SlideShare una empresa de Scribd logo

Towards a Digital teammate to support sensemaking in Cyber Security teams

Descargar como PPTX, PDF
Rick van der Kleij
Rick van der Kleij

1) The document discusses developing a digital teammate to support collaborative sensemaking in cyber security incident response teams. 2) It identifies challenges such as the large amounts of information analysts must process and the ad-hoc and time-constrained nature of their work. 3) The proposed digital teammate would provide tools to facilitate sensemaking, team and incident awareness, and connect different sites to potentially help teams handle incidents better and faster.

Ciencias
1 de 22
TOWARDS A DIGITAL TEAMMATE TO SUPPORT SENSEMAKING IN CYBER SECURITY TEAMS iHSI 2018 | Dr. Rick van der Kleij
CYBER SECURITY Cyber security is the protection of computer systems from the theft and damage to their hardware, software or information, as well as from disruption or misdirection of the services they provide; Cyber security includes protecting against harm that may come due to malpractice by insiders (e.g., employees), whether intentional or accidental. Digital teammate to support collaborative sensemaking in Cyber Security Incident Response Teams 08 January 2018
08 January 2018Digital teammate to support collaborative sensemaking in Cyber Security Incident Response Teams
CYBER SECURITY PROFESSIONALS Business processe s
HEADLINES: CYBER SECURITY = TEAMWORK http://www.csoonline.com/article/2844133/data-protection/chertoff-cybersecurity-takes-teamwork.html https://forums.juniper.net/t5/Government-Trends-and-Insights/IMPROVING-CYBERSECURITY-REQUIRES-TEAMWORK-AND-COLLABORATION/ba-p/283544
PROBLEM DEFINITION Cyber security teams have a crucial role in protecting business processes and critical infrastructure; The information environment in cyber security can be characterized as a ‘big data problem’ for human analysts who have to process the large amounts of information to detect attacks; Professionals often have to work on an ad-hoc basis, in close cooperation with other teams, and in time constrained and distributed environments; Failure is not an option; It could be argued that under these working conditions these teams would be likely to encounter problems.
PURPOSE & RESEARCH QUESTION Purpose: To investigate the need for support in professional Cyber Security Teams Research Question: “Are there any needs for improvements or issues that need to be resolved, and, if yes, how could support look like?“
USER CENTERED DESIGN 08 January 2018Digital teammate to support collaborative sensemaking in Cyber Security Incident Response Teams
CYBER SECURITY NEEDS MODEL Organization needs Team Performance needs Individual needs Instrumental needs Needs that pertain to Incident handling behavior or tangible outcomes, such as time to identification, or ability to remove threat Needs that pertain to the state of the team or level of team performance required for satisfactory functioning, such as team structure Needs that pertain to the individual’s abilities or attitudes, such as job satisfaction or team orientation Interventions or tools that are required to obtain a satisfactory level of functioning Van der Kleij, R. Kleinhuis, G., & Young, H. (2017). Computer Security Incident Response Team Effectiveness: A Needs Assessment. Frontiers in Psychology, 8, 1-8. Special issue on Mastering Cyberpower: Cognitive Sciences and The Human Factor in Civilian and Military Cyber Security
‘DATA FRAME MODEL OF SENSEMAKING’ “What is happening?”
08 January 2018Digital teammate to support collaborative sensemaking in Cyber Security Incident Response Teams
EVIDENCE/ARGUMENTS MAPPING 08 January 2018Digital teammate to support collaborative sensemaking in Cyber Security Incident Response Teams
PREMORTEM IN CYBER SECURITY? 1. Image that several hours have passed 2. Your [emergence response to contain the incident/ incident analysis] has been shown to be an utter disaster 3. Briefly explain why it was a disaster 4. Think of ways to address threats to success 08 January 2018Digital teammate to support collaborative sensemaking in Cyber Security Incident Response Teams
USER CENTERED DESIGN 08 January 2018Digital teammate to support collaborative sensemaking in Cyber Security Incident Response Teams
DIVERSE PHASE OF THE DESIGN 08 January 2018Digital teammate to support collaborative sensemaking in Cyber Security Incident Response Teams Innovative Digital assistant human aware Provides for incident and team awareness Observable, predictable and directableAble to connect different sites Facilitates sensemaking Lead to better & faster incident handlings services
USER CENTERED DESIGN 08 January 2018Digital teammate to support collaborative sensemaking in Cyber Security Incident Response Teams
17 | Computer Security Incident Response Teams “John is available” “Could he be of assistance to you?” “What is the best approach to mitigate this threat?”
Innovating for Cyber Security Professionals
USER CENTERED DESIGN 08 January 2018Digital teammate to support collaborative sensemaking in Cyber Security Incident Response Teams
08 January 2018Digital teammate to support collaborative sensemaking in Cyber Security Incident Response Teams
THE WAY FORWARD Our prototype is a first iteration of a support concept, integrating many needs on process and team support; We are now in the process of developing ways to enhance collaborative sensemaking in Security Operation Centres and Computer Security Incident Response Teams; Cyber security, as a system state, is dependant not only on human behaviour of target & threat entities, but on teamwork of cybersecurity professionals as well. 08 January 2018Digital teammate to support collaborative sensemaking in Cyber Security Incident Response Teams
THANK YOU FOR YOUR ATTENTION Take a look: TIME.TNO.NL

