Team-based cyber defense analysis

Michael A. Champion, Prashanth Rajivan, Nancy Cooke, Shree Jariwala

Research output: Chapter in Book/Report/Conference proceedingConference contribution

29 Citations (Scopus)

Abstract

Situation awareness (SA) in the cyber security domain is particularly relevant to teams of security analysts who are responsible for detecting cyber threats by perusing continual floods of data such as intrusion alerts and network logs. The challenges that analysts face are matched by those of researchers attempting to understand, measure, and impact SA in the cyber arena. The ground truth is not available except in simulated cyber situations. In this paper we outline a cognitive task analysis (CTA) focused on teams of analysts and the subsequent preliminary study conducted using a cyber defense simulation environment, CyberCog, built based on the CTA findings. Results from the CTA suggest three areas of fundamental challenge surrounding security analysts: team structure, communication, and information overload. These challenges could be associated to maladies such as cognitive tunneling and increased false alarms. These results are mirrored in the CyberCog pilot simulation study.

Original languageEnglish (US)
Title of host publication2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2012
Pages218-221
Number of pages4
DOIs
StatePublished - 2012
Event2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2012 - New Orleans, LA, United States
Duration: Mar 6 2012Mar 8 2012

Other

Other2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2012
CountryUnited States
CityNew Orleans, LA
Period3/6/123/8/12

Fingerprint

Task analysis
Security analysts
Analysts
Communication structure
Information overload
Built environment
Simulation study
Threat
Simulation

Keywords

  • Cognitive Task Analysis
  • Cyber Security
  • Situation Awareness
  • Team Cyber Situation Awareness
  • Team Situation Awareness

ASJC Scopus subject areas

  • Information Systems and Management

Cite this

Champion, M. A., Rajivan, P., Cooke, N., & Jariwala, S. (2012). Team-based cyber defense analysis. In 2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2012 (pp. 218-221). [6188386] https://doi.org/10.1109/CogSIMA.2012.6188386

Team-based cyber defense analysis. / Champion, Michael A.; Rajivan, Prashanth; Cooke, Nancy; Jariwala, Shree.

2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2012. 2012. p. 218-221 6188386.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Champion, MA, Rajivan, P, Cooke, N & Jariwala, S 2012, Team-based cyber defense analysis. in 2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2012., 6188386, pp. 218-221, 2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2012, New Orleans, LA, United States, 3/6/12. https://doi.org/10.1109/CogSIMA.2012.6188386
Champion MA, Rajivan P, Cooke N, Jariwala S. Team-based cyber defense analysis. In 2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2012. 2012. p. 218-221. 6188386 https://doi.org/10.1109/CogSIMA.2012.6188386
Champion, Michael A. ; Rajivan, Prashanth ; Cooke, Nancy ; Jariwala, Shree. / Team-based cyber defense analysis. 2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2012. 2012. pp. 218-221
@inproceedings{22e5929c26f04a559f4120396681a003,
title = "Team-based cyber defense analysis",
abstract = "Situation awareness (SA) in the cyber security domain is particularly relevant to teams of security analysts who are responsible for detecting cyber threats by perusing continual floods of data such as intrusion alerts and network logs. The challenges that analysts face are matched by those of researchers attempting to understand, measure, and impact SA in the cyber arena. The ground truth is not available except in simulated cyber situations. In this paper we outline a cognitive task analysis (CTA) focused on teams of analysts and the subsequent preliminary study conducted using a cyber defense simulation environment, CyberCog, built based on the CTA findings. Results from the CTA suggest three areas of fundamental challenge surrounding security analysts: team structure, communication, and information overload. These challenges could be associated to maladies such as cognitive tunneling and increased false alarms. These results are mirrored in the CyberCog pilot simulation study.",
keywords = "Cognitive Task Analysis, Cyber Security, Situation Awareness, Team Cyber Situation Awareness, Team Situation Awareness",
author = "Champion, {Michael A.} and Prashanth Rajivan and Nancy Cooke and Shree Jariwala",
year = "2012",
doi = "10.1109/CogSIMA.2012.6188386",
language = "English (US)",
isbn = "9781467303453",
pages = "218--221",
booktitle = "2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2012",

}

TY - GEN

T1 - Team-based cyber defense analysis

AU - Champion, Michael A.

AU - Rajivan, Prashanth

AU - Cooke, Nancy

AU - Jariwala, Shree

PY - 2012

Y1 - 2012

N2 - Situation awareness (SA) in the cyber security domain is particularly relevant to teams of security analysts who are responsible for detecting cyber threats by perusing continual floods of data such as intrusion alerts and network logs. The challenges that analysts face are matched by those of researchers attempting to understand, measure, and impact SA in the cyber arena. The ground truth is not available except in simulated cyber situations. In this paper we outline a cognitive task analysis (CTA) focused on teams of analysts and the subsequent preliminary study conducted using a cyber defense simulation environment, CyberCog, built based on the CTA findings. Results from the CTA suggest three areas of fundamental challenge surrounding security analysts: team structure, communication, and information overload. These challenges could be associated to maladies such as cognitive tunneling and increased false alarms. These results are mirrored in the CyberCog pilot simulation study.

AB - Situation awareness (SA) in the cyber security domain is particularly relevant to teams of security analysts who are responsible for detecting cyber threats by perusing continual floods of data such as intrusion alerts and network logs. The challenges that analysts face are matched by those of researchers attempting to understand, measure, and impact SA in the cyber arena. The ground truth is not available except in simulated cyber situations. In this paper we outline a cognitive task analysis (CTA) focused on teams of analysts and the subsequent preliminary study conducted using a cyber defense simulation environment, CyberCog, built based on the CTA findings. Results from the CTA suggest three areas of fundamental challenge surrounding security analysts: team structure, communication, and information overload. These challenges could be associated to maladies such as cognitive tunneling and increased false alarms. These results are mirrored in the CyberCog pilot simulation study.

KW - Cognitive Task Analysis

KW - Cyber Security

KW - Situation Awareness

KW - Team Cyber Situation Awareness

KW - Team Situation Awareness

UR - http://www.scopus.com/inward/record.url?scp=84861123080&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84861123080&partnerID=8YFLogxK

U2 - 10.1109/CogSIMA.2012.6188386

DO - 10.1109/CogSIMA.2012.6188386

M3 - Conference contribution

SN - 9781467303453

SP - 218

EP - 221

BT - 2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2012

ER -