Exploring Cognition and Proficiency in Cybersecurity Incident Response: Description of a Subject-Matter Expert Interview
Publication Date
1-1-2024
Document Type
Conference Proceeding
Publication Title
EPiC Series in Computing
Volume
102
DOI
10.29007/gt9r
First Page
44
Last Page
53
Abstract
Cybersecurity incident response presents significant challenges, exacerbated by a limited understanding of the cognitive processes employed by cybersecurity professionals. Cognitive task analysis (CTA) is a valuable tool to address this knowledge gap and inform evaluation, training, and design of cybersecurity systems. However, the required access and cost have limited the number and scope of CTAs in cybersecurity. Therefore, a need exists for CTA-derived insights about incident response and methodology of CTA to support data collection in this rapidly evolving domain. In this paper, we explore some of the challenges specific to CTA in the context of incident response, present an example demonstrating how CTA facilitates insights by examining results obtained from a single subject matter expert (SME), and describe the role of CTA in our ongoing mixed methods research program. The application of CTA in supporting quantitative research holds promise for advancing cyber defense strategies.
Funding Number
1553018
Funding Sponsor
National Science Foundation
Keywords
case study, cognitive task analysis, computer network defense, cybersecurity, incident response, mixed methods
Department
Psychology
Recommended Citation
David Schuster, Crystal M. Fausett, Jenna Korentsides, Sabina Mitesh Patel, Elizabeth H. Lazzara, and Joseph R. Keebler. "Exploring Cognition and Proficiency in Cybersecurity Incident Response: Description of a Subject-Matter Expert Interview" EPiC Series in Computing (2024): 44-53. https://doi.org/10.29007/gt9r