Recomendados

Case study: Managed Services for Network and Security Devices - Happiest Minds
Case study: Managed Services for Network and Security Devices - Happiest MindsCase study: Managed Services for Network and Security Devices - Happiest Minds
Case study: Managed Services for Network and Security Devices - Happiest Minds
Happiest Minds Technologies
 
Elastic Security: Your one-stop OODA loop shop
Elastic Security: Your one-stop OODA loop shopElastic Security: Your one-stop OODA loop shop
Elastic Security: Your one-stop OODA loop shop
Elasticsearch
 
Windstream Managed Network Security Infographic
Windstream Managed Network Security InfographicWindstream Managed Network Security Infographic
Windstream Managed Network Security Infographic
Ideba
 
Eyes Wide Shut: Cybersecurity Smoke & Mirrors...
Eyes Wide Shut: Cybersecurity Smoke & Mirrors...Eyes Wide Shut: Cybersecurity Smoke & Mirrors...
Eyes Wide Shut: Cybersecurity Smoke & Mirrors...
STASH | Datacentric Security
 
Case Study: Risk Assessment & Security Strategy Definition - Happiest Minds
Case Study: Risk Assessment & Security Strategy Definition - Happiest MindsCase Study: Risk Assessment & Security Strategy Definition - Happiest Minds
Case Study: Risk Assessment & Security Strategy Definition - Happiest Minds
Happiest Minds Technologies
 
Infographic: 5 Tips for Approaching Customers About Cloud Security
Infographic: 5 Tips for Approaching Customers About Cloud SecurityInfographic: 5 Tips for Approaching Customers About Cloud Security
Infographic: 5 Tips for Approaching Customers About Cloud Security
Intronis MSP Solutions by Barracuda
 
Windstream Managed Network Security Ebook
Windstream Managed Network Security EbookWindstream Managed Network Security Ebook
Windstream Managed Network Security Ebook
Ideba
 
Millions of People Depend on Datang Xianyi Technology and NetIQ
Millions of People Depend on Datang Xianyi Technology and NetIQMillions of People Depend on Datang Xianyi Technology and NetIQ
Millions of People Depend on Datang Xianyi Technology and NetIQ
NetIQ
 

Recomendados

Case study: Managed Services for Network and Security Devices - Happiest Minds
Case study: Managed Services for Network and Security Devices - Happiest MindsCase study: Managed Services for Network and Security Devices - Happiest Minds
Case study: Managed Services for Network and Security Devices - Happiest Minds
Happiest Minds Technologies
 
Elastic Security: Your one-stop OODA loop shop
Elastic Security: Your one-stop OODA loop shopElastic Security: Your one-stop OODA loop shop
Elastic Security: Your one-stop OODA loop shop
Elasticsearch
 
Windstream Managed Network Security Infographic
Windstream Managed Network Security InfographicWindstream Managed Network Security Infographic
Windstream Managed Network Security Infographic
Ideba
 
Eyes Wide Shut: Cybersecurity Smoke & Mirrors...
Eyes Wide Shut: Cybersecurity Smoke & Mirrors...Eyes Wide Shut: Cybersecurity Smoke & Mirrors...
Eyes Wide Shut: Cybersecurity Smoke & Mirrors...
STASH | Datacentric Security
 
Case Study: Risk Assessment & Security Strategy Definition - Happiest Minds
Case Study: Risk Assessment & Security Strategy Definition - Happiest MindsCase Study: Risk Assessment & Security Strategy Definition - Happiest Minds
Case Study: Risk Assessment & Security Strategy Definition - Happiest Minds
Happiest Minds Technologies
 
Infographic: 5 Tips for Approaching Customers About Cloud Security
Infographic: 5 Tips for Approaching Customers About Cloud SecurityInfographic: 5 Tips for Approaching Customers About Cloud Security
Infographic: 5 Tips for Approaching Customers About Cloud Security
Intronis MSP Solutions by Barracuda
 
