Identifying Expertise Gaps in Cyber Incident Response: Cyber Defender Needs vs. Technological Development

Abstract: Incident response is an area within cyber defense that is responsible for detecting, mitigating, and preventing threats within a given network. Like other areas of cyber security, incident response is experiencing a shortage of qualified workers which has led to technological development aimed at alleviating labor-related pressures on organizations. A cognitive task analysis was conducted with incident response experts to capture expertise requirements and used an existing construct to help prioritize developm… Show more

“…Besides of anthropological studies like the ones performed by Sundaramurthy et al [51][52][53]), we are not aware of any academic publication that (a) focuses on the human aspects of threat investigation and incidence response and (b) was conducted in an operational SOC or cyber security team. Instead the majority of academic publications rely on data collected in artificial interview or experiment sessions, e.g., in form of a quiz featuring SOC alerts and possible responses [32,35,45,59].…”

“…Nyre-Yu uses cognitive task analysis to investigate what tasks are performed and what skills are required, but also how automated systems can support SOC analysts at their work [35]. Andrade and Yoo, as well, investigate which part of the work can be automated to support security analysts [5].…”

SAIBERSOC : A Methodology and Tool for Experimenting with Security Operation Centers

“…Besides of anthropological studies like the ones performed by Sundaramurthy et al [51][52][53]), we are not aware of any academic publication that (a) focuses on the human aspects of threat investigation and incidence response and (b) was conducted in an operational SOC or cyber security team. Instead the majority of academic publications rely on data collected in artificial interview or experiment sessions, e.g., in form of a quiz featuring SOC alerts and possible responses [32,35,45,59].…”

“…Nyre-Yu uses cognitive task analysis to investigate what tasks are performed and what skills are required, but also how automated systems can support SOC analysts at their work [35]. Andrade and Yoo, as well, investigate which part of the work can be automated to support security analysts [5].…”

SAIBERSOC : A Methodology and Tool for Experimenting with Security Operation Centers

“…The relevant research includes a multidimensional educational framework (Spelt et al, 2017) and six dimensions of expertise—Subject matter, Situational context, Interface tools, Expert identification, Communication, Information flow paths (Garrett et al, 2009). Some dimensions, such as communication expertise, self-awareness, and expert identification, might also be addressed through other methods, such as training and team development (Nyre-Yu, 2021). The multidisciplinary or multidimensional approach is emphasized for cybersecurity education (Berki et al, 2018; Blair et al, 2019; Omar et al, 2018; Tsado, 2019) to ensure curricular foundations for the multidisciplinary cybersecurity teams consisting of diverse cybersecurity experts.…”

A Multidimensional Cyber Defense Exercise: Emphasis on Emotional, Social, and Cognitive Aspects

Towards Cyber Readiness Assessment in Rural Areas