Download PDFOpen PDF in browserExploring Cognition and Proficiency in Cybersecurity Incident Response: Description of a Subject-Matter Expert Interview10 pages•Published: July 12, 2024AbstractCybersecurity incident response presents significant challenges, exacerbated by a limited understanding of the cognitive processes employed by cybersecurity professionals. Cognitive task analysis (CTA) is a valuable tool to address this knowledge gap and inform evaluation, training, and design of cybersecurity systems. However, the required access and cost have limited the number and scope of CTAs in cybersecurity. Therefore, a need exists for CTA-derived insights about incident response and methodology of CTA to support data collection in this rapidly evolving domain. In this paper, we explore some of the challenges specific to CTA in the context of incident response, present an example demonstrating how CTA facilitates insights by examining results obtained from a single subject matter expert (SME), and describe the role of CTA in our ongoing mixed methods research program. The application of CTA in supporting quantitative research holds promise for advancing cyber defense strategies.Keyphrases: case study, cognitive task analysis, computer network defense, cybersecurity, incident response, mixed methods In: Kenneth Baclawski, Michael Kozak, Kirstie Bellman, Giuseppe D'Aniello, Alicia Ruvinsky and Candida Da Silva Ferreira Barreto (editors). Proceedings of Conference on Cognitive and Computational Aspects of Situation Management 2023, vol 102, pages 44-53.
|