Developing decision support for cybersecurity threat and incident managers

被引:16
作者
van der Kleij, Rick [1 ,3 ]
Schraagen, Jan Maarten [2 ]
Cadet, Beatrice [1 ]
Young, Heather [1 ]
机构
[1] TNO, Dept Human Behav & Training, The Hague, Netherlands
[2] TNO, Dept Human Machine Teaming, The Hague, Netherlands
[3] Hague Univ Appl Sci, Res Grp Cybersecur SME Sect, The Hague, Netherlands
关键词
Cybersecurity; Cognitive task analysis; Cognitive work analysis; Decision support; Incident response; Information security risk  management; COGNITIVE TASK-ANALYSIS;
D O I
10.1016/j.cose.2021.102535
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Cybersecurity threat and incident managers in large organizations, especially in the financial sector, are confronted more and more with an increase in volume and complexity of threats and incidents. At the same time, these managers have to deal with many internal processes and criteria, in addition to requirements from external parties, such as regulators that pose an additional challenge to handling threats and incidents. Little research has been carried out to understand to what extent decision support can aid these professionals in managing threats and incidents. The purpose of this research was to develop decision support for cybersecurity threat and incident managers in the financial sector. To this end, we carried out a cognitive task analysis and the first two phases of a cognitive work analysis, based on two rounds of in-depth interviews with ten professionals from three financial institutions. Our results show that decision support should address the problem of balancing the bigger picture with details. That is, being able to simultaneously keep the broader operational context in mind as well as adequately investigating, containing and remediating a cyberattack. In close consultation with the three financial institutions involved, we developed a critical-thinking memory aid that follows typical incident response process steps, but adds big picture elements and critical thinking steps. This should make cybersecurity threat and incident managers more aware of the broader operational implications of threats and incidents while keeping a critical mindset. Although a summative evaluation was beyond the scope of the present research, we conducted iterative formative evaluations of the memory aid that show its potential. (c) 2021 Elsevier Ltd. All rights reserved.
引用
收藏
页数:15
相关论文
共 43 条
  • [1] How can organizations develop situation awareness for incident response: A case study of management practice
    Ahmad, Atif
    Maynard, Sean B.
    Desouza, Kevin C.
    Kotsias, James
    Whitty, Monica T.
    Baskerville, Richard L.
    [J]. COMPUTERS & SECURITY, 2021, 101
  • [2] How integration of cyber security management and incident response enables organizational learning
    Ahmad, Atif
    Desouza, Kevin C.
    Maynard, Sean B.
    Naseer, Humza
    Baskerville, Richard L.
    [J]. JOURNAL OF THE ASSOCIATION FOR INFORMATION SCIENCE AND TECHNOLOGY, 2020, 71 (08) : 939 - 953
  • [3] Albanese M., 2014, Cybersecurity Systems for Human Cognition Augmentation, P47
  • [4] Allianz, 2020, ALL RISK BAR
  • [5] Eight key issues for the decision support systems discipline
    Amott, David
    Pervan, Graham
    [J]. DECISION SUPPORT SYSTEMS, 2008, 44 (03) : 657 - 672
  • [6] Asgharpour F, 2007, WORKSH EC INF SEC PI
  • [7] Bisantz AM, 2009, Applications of Cognitive Work Analysis
  • [8] Burns CM, 2020, COGNITIVE WORK ANAL
  • [9] Champion M, 2014, USING COGNITIVE TASK, V58, P310
  • [10] An Organizational Psychology Perspective to Examining Computer Security Incident Response Teams
    Chen, Tiffani R.
    Shore, Daniel B.
    Zaccaro, Stephen J.
    Dalal, Reeshad S.
    Tetrick, Lois E.
    Gorab, Aiva K.
    [J]. IEEE SECURITY & PRIVACY, 2014, 12 (05) : 61 - 67