I. Introduction
Cyber attacks are a serious threat to our networked society as organizations are depending on the well functioning of the IT-infrastructure, which is essential for the IT-systems supporting their processes. As attacks are becoming more and more organized, collaboration across public and private organizations is required to arrange technical counter measures. Sharing cyber intelligence among different parties, such as internet & cloud service providers and enterprise networks, becomes increasingly important. Additionally, networks have evolved over the time and became more complex and less connected, therefore the protection of such a complex network can often only be guaranteed and financed as a shared effort. One of the benefits of information sharing among the members in an alliance is improving the decision and policy making in the different levels of organization and facilitating the selection of optimal cyber defense tactics during the attack period. Another benefit is the reduction of uncertainties regarding the performance, competence and availability of each member in the alliance [1]. Because of the limitation of each organization such as resources and expertise, no organization can resilience on its own, therefore needs to join the alliance to address the cyber attacks.