Windstream Managed Network Security Ebook
Windstream Managed Network Security EbookWindstream Managed Network Security Ebook
Windstream Managed Network Security Ebook
Ideba
 
Millions of People Depend on Datang Xianyi Technology and NetIQ
Millions of People Depend on Datang Xianyi Technology and NetIQMillions of People Depend on Datang Xianyi Technology and NetIQ
Millions of People Depend on Datang Xianyi Technology and NetIQ
NetIQ
 
NUS-ISS Learning Day 2018-Leading conversation in IoT security
NUS-ISS Learning Day 2018-Leading conversation in IoT securityNUS-ISS Learning Day 2018-Leading conversation in IoT security
NUS-ISS Learning Day 2018-Leading conversation in IoT security
NUS-ISS
 
2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...
2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...
2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...
Scalar Decisions
 
Windstream Managed Network Security Presentation
Windstream Managed Network Security PresentationWindstream Managed Network Security Presentation
Windstream Managed Network Security Presentation
Ideba
 
Case study: ISO 27001 Certification Readiness - Happiest Minds
Case study: ISO 27001 Certification Readiness - Happiest MindsCase study: ISO 27001 Certification Readiness - Happiest Minds
Case study: ISO 27001 Certification Readiness - Happiest Minds
Happiest Minds Technologies
 
Haystax Technology - About Us
Haystax Technology - About UsHaystax Technology - About Us
Haystax Technology - About Us
Haystax Technology
 
The Engine Behind 'Discovery': Elasticsearch Service @ CreatorIQ
The Engine Behind 'Discovery': Elasticsearch Service @ CreatorIQThe Engine Behind 'Discovery': Elasticsearch Service @ CreatorIQ
The Engine Behind 'Discovery': Elasticsearch Service @ CreatorIQ
Elasticsearch
 
Whole Person Risk Modeling
Whole Person Risk ModelingWhole Person Risk Modeling
Whole Person Risk Modeling
Haystax Technology
 
Haystax: Actionable Intelligence Platform
Haystax: Actionable Intelligence PlatformHaystax: Actionable Intelligence Platform
Haystax: Actionable Intelligence Platform
Haystax Technology
 
Track-2307_KUKREJA.potx
Track-2307_KUKREJA.potxTrack-2307_KUKREJA.potx
Track-2307_KUKREJA.potx
Puneet Kukreja
 
How to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security AnalyticsHow to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security Analytics
Interset
 
What is still missed for security real life facts
What is still missed for security real life factsWhat is still missed for security real life facts
What is still missed for security real life facts
Aladdin Dandis
 
Scalar security study2017_slideshare_rev[1]
Scalar security study2017_slideshare_rev[1]Scalar security study2017_slideshare_rev[1]
Scalar security study2017_slideshare_rev[1]
Tracey Ong
 
The National Security Agency (NSA) -- PRISM Surveillance System _Not a Surpri...
The National Security Agency (NSA) -- PRISM Surveillance System _Not a Surpri...The National Security Agency (NSA) -- PRISM Surveillance System _Not a Surpri...
The National Security Agency (NSA) -- PRISM Surveillance System _Not a Surpri...
Sonia Usih, PMP, MCPM, BSc.
 
Radical Innovation In Security (New Techniques Applied To Tomorrow’s Risk)
Radical Innovation In Security (New Techniques Applied To Tomorrow’s Risk)Radical Innovation In Security (New Techniques Applied To Tomorrow’s Risk)
Radical Innovation In Security (New Techniques Applied To Tomorrow’s Risk)
Fujitsu Middle East
 
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptxNtxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
North Texas Chapter of the ISSA
 
Solution Spotlight IT Consulting Services
Solution Spotlight IT Consulting ServicesSolution Spotlight IT Consulting Services
Solution Spotlight IT Consulting Services
The TNS Group
 
How to make managed services work
How to make managed services workHow to make managed services work
How to make managed services work
Jacklyn Johnson
 
Hacked: Threats, Trends and the Power of Connected Data
Hacked: Threats, Trends and the Power of Connected DataHacked: Threats, Trends and the Power of Connected Data
Hacked: Threats, Trends and the Power of Connected Data
Neo4j
 
Driving IT Transformation with Agile Analytics
Driving IT Transformation with Agile AnalyticsDriving IT Transformation with Agile Analytics
Driving IT Transformation with Agile Analytics
Bit Stew Systems
 
[International Workshop on Cybersecurity] THREAT INFO SHARING IN PRIVATE SECTOR
[International Workshop on Cybersecurity] THREAT INFO SHARING IN PRIVATE SECTOR[International Workshop on Cybersecurity] THREAT INFO SHARING IN PRIVATE SECTOR
[International Workshop on Cybersecurity] THREAT INFO SHARING IN PRIVATE SECTOR
gree_tech
 
