Cognitive Task Analysis Based Training for Cyber Situation Awareness
Abstract
Cyber attacks have been increasing significantly in both number and complexity, prompting the need for better training of cyber defense analysts. To conduct effective training for cyber situation awareness, it becomes essential to design realistic training scenarios. In this paper, we present a Cognitive Task Analysis based approach to address this training need. The technique of Cognitive Task Analysis is to capture and represent knowledge used by experts to perform complex tasks. Accurate characterization of cyber security experts’ cognitive processes can be incorporated into training materials to teach novice cyber analysts how to think and act like experts. After performing Cognitive Task Analysis of cyber situation awareness, we identify the steps necessary for designing training scenarios and training workflows. In order to address the challenge of information overload confronting the cyber analysts, we identify and design attack-specific watch list items. During training, cyber analysts can tailor their own watch list items and triggering thresholds in order to detect cyber attacks faster. As the time it takes for cyber analysts to recognize, analyze, and respond to attacks is critical, we evaluate cyber analysts’ performance based on their response time compared with the ideal attack timeline.
Origin | Files produced by the author(s) |
---|
Loading...