|
The cyber security threat to organizations and governments has continued to grow with increasing dependence on information technology; meanwhile, the entities behind cyber attacks increase in sophistication. Cyber security professionals, the individuals responsible for keeping organizations secure, investigate network activity to find, identify, and respond to threats. These individuals are among the last lines of defense for an organization. Cyber security professionals depend on automated tools to perform their jobs but must make critical decisions that impact security. Therefore, successful defense against cyber attacks depends on human decision making. This research identifies cognitive outcomes that predict successful threat response. The researchers are investigating the content and structure of cyber security professionals' knowledge, creating assessments of cyber security professional cognition, and developing training techniques for cyber security decision making. This project's broader impacts address the large need for cyber security workforce development. The training developed through this research will make cyber security careers more accessible to individuals beyond traditional computer science career paths. Threat response training for network defense provides a strategic advantage against cyber adversaries and increasingly sophisticated threats.
Effective human decision making is a determinant of effective cyber security. Situation awareness and mental models are cognitive outcomes that predict human performance. Situation awareness, defined as goal-relevant knowledge held during task performance, predicts good decision making. Security professionals also utilize internal representations of the task environment, such as how computers are interconnected, in the form of mental models. Because multiple mental models support situation awareness and vary as a function of task and expertise, understanding decision making in computer network defense requires identifying critical mental models. This research is identifying cognitive outcomes, including mental models and situation awareness, that predict successful threat response in computer network defense and leveraging them to improve training for cyber security professionals. Informed by knowledge of mental models, the research will lead to new training techniques that transfer broadly to cyber security decision making. This training will increase access to cyber security careers, especially to members of underrepresented groups. Threat response training provides a strategic advantage, not only against known threats, but against novel and increasingly sophisticated threats.
|
CAREER: RUI: Understanding Human Cognition in Computer Network Defense