The 10 most trusted cyber threat solution providers
The 10 most trusted cyber threat solution providersThe 10 most trusted cyber threat solution providers
The 10 most trusted cyber threat solution providers
Insights success media and technology pvt ltd
 
Proactive Risk Management and Compliance in a World of Digital Disruption
Proactive Risk Management and Compliance in a World of Digital DisruptionProactive Risk Management and Compliance in a World of Digital Disruption
Proactive Risk Management and Compliance in a World of Digital Disruption
Mike Wons
 

Más contenido relacionado

La actualidad más candente

Track-2307_KUKREJA.potx
Track-2307_KUKREJA.potxTrack-2307_KUKREJA.potx
Track-2307_KUKREJA.potx
Puneet Kukreja
 

La actualidad más candente (20)

NUS-ISS Learning Day 2018-Leading conversation in IoT security
NUS-ISS Learning Day 2018-Leading conversation in IoT securityNUS-ISS Learning Day 2018-Leading conversation in IoT security
NUS-ISS Learning Day 2018-Leading conversation in IoT security
 
2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...
2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...
2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...
 
Windstream Managed Network Security Presentation
Windstream Managed Network Security PresentationWindstream Managed Network Security Presentation
Windstream Managed Network Security Presentation
 
Case study: ISO 27001 Certification Readiness - Happiest Minds
Case study: ISO 27001 Certification Readiness - Happiest MindsCase study: ISO 27001 Certification Readiness - Happiest Minds
Case study: ISO 27001 Certification Readiness - Happiest Minds
 
Haystax Technology - About Us
Haystax Technology - About UsHaystax Technology - About Us
Haystax Technology - About Us
 
The Engine Behind 'Discovery': Elasticsearch Service @ CreatorIQ
The Engine Behind 'Discovery': Elasticsearch Service @ CreatorIQThe Engine Behind 'Discovery': Elasticsearch Service @ CreatorIQ
The Engine Behind 'Discovery': Elasticsearch Service @ CreatorIQ
 
Whole Person Risk Modeling
Whole Person Risk ModelingWhole Person Risk Modeling
Whole Person Risk Modeling
 
Haystax: Actionable Intelligence Platform
Haystax: Actionable Intelligence PlatformHaystax: Actionable Intelligence Platform
Haystax: Actionable Intelligence Platform
 
Track-2307_KUKREJA.potx
Track-2307_KUKREJA.potxTrack-2307_KUKREJA.potx
Track-2307_KUKREJA.potx
 
How to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security AnalyticsHow to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security Analytics
 
What is still missed for security real life facts
What is still missed for security real life factsWhat is still missed for security real life facts
What is still missed for security real life facts
 
Scalar security study2017_slideshare_rev[1]
Scalar security study2017_slideshare_rev[1]Scalar security study2017_slideshare_rev[1]
Scalar security study2017_slideshare_rev[1]
 
The National Security Agency (NSA) -- PRISM Surveillance System _Not a Surpri...
The National Security Agency (NSA) -- PRISM Surveillance System _Not a Surpri...The National Security Agency (NSA) -- PRISM Surveillance System _Not a Surpri...
The National Security Agency (NSA) -- PRISM Surveillance System _Not a Surpri...
 
Radical Innovation In Security (New Techniques Applied To Tomorrow’s Risk)
Radical Innovation In Security (New Techniques Applied To Tomorrow’s Risk)Radical Innovation In Security (New Techniques Applied To Tomorrow’s Risk)
Radical Innovation In Security (New Techniques Applied To Tomorrow’s Risk)
 
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptxNtxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
 
Solution Spotlight IT Consulting Services
Solution Spotlight IT Consulting ServicesSolution Spotlight IT Consulting Services
Solution Spotlight IT Consulting Services
 
How to make managed services work
How to make managed services workHow to make managed services work
How to make managed services work
 
Hacked: Threats, Trends and the Power of Connected Data
Hacked: Threats, Trends and the Power of Connected DataHacked: Threats, Trends and the Power of Connected Data
Hacked: Threats, Trends and the Power of Connected Data
 
Driving IT Transformation with Agile Analytics
Driving IT Transformation with Agile AnalyticsDriving IT Transformation with Agile Analytics
Driving IT Transformation with Agile Analytics
 
[International Workshop on Cybersecurity] THREAT INFO SHARING IN PRIVATE SECTOR
[International Workshop on Cybersecurity] THREAT INFO SHARING IN PRIVATE SECTOR[International Workshop on Cybersecurity] THREAT INFO SHARING IN PRIVATE SECTOR
[International Workshop on Cybersecurity] THREAT INFO SHARING IN PRIVATE SECTOR
 

