Todd Waits scite author profile

We set out to create an assessment and situational awareness tool for incident response. Extracting the risk assessment expertise and creating a systemic step-by-step workflow that could be followed by non-experts was challenging; however, what proved to be even more difficult was the mapping of that workflow to a common, natural language used by non-experts while still supporting the incident response. We at the Digital Intelligence and Investigation Directorate (DIID) have developed a way to maintain the velocity of incident response through the creation of a feed-forward decision support system to assist a security responder deal with the scale and challenges of assessing risk in critical information systems. Unfortunately, many applications fall short of expectations because the technology is used inappropriately: the wrong tool applied in the wrong way. Taking interaction techniques combined with a decision support system and applying them to one particularly demanding areasecurity incident response-leads to the conclusion that there is a proper and formal way to approach maintaining situational awareness in this complex domain. The CERT Assessment Tool increases a security incident responder's ability to assess risk and identify the incident response plan of critical information systems. The interface has four primary affordances to the user: (1) digital storage of the collected interview data with tagging of the information to create meta data of the objects as well as standardize terminology by reusing objects, (2) structured data that enables situational awareness of all systems on site and flexibility and recursion of system attributes, (3) guidance questions that provide runtime support for the system currently being assessed and a general direction to better assess each system based on historical data, and (4) real-time rules that make recommendations to the user through 'push' notifications, which enables a user to identify and mitigate risk in information systems security affecting the safety of a system or the implementation of the security plan. The creation of a security decision support system framework to represent a series of steps to view the entire space of a security incident allows us to use techniques specifically designed or selected to align with one of the three identified stages of incident response-pre-incident (perception), during the event (comprehension), or after the event (projection). This combination of rules based on machine learning and push notifications are a first step in how computers will be able to support and advance the decision support technologies that are the backbone of this system.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Todd Waits

Continuous system and user documentation integration

Design research in the context of federal law enforcement

The CERT assessment tool: Increasing a security incident responder's ability to assess risk

Contact Info

Product

Resources

About