Human Performance Factors in Cyber Security Forensic Analysis

Human performance has become a pertinent issue within cyber security. However, this research has been stymied by the limited availability of expert cyber security professionals. This is partly attributable to the ongoing workload faced by cyber security professionals, which is compounded by the limited number of qualified personnel and turnover of personnel across organizations. Additionally, it is difficult to conduct research, and particularly, openly published research, due to the sensitivity inherent to cyber operations at most organizations. As an alternative, the current research has focused on data collection during cyber security training exercises. These events draw individuals with a range of knowledge and experience extending from seasoned professionals to recent college graduates to college students. The current paper describes research involving data collection at two separate cyber security exercises. This data collection involved multiple measures which included behavioral performance based on human-machine transactions and a questionnaire-based assessments of cyber security experience. It was found that participants reporting more experience with cyber security topics and cyber security software tools made greater use of general purpose software tools, combining the use of general purpose tools with specialized cyber security software applications. Given that organizations make substantial investments in cyber security software tools, it is important to recognize that while these tools enable specialized analyses that would not be possible otherwise, they are not sufficient. Instead, effective cyber security operations involve a range of activities that extends from the highly general (e.g., taking notes, Internet search) to domain specific (e.g., disk forensics) and the accompanying work environment should accommodates this range of activities.

[1]  C. F. Kao,et al.  The efficient assessment of need for cognition. , 1984, Journal of personality assessment.

[2]  Pascale Carayon,et al.  Human and organizational factors in computer and information security: Pathways to vulnerabilities , 2009, Comput. Secur..

[3]  Daniel R. Tesone,et al.  Achieving Cyber Defense Situational Awareness: A Cognitive Task Analysis of Information Assurance Analysts , 2005 .

[4]  Reginald A. Bruce,et al.  Decision-Making Style: The Development and Assessment of a New Measure , 1995 .

[5]  J. Chris Forsythe,et al.  Enhanced Training for Cyber Situational Awareness , 2013, HCI.

[6]  Cleotilde Gonzalez,et al.  Cyber Situation Awareness , 2013, Hum. Factors.

[7]  Jeffrey M. Bradshaw,et al.  Human Dimension in Cyber Operations Research and Development Priorities , 2013, HCI.

[8]  Deborah A. Frincke,et al.  A Multi-Phase Network Situational Awareness Cognitive Task Analysis , 2010, Inf. Vis..

[9]  Robert G. Abbott,et al.  Log Analysis of Cyber Security Training Exercises , 2015 .

[10]  J. Chris Forsythe,et al.  Measuring Expert and Novice Performance Within Computer Security Incident Response Teams , 2015, HCI.

[11]  Robert G. Abbott,et al.  Factors Impacting Performance in Competitive Cyber Exercises. , 2014 .

[12]  Robert G. Abbott,et al.  Simulation of Workflow and Threat Characteristics for Cyber Security Incident Response Teams , 2014 .

[13]  Nancy J. Cooke,et al.  Influence of Team Communication and Coordination on the Performance of Teams at the iCTF Competition , 2012 .

[14]  J. M. Digman PERSONALITY STRUCTURE: EMERGENCE OF THE FIVE-FACTOR MODEL , 1990 .