Similar a Towards a Digital teammate to support sensemaking in Cyber Security teams

Similar a Towards a Digital teammate to support sensemaking in Cyber Security teams (20)

The 10 most trusted cyber threat solution providers
The 10 most trusted cyber threat solution providersThe 10 most trusted cyber threat solution providers
The 10 most trusted cyber threat solution providers
 
Proactive Risk Management and Compliance in a World of Digital Disruption
Proactive Risk Management and Compliance in a World of Digital DisruptionProactive Risk Management and Compliance in a World of Digital Disruption
Proactive Risk Management and Compliance in a World of Digital Disruption
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019
 
Operationalizing Big Data Security Analytics - IANS Forum Dallas
Operationalizing Big Data Security Analytics - IANS Forum DallasOperationalizing Big Data Security Analytics - IANS Forum Dallas
Operationalizing Big Data Security Analytics - IANS Forum Dallas
 
Cultivate a stronger corporate culture to enhance cybersecurity
Cultivate a stronger corporate culture to enhance cybersecurityCultivate a stronger corporate culture to enhance cybersecurity
Cultivate a stronger corporate culture to enhance cybersecurity
 
Akamai 2018 Spring state of the Internet security report
Akamai 2018 Spring state of the Internet security reportAkamai 2018 Spring state of the Internet security report
Akamai 2018 Spring state of the Internet security report
 
Human factors in cybersecurity: Needs assessment
Human factors in cybersecurity: Needs assessment Human factors in cybersecurity: Needs assessment
Human factors in cybersecurity: Needs assessment
 
CounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat ManagementCounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat Management
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
The 10 most trusted companies in enterprise security 2019
The 10 most trusted companies in enterprise security 2019The 10 most trusted companies in enterprise security 2019
The 10 most trusted companies in enterprise security 2019
 
NUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS Learning Day 2019-Architecting security in the digital ageNUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS Learning Day 2019-Architecting security in the digital age
 
Cyber security trends 2018
Cyber security trends 2018Cyber security trends 2018
Cyber security trends 2018
 
The Security Challenge: What's Next?
The Security Challenge: What's Next?The Security Challenge: What's Next?
The Security Challenge: What's Next?
 
Corporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious GameCorporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious Game
 
The Importance of Cybersecurity in Software Development.pdf
The Importance of Cybersecurity in Software Development.pdfThe Importance of Cybersecurity in Software Development.pdf
The Importance of Cybersecurity in Software Development.pdf
 
Gill_Pat.2016.Resume.CISO.1
Gill_Pat.2016.Resume.CISO.1Gill_Pat.2016.Resume.CISO.1
Gill_Pat.2016.Resume.CISO.1
 
9545-RR-Why-Use-MSSP
9545-RR-Why-Use-MSSP9545-RR-Why-Use-MSSP
9545-RR-Why-Use-MSSP
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & Practices
 
Introduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceIntroduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber Resilience
 

Más de Rick van der Kleij

Opportunities for social media in a comprehensive approach
Opportunities for social media in a comprehensive approachOpportunities for social media in a comprehensive approach
Opportunities for social media in a comprehensive approach
Rick van der Kleij
 

Más de Rick van der Kleij (11)

Cybercrime? Daarvoor is mijn bedrijf te klein!
Cybercrime? Daarvoor is mijn bedrijf te klein!Cybercrime? Daarvoor is mijn bedrijf te klein!
Cybercrime? Daarvoor is mijn bedrijf te klein!
 
Organisatieslachtofferschap van cybercrime
Organisatieslachtofferschap van cybercrime Organisatieslachtofferschap van cybercrime
Organisatieslachtofferschap van cybercrime
 
Cyberweerbaarheid mkb (SMEs) regio Den Haag
Cyberweerbaarheid mkb (SMEs) regio Den Haag Cyberweerbaarheid mkb (SMEs) regio Den Haag
Cyberweerbaarheid mkb (SMEs) regio Den Haag
 
Human factors in cybersecurity
Human factors in cybersecurity Human factors in cybersecurity
Human factors in cybersecurity
 
Verhogen effectiviteit cameratoezicht (svob kenniscafé 17 april 2014)
Verhogen effectiviteit cameratoezicht (svob kenniscafé 17 april 2014)Verhogen effectiviteit cameratoezicht (svob kenniscafé 17 april 2014)
Verhogen effectiviteit cameratoezicht (svob kenniscafé 17 april 2014)
 
