Achieving Cyber Defense Situational Awareness: A Cognitive Task Analysis of Information Assurance Analysts

D’Amico, Anita; Whitley, Kirsten; Tesone, Daniel; O'Brien, Brianne; Roth, Emilie M.

doi:10.1177/154193120504900304

Cited by 99 publications

(27 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The papers that were used for the purpose of this research were: D'Amico et al [10], D'Amico et al [11], Erbacher et al [12], Fink et al [13] and Mckenna et al [16]. The reasons these papers were chosen was because of the data they presented.…”

Section: A Familiarizing With Datamentioning

confidence: 99%

“…These papers gave precise details about analyst roles, the type of data they used, how the analysis were conducted, what the analysts thought about visualization approaches and their experiences, if any, with visualizations. D'Amico et al [10] and D'Amico et al [11] gave insight into roles of analysts and the tasks they perform in organizations. Erbacher et al [12] presents interviews with analysts for the specific purpose of cyber-security visualization.…”

Section: A Familiarizing With Datamentioning

confidence: 99%

“…It is the "...first look at the raw data and interesting activity" [10] and hence uses Raw Data and Interesting Activities as types of Data. Visualization for Triage Analysis requires abilities to Filter for "...initial filtering" [10] and for "...weeding out false positives..." [11]. It also requires Speed of data access as "...triage period should be on the order of minutes" [12] and a "...relatively fast decision..." [10] A visual representation of this relationship is displayed in Fig.…”

Section: Incidentmentioning

confidence: 99%

See 2 more Smart Citations

EEVi - framework for evaluating the effectiveness of visualization in cyber-security

Sethi

Paci

Wills

2016

2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)

View full text Add to dashboard Cite

Abstract-Cyber-security visualization is an up-and-coming area which aims to reduce security analysts' workload by presenting information as visual analytics rather than a string of text and characters. But the adoption of the resultant visualizations has not increased. The literature indicates a research gap of a lack of guidelines and standardized evaluation techniques for effective visualization in cyber-security, as a reason for it. Therefore, this research addresses the research gap by developing a framework called EEVi for effective cyber-security visualizations for the performed task. The term 'effective visualization' can be defined as the features of visualization that are crucial to perform a certain task successfully. EEVi has been developed by analyzing qualitative data that leads to the formation of cognitive relationships (called links) between data that act as guidelines for effective cyber-security visualization in terms of the performed task. The methodology to develop this framework can be applied to other fields to understand cognitive relationships between data. Additionally, the analysis presents a glimpse into the usage of EEVi in cyber-security visualization.

show abstract

Section: A Familiarizing With Datamentioning

confidence: 99%

Section: A Familiarizing With Datamentioning

confidence: 99%

Section: Incidentmentioning

confidence: 99%

See 1 more Smart Citation

EEVi - framework for evaluating the effectiveness of visualization in cyber-security

Sethi

Paci

Wills

2016

2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)

View full text Add to dashboard Cite

show abstract

“…In terms of the system, this is the need to provide the multiple pieces of information required for understanding. A security analyst rarely relies on one piece of information to fully understand a situation [12]. For example, the results from a vulnerability scan indicating that vulnerabilities exist on a system may require additional checks for false positives.…”

Section: ) Correlationmentioning

confidence: 99%

System design considerations for risk perception

M'manga

Faily

McAlaney

et al. 2017

2017 11th International Conference on Research Challenges in Information Science (RCIS)

View full text Add to dashboard Cite

Abstract-The perception of risk is a driver for security analysts' decision making. However, security analysts may have conflicting views of a risk based on personal, system and environmental factors. This difference in perception and opinion, may impact effective decision making. In this paper, we propose a model that highlights areas contributing to the perception of risk in a socio-technical environment and their implication to system design. We validate the model through the use of a hypothetical scenario, which is grounded in both the literature and empirical data.

show abstract

“…According to Amico [2], achieving SA requires the analyst to proceed through three stages: perception, comprehension, and projection. The challenges traversing through these stages are: ingesting large volumes of data, sustaining real time response, and presentation in a comprehensible format.…”

mentioning

confidence: 99%

Large scale network situational awareness via 3D gaming technology

Hubbell

Kepner

2012

2012 IEEE Conference on High Performance Extreme Computing

View full text Add to dashboard Cite

-Obtaining situational awareness of network activity across an enterprise presents unique visualization challenges. IT analysts are required to quickly gather and correlate large volumes of disparate data to identify the existence of anomalous behavior. This paper will show how the MIT Lincoln Laboratory LLGrid Team has approached obtaining network situational awareness utilizing the Unity 3D video game engine. We have developed a 3D environment of the physical plant in the format of a networked multi player First Person Shooter (FPS) to demonstrate a virtual depiction of the current state of the network and the machines operating on the network. Within the game or virtual world an analyst or player can gather critical information on all network assets as well as perform physical system actions on machines in question. 3D gaming technology provides tools to create an environment that is both visually familiar to the player as well display immense amounts of system data in a meaningful and easy to absorb format. Our prototype system was to able monitor and display 5000 assets in ~10% of the time of our network time window.

show abstract

Achieving Cyber Defense Situational Awareness: A Cognitive Task Analysis of Information Assurance Analysts

Cited by 99 publications

References 6 publications

EEVi - framework for evaluating the effectiveness of visualization in cyber-security

EEVi - framework for evaluating the effectiveness of visualization in cyber-security

System design considerations for risk perception

Large scale network situational awareness via 3D gaming technology

Contact Info

Product

Resources

About