TY - GEN
T1 - Team-based cyber defense analysis
AU - Champion, Michael A.
AU - Rajivan, Prashanth
AU - Cooke, Nancy
AU - Jariwala, Shree
PY - 2012/5/22
Y1 - 2012/5/22
N2 - Situation awareness (SA) in the cyber security domain is particularly relevant to teams of security analysts who are responsible for detecting cyber threats by perusing continual floods of data such as intrusion alerts and network logs. The challenges that analysts face are matched by those of researchers attempting to understand, measure, and impact SA in the cyber arena. The ground truth is not available except in simulated cyber situations. In this paper we outline a cognitive task analysis (CTA) focused on teams of analysts and the subsequent preliminary study conducted using a cyber defense simulation environment, CyberCog, built based on the CTA findings. Results from the CTA suggest three areas of fundamental challenge surrounding security analysts: team structure, communication, and information overload. These challenges could be associated to maladies such as cognitive tunneling and increased false alarms. These results are mirrored in the CyberCog pilot simulation study.
AB - Situation awareness (SA) in the cyber security domain is particularly relevant to teams of security analysts who are responsible for detecting cyber threats by perusing continual floods of data such as intrusion alerts and network logs. The challenges that analysts face are matched by those of researchers attempting to understand, measure, and impact SA in the cyber arena. The ground truth is not available except in simulated cyber situations. In this paper we outline a cognitive task analysis (CTA) focused on teams of analysts and the subsequent preliminary study conducted using a cyber defense simulation environment, CyberCog, built based on the CTA findings. Results from the CTA suggest three areas of fundamental challenge surrounding security analysts: team structure, communication, and information overload. These challenges could be associated to maladies such as cognitive tunneling and increased false alarms. These results are mirrored in the CyberCog pilot simulation study.
KW - Cognitive Task Analysis
KW - Cyber Security
KW - Situation Awareness
KW - Team Cyber Situation Awareness
KW - Team Situation Awareness
UR - http://www.scopus.com/inward/record.url?scp=84861123080&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84861123080&partnerID=8YFLogxK
U2 - 10.1109/CogSIMA.2012.6188386
DO - 10.1109/CogSIMA.2012.6188386
M3 - Conference contribution
AN - SCOPUS:84861123080
SN - 9781467303453
T3 - 2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2012
SP - 218
EP - 221
BT - 2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2012
T2 - 2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2012
Y2 - 6 March 2012 through 8 March 2012
ER -