Wanneer veiligheid een service is (en wanneer niet)
Wanneer veiligheid een service is (en wanneer niet) Wanneer veiligheid een service is (en wanneer niet)
Wanneer veiligheid een service is (en wanneer niet)
 
Social media for influence operations
Social media for influence operationsSocial media for influence operations
Social media for influence operations
 
Landmacht 2.0 sociale media
Landmacht 2.0 sociale mediaLandmacht 2.0 sociale media
Landmacht 2.0 sociale media
 
Opportunities for social media in a comprehensive approach
Opportunities for social media in a comprehensive approachOpportunities for social media in a comprehensive approach
Opportunities for social media in a comprehensive approach
 
Boundary spanning in military operations
Boundary spanning in military operationsBoundary spanning in military operations
Boundary spanning in military operations
 
Coordinating across boundaries: The importance of members' personalities
Coordinating across boundaries: The importance of members' personalitiesCoordinating across boundaries: The importance of members' personalities
Coordinating across boundaries: The importance of members' personalities
 

Último

Climate extremes likely to drive land mammal extinction during next supercont...
Climate extremes likely to drive land mammal extinction during next supercont...Climate extremes likely to drive land mammal extinction during next supercont...
Climate extremes likely to drive land mammal extinction during next supercont...
Sérgio Sacani
 
WASP-69b’s Escaping Envelope Is Confined to a Tail Extending at Least 7 Rp
WASP-69b’s Escaping Envelope Is Confined to a Tail Extending at Least 7 RpWASP-69b’s Escaping Envelope Is Confined to a Tail Extending at Least 7 Rp
WASP-69b’s Escaping Envelope Is Confined to a Tail Extending at Least 7 Rp
Sérgio Sacani
 
In-pond Race way systems for Aquaculture (IPRS).pptx
In-pond Race way systems for Aquaculture (IPRS).pptxIn-pond Race way systems for Aquaculture (IPRS).pptx
In-pond Race way systems for Aquaculture (IPRS).pptx
MAGOTI ERNEST
 
Constraints on Neutrino Natal Kicks from Black-Hole Binary VFTS 243
Constraints on Neutrino Natal Kicks from Black-Hole Binary VFTS 243Constraints on Neutrino Natal Kicks from Black-Hole Binary VFTS 243
Constraints on Neutrino Natal Kicks from Black-Hole Binary VFTS 243
Sérgio Sacani
 
Quantifying Artificial Intelligence and What Comes Next!
Quantifying Artificial Intelligence and What Comes Next!Quantifying Artificial Intelligence and What Comes Next!
Quantifying Artificial Intelligence and What Comes Next!
University of Hertfordshire
 
Jet reorientation in central galaxies of clusters and groups: insights from V...
Jet reorientation in central galaxies of clusters and groups: insights from V...Jet reorientation in central galaxies of clusters and groups: insights from V...
Jet reorientation in central galaxies of clusters and groups: insights from V...
Sérgio Sacani
 
Pests of Green Manures_Bionomics_IPM_Dr.UPR.pdf
Pests of Green Manures_Bionomics_IPM_Dr.UPR.pdfPests of Green Manures_Bionomics_IPM_Dr.UPR.pdf
Pests of Green Manures_Bionomics_IPM_Dr.UPR.pdf
PirithiRaju
 

Último (20)

Climate extremes likely to drive land mammal extinction during next supercont...
Climate extremes likely to drive land mammal extinction during next supercont...Climate extremes likely to drive land mammal extinction during next supercont...
Climate extremes likely to drive land mammal extinction during next supercont...
 
ERTHROPOIESIS: Dr. E. Muralinath & R. Gnana Lahari
ERTHROPOIESIS: Dr. E. Muralinath & R. Gnana LahariERTHROPOIESIS: Dr. E. Muralinath & R. Gnana Lahari
ERTHROPOIESIS: Dr. E. Muralinath & R. Gnana Lahari
 
WASP-69b’s Escaping Envelope Is Confined to a Tail Extending at Least 7 Rp
WASP-69b’s Escaping Envelope Is Confined to a Tail Extending at Least 7 RpWASP-69b’s Escaping Envelope Is Confined to a Tail Extending at Least 7 Rp
WASP-69b’s Escaping Envelope Is Confined to a Tail Extending at Least 7 Rp
 
Mining Activity and Investment Opportunity in Myanmar.pptx
Mining Activity and Investment Opportunity in Myanmar.pptxMining Activity and Investment Opportunity in Myanmar.pptx
Mining Activity and Investment Opportunity in Myanmar.pptx
 
Plasma proteins_ Dr.Muralinath_Dr.c. kalyan
Plasma proteins_ Dr.Muralinath_Dr.c. kalyanPlasma proteins_ Dr.Muralinath_Dr.c. kalyan
Plasma proteins_ Dr.Muralinath_Dr.c. kalyan
 
