SlideShare una empresa de Scribd logo
1 de 22
TOWARDS A DIGITAL TEAMMATE
TO SUPPORT SENSEMAKING IN
CYBER SECURITY TEAMS
iHSI 2018 | Dr. Rick van der Kleij
CYBER SECURITY
Cyber security is the protection of computer systems from the theft and damage
to their hardware, software or information, as well as from disruption or
misdirection of the services they provide;
Cyber security includes protecting against harm that may come due to
malpractice by insiders (e.g., employees), whether intentional or accidental.
Digital teammate to support collaborative sensemaking in Cyber Security Incident Response Teams 08 January 2018
08 January 2018Digital teammate to support collaborative sensemaking in Cyber Security Incident Response Teams
CYBER SECURITY PROFESSIONALS
Business
processe
s
HEADLINES: CYBER SECURITY = TEAMWORK
http://www.csoonline.com/article/2844133/data-protection/chertoff-cybersecurity-takes-teamwork.html
https://forums.juniper.net/t5/Government-Trends-and-Insights/IMPROVING-CYBERSECURITY-REQUIRES-TEAMWORK-AND-COLLABORATION/ba-p/283544
PROBLEM DEFINITION
Cyber security teams have a crucial role in protecting business processes and
critical infrastructure;
The information environment in cyber security can be characterized as a ‘big
data problem’ for human analysts who have to process the large amounts of
information to detect attacks;
Professionals often have to work on an ad-hoc basis, in close cooperation with
other teams, and in time constrained and distributed environments;
Failure is not an option;
It could be argued that under these working conditions these teams would be
likely to encounter problems.
PURPOSE & RESEARCH QUESTION
Purpose: To investigate the need for support in professional Cyber Security
Teams
Research Question: “Are there any needs for improvements or issues that need
to be resolved, and, if yes, how could support look like?“
USER CENTERED DESIGN
08 January 2018Digital teammate to support collaborative sensemaking in Cyber Security Incident Response Teams
CYBER SECURITY NEEDS MODEL
Organization
needs
Team
Performance
needs
Individual
needs
Instrumental
needs
Needs that pertain to Incident handling behavior or tangible outcomes,
such as time to identification, or ability to remove threat
Needs that pertain to the state of the team or level of team performance
required for satisfactory functioning, such as team structure
Needs that pertain to the individual’s abilities or attitudes, such as job
satisfaction or team orientation
Interventions or tools that are required to obtain a satisfactory level of
functioning
Van der Kleij, R. Kleinhuis, G., & Young, H. (2017). Computer Security Incident Response Team Effectiveness: A Needs Assessment. Frontiers in Psychology, 8, 1-8.
Special issue on Mastering Cyberpower: Cognitive Sciences and The Human Factor in Civilian and Military Cyber Security
‘DATA FRAME MODEL OF SENSEMAKING’
“What is happening?”
08 January 2018Digital teammate to support collaborative sensemaking in Cyber Security Incident Response Teams
EVIDENCE/ARGUMENTS MAPPING
08 January 2018Digital teammate to support collaborative sensemaking in Cyber Security Incident Response Teams
PREMORTEM IN CYBER SECURITY?
1. Image that several hours have
passed
2. Your [emergence response to
contain the incident/ incident
analysis] has been shown to be an
utter disaster
3. Briefly explain why it was a disaster
4. Think of ways to address threats to
success
08 January 2018Digital teammate to support collaborative sensemaking in Cyber Security Incident Response Teams
USER CENTERED DESIGN
08 January 2018Digital teammate to support collaborative sensemaking in Cyber Security Incident Response Teams
DIVERSE PHASE OF THE DESIGN
08 January 2018Digital teammate to support collaborative sensemaking in Cyber Security Incident Response Teams
Innovative
Digital
assistant
human
aware
Provides for
incident and team
awareness
Observable,
predictable and
directableAble to connect
different sites
Facilitates
sensemaking
Lead to better & faster
incident handlings services
USER CENTERED DESIGN
08 January 2018Digital teammate to support collaborative sensemaking in Cyber Security Incident Response Teams
17 | Computer Security Incident Response Teams
“John is
available”
“Could he be of
assistance to
you?”
“What is the best
approach to
mitigate this
threat?”
Innovating for Cyber Security Professionals
USER CENTERED DESIGN
08 January 2018Digital teammate to support collaborative sensemaking in Cyber Security Incident Response Teams
08 January 2018Digital teammate to support collaborative sensemaking in Cyber Security Incident Response Teams
THE WAY FORWARD
Our prototype is a first iteration of a support concept, integrating many
needs on process and team support;
We are now in the process of developing ways to enhance
collaborative sensemaking in Security Operation Centres and
Computer Security Incident Response Teams;
Cyber security, as a system state, is dependant not only on human
behaviour of target & threat entities, but on teamwork of cybersecurity
professionals as well.
08 January 2018Digital teammate to support collaborative sensemaking in Cyber Security Incident Response Teams
THANK YOU FOR YOUR
ATTENTION
Take a look:
TIME.TNO.NL

