Team-based cyber defense analysis

Michael A. Champion, Prashanth Rajivan, Nancy Cooke, Shree Jariwala

Research output: Chapter in Book/Report/Conference proceedingConference contribution

44 Scopus citations

Abstract

Situation awareness (SA) in the cyber security domain is particularly relevant to teams of security analysts who are responsible for detecting cyber threats by perusing continual floods of data such as intrusion alerts and network logs. The challenges that analysts face are matched by those of researchers attempting to understand, measure, and impact SA in the cyber arena. The ground truth is not available except in simulated cyber situations. In this paper we outline a cognitive task analysis (CTA) focused on teams of analysts and the subsequent preliminary study conducted using a cyber defense simulation environment, CyberCog, built based on the CTA findings. Results from the CTA suggest three areas of fundamental challenge surrounding security analysts: team structure, communication, and information overload. These challenges could be associated to maladies such as cognitive tunneling and increased false alarms. These results are mirrored in the CyberCog pilot simulation study.

Original languageEnglish (US)
Title of host publication2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2012
Pages218-221
Number of pages4
DOIs
StatePublished - May 22 2012
Event2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2012 - New Orleans, LA, United States
Duration: Mar 6 2012Mar 8 2012

Publication series

Name2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2012

Other

Other2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, CogSIMA 2012
Country/TerritoryUnited States
CityNew Orleans, LA
Period3/6/123/8/12

Keywords

  • Cognitive Task Analysis
  • Cyber Security
  • Situation Awareness
  • Team Cyber Situation Awareness
  • Team Situation Awareness

ASJC Scopus subject areas

  • Information Systems and Management

Fingerprint

Dive into the research topics of 'Team-based cyber defense analysis'. Together they form a unique fingerprint.

Cite this