Erythropoiesis- Dr.E. Muralinath-C Kalyan
Erythropoiesis- Dr.E. Muralinath-C KalyanErythropoiesis- Dr.E. Muralinath-C Kalyan
Erythropoiesis- Dr.E. Muralinath-C Kalyan
 
NuGOweek 2024 full programme - hosted by Ghent University
NuGOweek 2024 full programme - hosted by Ghent UniversityNuGOweek 2024 full programme - hosted by Ghent University
NuGOweek 2024 full programme - hosted by Ghent University
 
INSIGHT Partner Profile: Tampere University
INSIGHT Partner Profile: Tampere UniversityINSIGHT Partner Profile: Tampere University
INSIGHT Partner Profile: Tampere University
 
In-pond Race way systems for Aquaculture (IPRS).pptx
In-pond Race way systems for Aquaculture (IPRS).pptxIn-pond Race way systems for Aquaculture (IPRS).pptx
In-pond Race way systems for Aquaculture (IPRS).pptx
 
The Scientific names of some important families of Industrial plants .pdf
The Scientific names of some important families of Industrial plants .pdfThe Scientific names of some important families of Industrial plants .pdf
The Scientific names of some important families of Industrial plants .pdf
 
SCHISTOSOMA HEAMATOBIUM life cycle .pdf
SCHISTOSOMA HEAMATOBIUM life cycle .pdfSCHISTOSOMA HEAMATOBIUM life cycle .pdf
SCHISTOSOMA HEAMATOBIUM life cycle .pdf
 
Constraints on Neutrino Natal Kicks from Black-Hole Binary VFTS 243
Constraints on Neutrino Natal Kicks from Black-Hole Binary VFTS 243Constraints on Neutrino Natal Kicks from Black-Hole Binary VFTS 243
Constraints on Neutrino Natal Kicks from Black-Hole Binary VFTS 243
 
Hemoglobin metabolism: C Kalyan & E. Muralinath
Hemoglobin metabolism: C Kalyan & E. MuralinathHemoglobin metabolism: C Kalyan & E. Muralinath
Hemoglobin metabolism: C Kalyan & E. Muralinath
 
Land use land cover change analysis and detection of its drivers using geospa...
Land use land cover change analysis and detection of its drivers using geospa...Land use land cover change analysis and detection of its drivers using geospa...
Land use land cover change analysis and detection of its drivers using geospa...
 
GBSN - Microbiology Lab (Microbiology Lab Safety Procedures)
GBSN - Microbiology Lab (Microbiology Lab Safety Procedures)GBSN - Microbiology Lab (Microbiology Lab Safety Procedures)
GBSN - Microbiology Lab (Microbiology Lab Safety Procedures)
 
GBSN - Biochemistry (Unit 4) Chemistry of Carbohydrates
GBSN - Biochemistry (Unit 4) Chemistry of CarbohydratesGBSN - Biochemistry (Unit 4) Chemistry of Carbohydrates
GBSN - Biochemistry (Unit 4) Chemistry of Carbohydrates
 
Quantifying Artificial Intelligence and What Comes Next!
Quantifying Artificial Intelligence and What Comes Next!Quantifying Artificial Intelligence and What Comes Next!
Quantifying Artificial Intelligence and What Comes Next!
 
Jet reorientation in central galaxies of clusters and groups: insights from V...
Jet reorientation in central galaxies of clusters and groups: insights from V...Jet reorientation in central galaxies of clusters and groups: insights from V...
Jet reorientation in central galaxies of clusters and groups: insights from V...
 
Pests of Green Manures_Bionomics_IPM_Dr.UPR.pdf
Pests of Green Manures_Bionomics_IPM_Dr.UPR.pdfPests of Green Manures_Bionomics_IPM_Dr.UPR.pdf
Pests of Green Manures_Bionomics_IPM_Dr.UPR.pdf
 
Alternative method of dissolution in-vitro in-vivo correlation and dissolutio...
Alternative method of dissolution in-vitro in-vivo correlation and dissolutio...Alternative method of dissolution in-vitro in-vivo correlation and dissolutio...
Alternative method of dissolution in-vitro in-vivo correlation and dissolutio...
 

