论文信息 - Enhanced Training for Cyber Situational Awareness

Enhanced Training for Cyber Situational Awareness

A study was conducted in which participants received either tool-based or narrative-based training and then completed challenges associated with network security threats. Three teams were formed: (1) Tool-Based, for which each participant received tool-based training; (2) Narrative-Based, for which each participant received narrative-based training and (3) Combined, for which three participants received tool-based training and two received narrative-based training. Results showed that the Narrative-Based team recognized the spatial-temporal relationship between events and constructed a timeline that was a reasonable approximation of ground truth. In contrast, the Combined team produced a linear sequence of events that did not encompass the relationships between different adversaries. Finally, the Tool-Based team demonstrated little appreciation of either the spatial or temporal relationships between events. These findings suggest that participants receiving Narrative-Based training were able to use the software tools in a way that allowed them to gain a greater level of situation awareness.

[1] Lisa M. Penney,et al. A review of personality and performance: Identifying boundaries, contingencies, and future research directions , 2011 .

[2] Robert G. Abbott,et al. Robust Automated Knowledge Capture , 2011 .