Más contenido relacionado

La actualidad más candente

Track-2307_KUKREJA.potx
Track-2307_KUKREJA.potxTrack-2307_KUKREJA.potx
Track-2307_KUKREJA.potx
Puneet Kukreja
 

La actualidad más candente (20)

NUS-ISS Learning Day 2018-Leading conversation in IoT security
NUS-ISS Learning Day 2018-Leading conversation in IoT securityNUS-ISS Learning Day 2018-Leading conversation in IoT security
NUS-ISS Learning Day 2018-Leading conversation in IoT security
 
2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...
2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...
2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...
 
Windstream Managed Network Security Presentation
Windstream Managed Network Security PresentationWindstream Managed Network Security Presentation
Windstream Managed Network Security Presentation
 
Case study: ISO 27001 Certification Readiness - Happiest Minds
Case study: ISO 27001 Certification Readiness - Happiest MindsCase study: ISO 27001 Certification Readiness - Happiest Minds
Case study: ISO 27001 Certification Readiness - Happiest Minds
 
Haystax Technology - About Us
Haystax Technology - About UsHaystax Technology - About Us
Haystax Technology - About Us
 
The Engine Behind 'Discovery': Elasticsearch Service @ CreatorIQ
The Engine Behind 'Discovery': Elasticsearch Service @ CreatorIQThe Engine Behind 'Discovery': Elasticsearch Service @ CreatorIQ
The Engine Behind 'Discovery': Elasticsearch Service @ CreatorIQ
 
Whole Person Risk Modeling
Whole Person Risk ModelingWhole Person Risk Modeling
Whole Person Risk Modeling
 
Haystax: Actionable Intelligence Platform
Haystax: Actionable Intelligence PlatformHaystax: Actionable Intelligence Platform
Haystax: Actionable Intelligence Platform
 
Track-2307_KUKREJA.potx
Track-2307_KUKREJA.potxTrack-2307_KUKREJA.potx
Track-2307_KUKREJA.potx
 
How to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security AnalyticsHow to Operationalize Big Data Security Analytics
How to Operationalize Big Data Security Analytics
 
What is still missed for security real life facts
What is still missed for security  real life factsWhat is still missed for security  real life facts
What is still missed for security real life facts
 
Scalar security study2017_slideshare_rev[1]
Scalar security study2017_slideshare_rev[1]Scalar security study2017_slideshare_rev[1]
Scalar security study2017_slideshare_rev[1]
 
The National Security Agency (NSA) -- PRISM Surveillance System _Not a Surpri...
The National Security Agency (NSA) -- PRISM Surveillance System _Not a Surpri...The National Security Agency (NSA) -- PRISM Surveillance System _Not a Surpri...
The National Security Agency (NSA) -- PRISM Surveillance System _Not a Surpri...
 
Radical Innovation In Security (New Techniques Applied To Tomorrow’s Risk)
Radical Innovation In Security (New Techniques Applied To Tomorrow’s Risk)Radical Innovation In Security (New Techniques Applied To Tomorrow’s Risk)
Radical Innovation In Security (New Techniques Applied To Tomorrow’s Risk)
 
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptxNtxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
 
Solution Spotlight IT Consulting Services
Solution Spotlight  IT Consulting ServicesSolution Spotlight  IT Consulting Services
Solution Spotlight IT Consulting Services
 
How to make managed services work
How to make managed services workHow to make managed services work
How to make managed services work
 
Hacked: Threats, Trends and the Power of Connected Data
Hacked: Threats, Trends and the Power of Connected DataHacked: Threats, Trends and the Power of Connected Data
Hacked: Threats, Trends and the Power of Connected Data
 
Driving IT Transformation with Agile Analytics
Driving IT Transformation with Agile AnalyticsDriving IT Transformation with Agile Analytics
Driving IT Transformation with Agile Analytics
 