Towards a Digital teammate to support sensemaking in Cyber Security teams

  • 1. TOWARDS A DIGITAL TEAMMATE TO SUPPORT SENSEMAKING IN CYBER SECURITY TEAMS iHSI 2018 | Dr. Rick van der Kleij
  • 2. CYBER SECURITY Cyber security is the protection of computer systems from the theft and damage to their hardware, software or information, as well as from disruption or misdirection of the services they provide; Cyber security includes protecting against harm that may come due to malpractice by insiders (e.g., employees), whether intentional or accidental. Digital teammate to support collaborative sensemaking in Cyber Security Incident Response Teams 08 January 2018
  • 3. 08 January 2018Digital teammate to support collaborative sensemaking in Cyber Security Incident Response Teams
  • 5. HEADLINES: CYBER SECURITY = TEAMWORK http://www.csoonline.com/article/2844133/data-protection/chertoff-cybersecurity-takes-teamwork.html https://forums.juniper.net/t5/Government-Trends-and-Insights/IMPROVING-CYBERSECURITY-REQUIRES-TEAMWORK-AND-COLLABORATION/ba-p/283544
  • 6. PROBLEM DEFINITION Cyber security teams have a crucial role in protecting business processes and critical infrastructure; The information environment in cyber security can be characterized as a ‘big data problem’ for human analysts who have to process the large amounts of information to detect attacks; Professionals often have to work on an ad-hoc basis, in close cooperation with other teams, and in time constrained and distributed environments; Failure is not an option; It could be argued that under these working conditions these teams would be likely to encounter problems.
  • 7. PURPOSE & RESEARCH QUESTION Purpose: To investigate the need for support in professional Cyber Security Teams Research Question: “Are there any needs for improvements or issues that need to be resolved, and, if yes, how could support look like?“
  • 8. USER CENTERED DESIGN 08 January 2018Digital teammate to support collaborative sensemaking in Cyber Security Incident Response Teams
  • 9. CYBER SECURITY NEEDS MODEL Organization needs Team Performance needs Individual needs Instrumental needs Needs that pertain to Incident handling behavior or tangible outcomes, such as time to identification, or ability to remove threat Needs that pertain to the state of the team or level of team performance required for satisfactory functioning, such as team structure Needs that pertain to the individual’s abilities or attitudes, such as job satisfaction or team orientation Interventions or tools that are required to obtain a satisfactory level of functioning Van der Kleij, R. Kleinhuis, G., & Young, H. (2017). Computer Security Incident Response Team Effectiveness: A Needs Assessment. Frontiers in Psychology, 8, 1-8. Special issue on Mastering Cyberpower: Cognitive Sciences and The Human Factor in Civilian and Military Cyber Security
  • 10. ‘DATA FRAME MODEL OF SENSEMAKING’ “What is happening?”
  • 11. 08 January 2018Digital teammate to support collaborative sensemaking in Cyber Security Incident Response Teams
  • 12. EVIDENCE/ARGUMENTS MAPPING 08 January 2018Digital teammate to support collaborative sensemaking in Cyber Security Incident Response Teams
  • 13. PREMORTEM IN CYBER SECURITY? 1. Image that several hours have passed 2. Your [emergence response to contain the incident/ incident analysis] has been shown to be an utter disaster 3. Briefly explain why it was a disaster 4. Think of ways to address threats to success 08 January 2018Digital teammate to support collaborative sensemaking in Cyber Security Incident Response Teams
  • 14. USER CENTERED DESIGN 08 January 2018Digital teammate to support collaborative sensemaking in Cyber Security Incident Response Teams
  • 15. DIVERSE PHASE OF THE DESIGN 08 January 2018Digital teammate to support collaborative sensemaking in Cyber Security Incident Response Teams Innovative Digital assistant human aware Provides for incident and team awareness Observable, predictable and directableAble to connect different sites Facilitates sensemaking Lead to better & faster incident handlings services
  • 16. USER CENTERED DESIGN 08 January 2018Digital teammate to support collaborative sensemaking in Cyber Security Incident Response Teams
  • 17. 17 | Computer Security Incident Response Teams “John is available” “Could he be of assistance to you?” “What is the best approach to mitigate this threat?”
  • 18. Innovating for Cyber Security Professionals
  • 19. USER CENTERED DESIGN 08 January 2018Digital teammate to support collaborative sensemaking in Cyber Security Incident Response Teams
  • 20. 08 January 2018Digital teammate to support collaborative sensemaking in Cyber Security Incident Response Teams
  • 21. THE WAY FORWARD Our prototype is a first iteration of a support concept, integrating many needs on process and team support; We are now in the process of developing ways to enhance collaborative sensemaking in Security Operation Centres and Computer Security Incident Response Teams; Cyber security, as a system state, is dependant not only on human behaviour of target & threat entities, but on teamwork of cybersecurity professionals as well. 08 January 2018Digital teammate to support collaborative sensemaking in Cyber Security Incident Response Teams
  • 22. THANK YOU FOR YOUR ATTENTION Take a look: TIME.TNO.NL