Title :
Team-based cyber defense analysis
Author :
Champion, Michael A. ; Rajivan, Prashanth ; Cooke, Nancy J. ; Jariwala, Shree
Author_Institution :
TIEM, Arizona State Univ., Mesa, AZ, USA
Abstract :
Situation awareness (SA) in the cyber security domain is particularly relevant to teams of security analysts who are responsible for detecting cyber threats by perusing continual floods of data such as intrusion alerts and network logs. The challenges that analysts face are matched by those of researchers attempting to understand, measure, and impact SA in the cyber arena. The ground truth is not available except in simulated cyber situations. In this paper we outline a cognitive task analysis (CTA) focused on teams of analysts and the subsequent preliminary study conducted using a cyber defense simulation environment, CyberCog, built based on the CTA findings. Results from the CTA suggest three areas of fundamental challenge surrounding security analysts: team structure, communication, and information overload. These challenges could be associated to maladies such as cognitive tunneling and increased false alarms. These results are mirrored in the CyberCog pilot simulation study.
Keywords :
cognitive systems; security of data; task analysis; CTA; CyberCog; cognitive task analysis; cyber defense simulation environment; cyber security; intrusion alerts; network logs; situation awareness; team-based cyber defense analysis; Computer security; Computers; Educational institutions; Organizations; Software; Training; Cognitive Task Analysis; Cyber Security; Situation Awareness; Team Cyber Situation Awareness; Team Situation Awareness;
Conference_Titel :
Cognitive Methods in Situation Awareness and Decision Support (CogSIMA), 2012 IEEE International Multi-Disciplinary Conference on
Conference_Location :
New Orleans, LA
Print_ISBN :
978-1-4673-0343-9
DOI :
10.1109/CogSIMA.2012.6188386