[International Workshop on Cybersecurity] THREAT INFO SHARING IN PRIVATE SECTOR
[International Workshop on Cybersecurity] THREAT INFO SHARING IN PRIVATE SECTOR[International Workshop on Cybersecurity] THREAT INFO SHARING IN PRIVATE SECTOR
[International Workshop on Cybersecurity] THREAT INFO SHARING IN PRIVATE SECTOR
 

Similar a Towards a Digital teammate to support sensemaking in Cyber Security teams

Similar a Towards a Digital teammate to support sensemaking in Cyber Security teams (20)

The 10 most trusted cyber threat solution providers
The 10 most trusted cyber threat solution providersThe 10 most trusted cyber threat solution providers
The 10 most trusted cyber threat solution providers
 
Proactive Risk Management and Compliance in a World of Digital Disruption
Proactive Risk Management and Compliance in a World of Digital DisruptionProactive Risk Management and Compliance in a World of Digital Disruption
Proactive Risk Management and Compliance in a World of Digital Disruption
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019
 
Operationalizing Big Data Security Analytics - IANS Forum Dallas
Operationalizing Big Data Security Analytics - IANS Forum DallasOperationalizing Big Data Security Analytics - IANS Forum Dallas
Operationalizing Big Data Security Analytics - IANS Forum Dallas
 
Cultivate a stronger corporate culture to enhance cybersecurity
Cultivate a stronger corporate culture to enhance cybersecurityCultivate a stronger corporate culture to enhance cybersecurity
Cultivate a stronger corporate culture to enhance cybersecurity
 
Akamai 2018 Spring state of the Internet security report
Akamai 2018 Spring state of the Internet security reportAkamai 2018 Spring state of the Internet security report
Akamai 2018 Spring state of the Internet security report
 
Human factors in cybersecurity: Needs assessment
Human factors in cybersecurity: Needs assessment Human factors in cybersecurity: Needs assessment
Human factors in cybersecurity: Needs assessment
 
CounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat ManagementCounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat Management
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
The 10 most trusted companies in enterprise security 2019
The 10 most trusted companies in enterprise security 2019The 10 most trusted companies in enterprise security 2019
The 10 most trusted companies in enterprise security 2019
 
NUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS Learning Day 2019-Architecting security in the digital ageNUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS Learning Day 2019-Architecting security in the digital age
 
Cyber security trends 2018
Cyber security trends 2018Cyber security trends 2018
Cyber security trends 2018
 
The Security Challenge: What's Next?
The Security Challenge: What's Next?The Security Challenge: What's Next?
The Security Challenge: What's Next?
 
Corporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious GameCorporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious Game
 
The Importance of Cybersecurity in Software Development.pdf
The Importance of Cybersecurity in Software Development.pdfThe Importance of Cybersecurity in Software Development.pdf
The Importance of Cybersecurity in Software Development.pdf
 
Gill_Pat.2016.Resume.CISO.1
Gill_Pat.2016.Resume.CISO.1Gill_Pat.2016.Resume.CISO.1
Gill_Pat.2016.Resume.CISO.1
 
9545-RR-Why-Use-MSSP
9545-RR-Why-Use-MSSP9545-RR-Why-Use-MSSP
9545-RR-Why-Use-MSSP
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & Practices
 
Introduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceIntroduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber Resilience
 

Más de Rick van der Kleij

Opportunities for social media in a comprehensive approach
Opportunities for social media in a comprehensive approachOpportunities for social media in a comprehensive approach
Opportunities for social media in a comprehensive approach
Rick van der Kleij
 

Más de Rick van der Kleij (11)

Cybercrime? Daarvoor is mijn bedrijf te klein!
Cybercrime? Daarvoor is mijn bedrijf te klein!Cybercrime? Daarvoor is mijn bedrijf te klein!
Cybercrime? Daarvoor is mijn bedrijf te klein!
 
