimizes potential damages and reduces the costs associated with attacks.<br> &bull; Strengthening Cybersecurity: Organizations can implement necessary improvements to their systems and networks using threat intelligence, thereby better protecting their resources. These measures include researching and developing security technologies, enforcing efficient security policies, and enhancing employee awareness and trainin.<br> The development and implementation of frameworks, standards, platforms, and coalitions not only empower organizations to leverage threat intelligence more effectively but are also pivotal in strategic decision-making and countering cyberattacks. In the pervasive world of information technology, threat intelligence serves as a vital and undeniable tool in addressing organizations&rsquo; security challenges. The use of threat intelligence in cybersecurity management&mdash;encompassing concepts such as threat identification, data-driven security decision-making, protection of sensitive information, defensive strategies, early detection and rapid response, and risk prediction and mitigation&mdash;emerges as a key factor in elevating security standards. By emphasizing the importance of these issues and the unparalleled role of threat intelligence in preventing and countering cyber threats, organizations are encouraged to leverage this powerful tool in the realm of cybersecurity.<br> Based on the outlined considerations, the primary research question of this study is:<br> &bull; What are the functional roles of frameworks, standards, platforms, and alliances supporting threat intelligence in organizations? Addressing this main question requires answering the following sub-questions:<br> &bull; What are the constituent components and elements of frameworks, standards, platforms, and alliances supporting threat intelligence in organizations?<br> &bull; What are the factors influencing the selection and implementation of frameworks, standards, platforms, and alliances supporting threat intelligence in organizations?<br> &bull; What are the criteria influencing the selection and implementation of frameworks, standards, platforms, and alliances supporting threat intelligence in organizations?<br> &bull; What is the status of these influential criteria concerning each selected framework, standard, platform, or alliance supporting threat intelligence in organizations?<br> &bull; How will the evaluation and assessment of selected frameworks, standards, platforms, and alliances supporting threat intelligence be conducted based on these criteria? شواهد تهدید, چارچوب‌ها, پلتفرم‌ها, استانداردهای مرجع, ائتلاف‌ها Cyber Threat Intelligence, Frameworks, Platforms, Reference Standards, Leagues 19 44 http://monadi.isc.org.ir/browse.php?a_code=A-10-469-1&slc_lang=fa&sid=1 Amin Chahardoli امین چهاردولی amin.chahardoli@aut.ac.ir 10031947532846001995 10031947532846001995 No Faculty of Management, Central Tehran Branch, Islamic Azad University, Tehran, Iran ﺩﺍﻧﺸکدﻩ ﻣﺪیریت، ﻭﺍﺣﺪ ﺗﻬﺮﺍﻥ ﻣﺮکزی، ﺩﺍﻧﺸگاﻩ ﺁﺯﺍﺩ ﺍﺳﻼمی، ﺗﻬﺮﺍﻥ، ﺍیرﺍﻥ Abouzar Arabsorkhi ابوذر عرب سرخی abouzar_arab@itrc.ac.ir 10031947532846001996 10031947532846001996 Yes Iran Telecommunication Research Center, Tehran, Iran پژﻭﻫﺸگاﻩ ﺍﺭﺗﺒﺎﻃﺎﺕ ﻭ ﻓﻨﺎﻭﺭی ﺍﻃﻼﻋﺎﺕ، ﺗﻬﺮﺍﻥ، ﺍیرﺍﻥ