Join the FINMISP service

FINMISP is the National Cyber Security Centre Finland’s (NCSC-FI) cyber threat intelligence sharing service for organisations. Join the service if you want to use and share technical threat intelligence efficiently.

When is FINMISP suitable for you?

You will benefit most from the service if your organisation

  • needs to receive and use technical threat intelligence
  • is able to produce and share threat intelligence with other actors
  • understands whether the MISP platform is suitable for its activities
  • wants to develop cyber threat intelligence sharing through cooperation

As a general rule, the service is intended for Finnish organisations critical to security of supply.

How FINMISP works and how to use the service

FINMISP forms a national threat intelligence sharing network in which the NCSC-FI acts as a central node.

The service brings together

  • national threat intelligence sharing
  • international information sources
  • exchange of information between organisations

You can use the FINMISP service in two ways:

  • through your own MISP instance
  • through the web interface

The web interface gives you quick access to the service’s information content and enables you to start producing and sharing threat intelligence.

Your own MISP instance enables you to create an automated and real-time information sharing pipeline between your organisation and FINMISP. Your organisation is responsible for installing and maintaining your own instance. The NCSC-FI will provide support and guidance on deploying and using FINMISP.

 

FINMISP yhdistää tietoturvapoikkeamista kerätyn datan ja muuntaa sen uhkatiedoksi

FINMISP combines data collected from information security incidents and turns it into threat intelligence.

Through the service, your organisation gets

  • comprehensive and relevant information from high-quality sources
  • fast information sharing between actors critical to security of supply
  • a tool for reactive and proactive measures
  • better capabilities to analyse information security incidents

FINMISP data and classification

FINMISP is mainly used to share technical threat intelligence, meaning indicators of compromise.

An indicator of compromise (IOC) is a technical indicator that may point to an information security breach or cyber attack.

FINMISP has its own classification system, which determines how context and metadata are attached to information. This ensures that shared threat intelligence is consistent and usable.

In FINMISP

  • confidential information is not shared
  • information sharing is restricted using the TLP protocol

TLP (Traffic Light Protocol) defines who information may be shared with and how it may be used.

Frequently asked questions about the FINMISP service

As a general rule, FINMISP is intended for Finnish organisations critical to security of supply. Your organisation must be able to use and share threat intelligence.

The service is currently free of charge.

Ordering the service requires authorisation to act on behalf of the organisation. 

The rights of representation accepted on the order form are:

  • Private trader (ELI)
  • Managing director (TJ)
  • Acting managing director (TJS)
  • Deputy managing director (VTJ)
  • Chairperson of the board of directors of a limited liability company or housing company (PJ)
  • Person authorised to sign for the organisation and entitled to represent the organisation alone (NIMKO)

If the person does not have a right of representation recorded in the Trade Register, the Business Information System or the Register of Associations, a person with the right to represent the organisation can grant them an authorisation via Suomi.fi e-Authorizations Ulkoinen verkkopalvelu.. Authorisations can be granted and viewed in the Suomi.fi e-Authorizations Ulkoinen verkkopalvelu. service.

In addition to the persons with the rights of representation listed above, the FINMISP service can be ordered by a person who has been granted the Suomi.fi mandate “Ordering of cyber security services”.

You can define who the information is shared with. You can restrict the sharing and use of information using TLP and PAP classifications.

You can join the service even if you do not yet know how to use MISP. However, explore the platform in advance and assess whether it is suitable for your organisation’s activities.

Do you have any questions?

Send us a message using the FINMISP service contact form. Sending a message does not commit you to anything.

Page was last updated