Information-Pooling Bias in Collaborative Security Incident Correlation Analysis

Rajivan, Prashanth; Cooke, Nancy J.

doi:10.1177/0018720818769249

Cited by 13 publications

(16 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Similar to the limitations of the NICCS framework, these degree granting institutions tend to emphasize technical and electrical engineering skills ( Gates et al, 2014 ) while ignoring the important social and organizational influences that dictate success or failure in everyday settings ( Barrick et al, 2003 ; Meyer et al, 2010 ). Furthermore, developing the knowledge, skills, and abilities that are needed across teams would arguably provide greater fidelity on the make-up and variety of teams needed to build an effective cybersecurity workforce ( Rajivan et al, 2013b ; Rajivan, 2014 ). However, attempting to develop these key baselines without first defining the correct organizational environment will likely only result in a limited ability to produce an effective cyber workforce ( Cable and Parsons, 2001 ; Seong et al, 2015 ; Frank et al, 2016 ).…”

Section: Defining the Cyber Domainmentioning

confidence: 99%

“…However, in the private sector it is much more likely for smaller teams to be composed of similarly talented individuals rather than a group with diverse work roles and backgrounds ( Champion et al, 2012 ). Recent research has identified that cybersecurity teams are better able to solve complex tasks than individual analysts, potentially due to the distribution of expertise across analysts ( Rajivan et al, 2013a , b ; Rajivan, 2014 ; Rajivan and Cooke, 2018 ). For instance, performance on incident triage was highest with a diverse group of heterogeneous talents as opposed to a team with members of similar background and skills ( Rajivan et al, 2013b ).…”

Section: Characteristics Of Successful Cyber Professionals and Teamsmentioning

confidence: 99%

See 1 more Smart Citation

The Future Cybersecurity Workforce: Going Beyond Technical Skills for Successful Cyber Performance

2018

View full text Add to dashboard Cite

One of the challenges in writing an article reviewing the current state of cyber education and workforce development is that there is a paucity of quantitative assessment regarding the cognitive aptitudes, work roles, or team organization required by cybersecurity professionals to be successful. In this review, we argue that the people who operate within the cyber domain need a combination of technical skills, domain specific knowledge, and social intelligence to be successful. They, like the networks they operate, must also be reliable, trustworthy, and resilient. Defining the knowledge, skills, attributes, and other characteristics is not as simple as defining a group of technical skills that people can be trained on; the complexity of the cyber domain makes this a unique challenge. There has been little research devoted to exactly what attributes individuals in the cyber domain need. What research does exist places an emphasis on technical and engineering skills while discounting the important social and organizational influences that dictate success or failure in everyday settings. This paper reviews the literature on cyber expertise and cyber workforce development to identify gaps and then argues for the important contribution of social fit in the highly complex and heterogenous cyber workforce. We then identify six assumptions for the future of cybersecurity workforce development, including the requirement for systemic thinkers, team players, a love for continued learning, strong communication ability, a sense of civic duty, and a blend of technical and social skill. Finally, we make recommendations for social and cognitive metrics which may be indicative of future performance in cyber work roles to provide a roadmap for future scholars.

show abstract

Section: Defining the Cyber Domainmentioning

confidence: 99%

Section: Characteristics Of Successful Cyber Professionals and Teamsmentioning

confidence: 99%

The Future Cybersecurity Workforce: Going Beyond Technical Skills for Successful Cyber Performance

2018

View full text Add to dashboard Cite

show abstract

“…To address such challenges, analysts as a team, must be innovative, agile, and adaptable (Terreberry, 1968 ). Evidence from a handful of lab-based, empirical studies (Rajivan et al, 2013 ; Rajivan, 2014 ; Buchler et al, 2016b ) highlight effective collaboration and leadership as critical determinants of performance for cyber defense given the complex and dynamic nature of the task domain. Managing the cognitive work of cybersecurity requires considerable interaction among teams of cyber analysts to monitor, report, and safeguard critical information technology.…”

Section: Cyber Defense Teamingmentioning

confidence: 99%

Cyber Teaming and Role Specialization in a Cyber Security Defense Competition

et al. 2018

Self Cite

View full text Add to dashboard Cite

A critical requirement for developing a cyber capable workforce is to understand how to challenge, assess, and rapidly develop human cyber skill-sets in realistic cyber operational environments. Fortunately, cyber team competitions make use of simulated operational environments with scoring criteria of task performance that objectively define overall team effectiveness, thus providing the means and context for observation and analysis of cyber teaming. Such competitions allow researchers to address the key determinants that make a cyber defense team more or less effective in responding to and mitigating cyber attacks. For this purpose, we analyzed data collected at the 12th annual Mid-Atlantic Collegiate Cyber Defense Competition (MACCDC, http://www.maccdc.org), where eight teams were evaluated along four independent scoring dimensions: maintaining services, incident response, scenario injects, and thwarting adversarial activities. Data collected from the 13-point OAT (Observational Assessment of Teamwork) instrument by embedded observers and a cyber teamwork survey completed by all participants were used to assess teamwork and leadership behaviors and team composition and work processes, respectively. The scores from the competition were used as an outcome measure in our analysis to extract key features of team process, structure, leadership, and skill-sets in relation to effective cyber defense. We used Bayesian regression to relate scored performance during the competition to team skill composition, team experience level, and an observational construct of team collaboration. Our results indicate that effective collaboration, experience, and functional role-specialization within the teams are important factors that determine the success of these teams in the competition and are important observational predictors of the timely detection and effective mitigation of ongoing cyber attacks. These results support theories of team maturation and the development of functional team cognition applied to mastering cybersecurity.

show abstract

“…Occasionally, good data is provided [Champion et al 2012]. And recently, Rajivan and Cooke [2018] showed that operators with unique information often do not share it with the team, which suggests a team SA deficit.…”

Section: Gaps In Sa For Cybersecuritymentioning

confidence: 99%

Gaps and Opportunities in Situational Awareness for Cybersecurity

2020

View full text Add to dashboard Cite

Demand is present among security practitioners for improving cyber situational awareness (SA), but capability and assessment have not risen to match. SA is an integral component of cybersecurity for everyone from individuals to business to response teams and threat exchanges. In this Field Note, we highlight existing research and our field observations, a recent review of cyber SA research literature, and call upon the research community to help address three research problems in situational awareness for cybersecurity. The gaps suggest the need to (1) understand what cyber SA is from the human operators' perspectives, then (2) measure it so that (3) the community can learn whether SA makes a difference in meaningful ways to cybersecurity, and whether methods, technology, or other solutions would improve SA and thus, improve those outcomes. CCS Concepts: • Security and privacy → Human and societal aspects of security and privacy; Network security; • Human-centered computing → HCI theory, concepts and models;

show abstract

Information-Pooling Bias in Collaborative Security Incident Correlation Analysis

Abstract: Potential applications of this research include development of team training procedures and collaboration tool development for security analysts.

Cited by 13 publications

References 23 publications

The Future Cybersecurity Workforce: Going Beyond Technical Skills for Successful Cyber Performance

The Future Cybersecurity Workforce: Going Beyond Technical Skills for Successful Cyber Performance

Cyber Teaming and Role Specialization in a Cyber Security Defense Competition

Gaps and Opportunities in Situational Awareness for Cybersecurity

Contact Info

Product

Resources

About