Organisatieslachtofferschap van cybercrime
Organisatieslachtofferschap van cybercrime Organisatieslachtofferschap van cybercrime
Organisatieslachtofferschap van cybercrime
 
Cyberweerbaarheid mkb (SMEs) regio Den Haag
Cyberweerbaarheid mkb (SMEs) regio Den Haag Cyberweerbaarheid mkb (SMEs) regio Den Haag
Cyberweerbaarheid mkb (SMEs) regio Den Haag
 
Human factors in cybersecurity
Human factors in cybersecurity Human factors in cybersecurity
Human factors in cybersecurity
 
Verhogen effectiviteit cameratoezicht (svob kenniscafé 17 april 2014)
Verhogen effectiviteit cameratoezicht (svob kenniscafé 17 april 2014)Verhogen effectiviteit cameratoezicht (svob kenniscafé 17 april 2014)
Verhogen effectiviteit cameratoezicht (svob kenniscafé 17 april 2014)
 
Wanneer veiligheid een service is (en wanneer niet)
Wanneer veiligheid een service is (en wanneer niet) Wanneer veiligheid een service is (en wanneer niet)
Wanneer veiligheid een service is (en wanneer niet)
 
Social media for influence operations
Social media for influence operationsSocial media for influence operations
Social media for influence operations
 
Landmacht 2.0 sociale media
Landmacht 2.0 sociale mediaLandmacht 2.0 sociale media
Landmacht 2.0 sociale media
 
Opportunities for social media in a comprehensive approach
Opportunities for social media in a comprehensive approachOpportunities for social media in a comprehensive approach
Opportunities for social media in a comprehensive approach
 
Boundary spanning in military operations
Boundary spanning in military operationsBoundary spanning in military operations
Boundary spanning in military operations
 
Coordinating across boundaries: The importance of members' personalities
Coordinating across boundaries: The importance of members' personalitiesCoordinating across boundaries: The importance of members' personalities
Coordinating across boundaries: The importance of members' personalities
 

Último

The Mariana Trench remarkable geological features on Earth.pptx
The Mariana Trench remarkable geological features on Earth.pptxThe Mariana Trench remarkable geological features on Earth.pptx
The Mariana Trench remarkable geological features on Earth.pptx
seri bangash
 
Digital Dentistry.Digital Dentistryvv.pptx
Digital Dentistry.Digital Dentistryvv.pptxDigital Dentistry.Digital Dentistryvv.pptx
Digital Dentistry.Digital Dentistryvv.pptx
MohamedFarag457087
 
Bacterial Identification and Classifications
Bacterial Identification and ClassificationsBacterial Identification and Classifications
Bacterial Identification and Classifications
Areesha Ahmad
 
Asymmetry in the atmosphere of the ultra-hot Jupiter WASP-76 b
Asymmetry in the atmosphere of the ultra-hot Jupiter WASP-76 bAsymmetry in the atmosphere of the ultra-hot Jupiter WASP-76 b
Asymmetry in the atmosphere of the ultra-hot Jupiter WASP-76 b
Sérgio Sacani
 
Human genetics..........................pptx
Human genetics..........................pptxHuman genetics..........................pptx
Human genetics..........................pptx
Silpa
 
POGONATUM : morphology, anatomy, reproduction etc.
POGONATUM : morphology, anatomy, reproduction etc.POGONATUM : morphology, anatomy, reproduction etc.
POGONATUM : morphology, anatomy, reproduction etc.
Silpa
 
biology HL practice questions IB BIOLOGY
biology HL practice questions IB BIOLOGYbiology HL practice questions IB BIOLOGY
biology HL practice questions IB BIOLOGY
1301aanya
 
(May 9, 2024) Enhanced Ultrafast Vector Flow Imaging (VFI) Using Multi-Angle ...
(May 9, 2024) Enhanced Ultrafast Vector Flow Imaging (VFI) Using Multi-Angle ...(May 9, 2024) Enhanced Ultrafast Vector Flow Imaging (VFI) Using Multi-Angle ...
(May 9, 2024) Enhanced Ultrafast Vector Flow Imaging (VFI) Using Multi-Angle ...
Scintica Instrumentation
 

Último (20)

The Mariana Trench remarkable geological features on Earth.pptx
The Mariana Trench remarkable geological features on Earth.pptxThe Mariana Trench remarkable geological features on Earth.pptx
The Mariana Trench remarkable geological features on Earth.pptx
 
Grade 7 - Lesson 1 - Microscope and Its Functions
Grade 7 - Lesson 1 - Microscope and Its FunctionsGrade 7 - Lesson 1 - Microscope and Its Functions
Grade 7 - Lesson 1 - Microscope and Its Functions
 
Site Acceptance Test .
Site Acceptance Test                    .Site Acceptance Test                    .
Site Acceptance Test .
 
