Publications Details

Operationally-Relevant Cyber Situational Awareness Tool Development

Abbott, Robert G.; Anderson, Benjamin R.; Nauer, Kevin S.; Forsythe, James C.

Research was undertaken to gain an understanding of the interplay between cyber security professionals and the software tools utilized in performing their jobs. Substantial investments are devoted to purchasing and developing software tools targeting cyber security operations. However, development is largely based on anecdotal knowledge concerning the work processes, cognitive demands, and the needs and requirements of cyber security analysts. The current study first characterized the workflow of a Cyber Security Incidence Response (CSIRT) team, including their use of software tools, and instantiated this workflow within a simulation model. Next, data was collected during cyber security training exercises reflecting the use of software tools. It was discovered that while cyber security professionals rely heavily on specialized software tools, their jobs require that they effectively integrate the use of specialized software tools with the use of general- purpose software tools.