A Multi-Phase Network Situational Awareness Cognitive Task Analysis

Erbacher, Robert F.; Frincke, Deborah A.; Wong, Pak Chung; Moody, Sarah Jean; Fink, Glenn

doi:10.1057/ivs.2010.5

Cited by 48 publications

(45 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This finding echoes those of prior work 6,7,11,15 . If cybersecurity is to change from being a largely reactive endeavor to a proactive defense, better access to real time data by analysts in all operational domains will be critical.…”

Section: Implications For Future Researchsupporting

confidence: 91%

Cyber situation awareness as distributed socio-cognitive work

2012

View full text Add to dashboard Cite

A key challenge for human cybersecurity operators is to develop an understanding of what is happening within, and to, their network. This understanding, or situation awareness, provides the cognitive basis for human operators to take action within their environments. Yet developing situation awareness of cyberspace (cyber-SA) is understood to be extremely difficult given the scope of the operating environment, the highly dynamic nature of the environment and the absence of physical constraints that serve to bound the cognitive task 23 . As a result, human cybersecurity operators are often "flying blind" regarding understanding the source, nature, and likely impact of malicious activity on their networked assets. In recent years, many scholars have dedicated their attention to finding ways to improve cyber-SA in human operators. In this paper we present our findings from our ongoing research of how cybersecurity analysts develop and maintain cyber-SA. Drawing from over twenty interviews of analysts working in the military, government, industrial, and educational domains, we find that cyber-SA to be distributed across human operators and technological artifacts operating in different functional areas.

show abstract

Section: Implications For Future Researchsupporting

confidence: 91%

Cyber situation awareness as distributed socio-cognitive work

2012

View full text Add to dashboard Cite

show abstract

“…We have proposed a system focused on the reduction of scope of analysis in conjunction with intrusion detection and forensic techniques to make insider threat detection feasible. Cognitive task analysis (CTA) [5] [7][13] will be critical to identify what techniques are truly needed by analysts. Such CTAs must be performed specifically for the tasks identified in this paper.…”

Section: Discussionmentioning

confidence: 99%

Preparing for the Next Wikileaks: Making Forensics Techniques Work

Erbacher¹

2011

2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering

Self Cite

View full text Add to dashboard Cite

The success of Manning in acquiring and releasing US State Department cables provides strong implications for the likelihood of similar insider threat attacks occurring again in the future. Such future attacks will likely employ more sophisticated methodologies. The first goal of this paper is to begin examining what such sophisticated insider threat attacks might include. Traditionally, organizations have avoided employing insider threat detection mechanisms due to the high rate of false positives and false negatives. This is a consequence of the chaotic nature and sheer volume of data needing analysis. A second goal of this paper is to begin proposing mechanism by which insider threat detection can be made feasible, especially in critical domains. More specifically this paper proposes multiple layers of event detection which when correlated over time will provide identification of significant irregularities requiring investigation.

show abstract

“…The papers that were used for the purpose of this research were: D'Amico et al [10], D'Amico et al [11], Erbacher et al [12], Fink et al [13] and Mckenna et al [16]. The reasons these papers were chosen was because of the data they presented.…”

Section: A Familiarizing With Datamentioning

confidence: 99%

“…D'Amico et al [10] and D'Amico et al [11] gave insight into roles of analysts and the tasks they perform in organizations. Erbacher et al [12] presents interviews with analysts for the specific purpose of cyber-security visualization. Fink et al [13] presents a variety of information about how to make visualizations useful for security analysts and Mckenna et al [16] formed the basis of this study and helped understand how to research these papers and take out the relevant elements from it.…”

Section: A Familiarizing With Datamentioning

confidence: 99%

“…Visualization for Triage Analysis requires abilities to Filter for "...initial filtering" [10] and for "...weeding out false positives..." [11]. It also requires Speed of data access as "...triage period should be on the order of minutes" [12] and a "...relatively fast decision..." [10] A visual representation of this relationship is displayed in Fig. 5.…”

Section: Incidentmentioning

confidence: 99%

See 1 more Smart Citation

EEVi - framework for evaluating the effectiveness of visualization in cyber-security

Sethi

Paci

Wills

2016

2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)

View full text Add to dashboard Cite

Abstract-Cyber-security visualization is an up-and-coming area which aims to reduce security analysts' workload by presenting information as visual analytics rather than a string of text and characters. But the adoption of the resultant visualizations has not increased. The literature indicates a research gap of a lack of guidelines and standardized evaluation techniques for effective visualization in cyber-security, as a reason for it. Therefore, this research addresses the research gap by developing a framework called EEVi for effective cyber-security visualizations for the performed task. The term 'effective visualization' can be defined as the features of visualization that are crucial to perform a certain task successfully. EEVi has been developed by analyzing qualitative data that leads to the formation of cognitive relationships (called links) between data that act as guidelines for effective cyber-security visualization in terms of the performed task. The methodology to develop this framework can be applied to other fields to understand cognitive relationships between data. Additionally, the analysis presents a glimpse into the usage of EEVi in cyber-security visualization.

show abstract

A Multi-Phase Network Situational Awareness Cognitive Task Analysis

Cited by 48 publications

References 12 publications

Cyber situation awareness as distributed socio-cognitive work

Cyber situation awareness as distributed socio-cognitive work

Preparing for the Next Wikileaks: Making Forensics Techniques Work

EEVi - framework for evaluating the effectiveness of visualization in cyber-security

Contact Info

Product

Resources

About