Digital Dentistry.Digital Dentistryvv.pptx
Digital Dentistry.Digital Dentistryvv.pptxDigital Dentistry.Digital Dentistryvv.pptx
Digital Dentistry.Digital Dentistryvv.pptx
 
Bacterial Identification and Classifications
Bacterial Identification and ClassificationsBacterial Identification and Classifications
Bacterial Identification and Classifications
 
COMPUTING ANTI-DERIVATIVES (Integration by SUBSTITUTION)
COMPUTING ANTI-DERIVATIVES(Integration by SUBSTITUTION)COMPUTING ANTI-DERIVATIVES(Integration by SUBSTITUTION)
COMPUTING ANTI-DERIVATIVES (Integration by SUBSTITUTION)
 
Clean In Place(CIP).pptx .
Clean In Place(CIP).pptx                 .Clean In Place(CIP).pptx                 .
Clean In Place(CIP).pptx .
 
Dr. E. Muralinath_ Blood indices_clinical aspects
Dr. E. Muralinath_ Blood indices_clinical  aspectsDr. E. Muralinath_ Blood indices_clinical  aspects
Dr. E. Muralinath_ Blood indices_clinical aspects
 
GBSN - Microbiology (Unit 2)
GBSN - Microbiology (Unit 2)GBSN - Microbiology (Unit 2)
GBSN - Microbiology (Unit 2)
 
Bhiwandi Bhiwandi ❤CALL GIRL 7870993772 ❤CALL GIRLS ESCORT SERVICE In Bhiwan...
Bhiwandi Bhiwandi ❤CALL GIRL 7870993772 ❤CALL GIRLS  ESCORT SERVICE In Bhiwan...Bhiwandi Bhiwandi ❤CALL GIRL 7870993772 ❤CALL GIRLS  ESCORT SERVICE In Bhiwan...
Bhiwandi Bhiwandi ❤CALL GIRL 7870993772 ❤CALL GIRLS ESCORT SERVICE In Bhiwan...
 
Use of mutants in understanding seedling development.pptx
Use of mutants in understanding seedling development.pptxUse of mutants in understanding seedling development.pptx
Use of mutants in understanding seedling development.pptx
 
Climate Change Impacts on Terrestrial and Aquatic Ecosystems.pptx
Climate Change Impacts on Terrestrial and Aquatic Ecosystems.pptxClimate Change Impacts on Terrestrial and Aquatic Ecosystems.pptx
Climate Change Impacts on Terrestrial and Aquatic Ecosystems.pptx
 
Molecular markers- RFLP, RAPD, AFLP, SNP etc.
Molecular markers- RFLP, RAPD, AFLP, SNP etc.Molecular markers- RFLP, RAPD, AFLP, SNP etc.
Molecular markers- RFLP, RAPD, AFLP, SNP etc.
 
Asymmetry in the atmosphere of the ultra-hot Jupiter WASP-76 b
Asymmetry in the atmosphere of the ultra-hot Jupiter WASP-76 bAsymmetry in the atmosphere of the ultra-hot Jupiter WASP-76 b
Asymmetry in the atmosphere of the ultra-hot Jupiter WASP-76 b
 
GBSN - Biochemistry (Unit 1)
GBSN - Biochemistry (Unit 1)GBSN - Biochemistry (Unit 1)
GBSN - Biochemistry (Unit 1)
 
Human genetics..........................pptx
Human genetics..........................pptxHuman genetics..........................pptx
Human genetics..........................pptx
 
POGONATUM : morphology, anatomy, reproduction etc.
POGONATUM : morphology, anatomy, reproduction etc.POGONATUM : morphology, anatomy, reproduction etc.
POGONATUM : morphology, anatomy, reproduction etc.
 
biology HL practice questions IB BIOLOGY
biology HL practice questions IB BIOLOGYbiology HL practice questions IB BIOLOGY
biology HL practice questions IB BIOLOGY
 
Proteomics: types, protein profiling steps etc.
Proteomics: types, protein profiling steps etc.Proteomics: types, protein profiling steps etc.
Proteomics: types, protein profiling steps etc.
 
(May 9, 2024) Enhanced Ultrafast Vector Flow Imaging (VFI) Using Multi-Angle ...
(May 9, 2024) Enhanced Ultrafast Vector Flow Imaging (VFI) Using Multi-Angle ...(May 9, 2024) Enhanced Ultrafast Vector Flow Imaging (VFI) Using Multi-Angle ...
(May 9, 2024) Enhanced Ultrafast Vector Flow Imaging (VFI) Using Multi-Angle ...
 

