DocumentCode
1905972
Title
Team-based cyber defense analysis
Author
Champion, Michael A. ; Rajivan, Prashanth ; Cooke, Nancy J. ; Jariwala, Shree
Author_Institution
TIEM, Arizona State Univ., Mesa, AZ, USA
fYear
2012
fDate
6-8 March 2012
Firstpage
218
Lastpage
221
Abstract
Situation awareness (SA) in the cyber security domain is particularly relevant to teams of security analysts who are responsible for detecting cyber threats by perusing continual floods of data such as intrusion alerts and network logs. The challenges that analysts face are matched by those of researchers attempting to understand, measure, and impact SA in the cyber arena. The ground truth is not available except in simulated cyber situations. In this paper we outline a cognitive task analysis (CTA) focused on teams of analysts and the subsequent preliminary study conducted using a cyber defense simulation environment, CyberCog, built based on the CTA findings. Results from the CTA suggest three areas of fundamental challenge surrounding security analysts: team structure, communication, and information overload. These challenges could be associated to maladies such as cognitive tunneling and increased false alarms. These results are mirrored in the CyberCog pilot simulation study.
Keywords
cognitive systems; security of data; task analysis; CTA; CyberCog; cognitive task analysis; cyber defense simulation environment; cyber security; intrusion alerts; network logs; situation awareness; team-based cyber defense analysis; Computer security; Computers; Educational institutions; Organizations; Software; Training; Cognitive Task Analysis; Cyber Security; Situation Awareness; Team Cyber Situation Awareness; Team Situation Awareness;
fLanguage
English
Publisher
ieee
Conference_Titel
Cognitive Methods in Situation Awareness and Decision Support (CogSIMA), 2012 IEEE International Multi-Disciplinary Conference on
Conference_Location
New Orleans, LA
Print_ISBN
978-1-4673-0343-9
Type
conf
DOI
10.1109/CogSIMA.2012.6188386
Filename
6188386
Link To Document