Towards a Digital teammate to support sensemaking in Cyber Security teams

  • 1. TOWARDS A DIGITAL TEAMMATE TO SUPPORT SENSEMAKING IN CYBER SECURITY TEAMS iHSI 2018 | Dr. Rick van der Kleij
  • 2. CYBER SECURITY Cyber security is the protection of computer systems from the theft and damage to their hardware, software or information, as well as from disruption or misdirection of the services they provide; Cyber security includes protecting against harm that may come due to malpractice by insiders (e.g., employees), whether intentional or accidental. Digital teammate to support collaborative sensemaking in Cyber Security Incident Response Teams 08 January 2018
  • 3. 08 January 2018Digital teammate to support collaborative sensemaking in Cyber Security Incident Response Teams
  • 5. HEADLINES: CYBER SECURITY = TEAMWORK http://www.csoonline.com/article/2844133/data-protection/chertoff-cybersecurity-takes-teamwork.html https://forums.juniper.net/t5/Government-Trends-and-Insights/IMPROVING-CYBERSECURITY-REQUIRES-TEAMWORK-AND-COLLABORATION/ba-p/283544
  • 6. PROBLEM DEFINITION Cyber security teams have a crucial role in protecting business processes and critical infrastructure; The information environment in cyber security can be characterized as a ‘big data problem’ for human analysts who have to process the large amounts of information to detect attacks; Professionals often have to work on an ad-hoc basis, in close cooperation with other teams, and in time constrained and distributed environments; Failure is not an option; It could be argued that under these working conditions these teams would be likely to encounter problems.
  • 7. PURPOSE & RESEARCH QUESTION Purpose: To investigate the need for support in professional Cyber Security Teams Research Question: “Are there any needs for improvements or issues that need to be resolved, and, if yes, how could support look like?“
  • 8. USER CENTERED DESIGN 08 January 2018Digital teammate to support collaborative sensemaking in Cyber Security Incident Response Teams
  • 9. CYBER SECURITY NEEDS MODEL Organization needs Team Performance needs Individual needs Instrumental needs Needs that pertain to Incident handling behavior or tangible outcomes, such as time to identification, or ability to remove threat Needs that pertain to the state of the team or level of team performance required for satisfactory functioning, such as team structure Needs that pertain to the individual’s abilities or attitudes, such as job satisfaction or team orientation Interventions or tools that are required to obtain a satisfactory level of functioning Van der Kleij, R. Kleinhuis, G., & Young, H. (2017). Computer Security Incident Response Team Effectiveness: A Needs Assessment. Frontiers in Psychology, 8, 1-8. Special issue on Mastering Cyberpower: Cognitive Sciences and The Human Factor in Civilian and Military Cyber Security
  • 10. ‘DATA FRAME MODEL OF SENSEMAKING’ “What is happening?”
  • 11. 08 January 2018Digital teammate to support collaborative sensemaking in Cyber Security Incident Response Teams
  • 12. EVIDENCE/ARGUMENTS MAPPING 08 January 2018Digital teammate to support collaborative sensemaking in Cyber Security Incident Response Teams
  • 13. PREMORTEM IN CYBER SECURITY? 1. Image that several hours have passed 2. Your [emergence response to contain the incident/ incident analysis] has been shown to be an utter disaster 3. Briefly explain why it was a disaster 4. Think of ways to address threats to success 08 January 2018Digital teammate to support collaborative sensemaking in Cyber Security Incident Response Teams
  • 14. USER CENTERED DESIGN 08 January 2018Digital teammate to support collaborative sensemaking in Cyber Security Incident Response Teams
  • 15. DIVERSE PHASE OF THE DESIGN 08 January 2018Digital teammate to support collaborative sensemaking in Cyber Security Incident Response Teams Innovative Digital assistant human aware Provides for incident and team awareness Observable, predictable and directableAble to connect different sites Facilitates sensemaking Lead to better & faster incident handlings services
  • 16. USER CENTERED DESIGN 08 January 2018Digital teammate to support collaborative sensemaking in Cyber Security Incident Response Teams
  • 17. 17 | Computer Security Incident Response Teams “John is available” “Could he be of assistance to you?” “What is the best approach to mitigate this threat?”
  • 18. Innovating for Cyber Security Professionals
  • 19. USER CENTERED DESIGN 08 January 2018Digital teammate to support collaborative sensemaking in Cyber Security Incident Response Teams
  • 20. 08 January 2018Digital teammate to support collaborative sensemaking in Cyber Security Incident Response Teams
  • 21. THE WAY FORWARD Our prototype is a first iteration of a support concept, integrating many needs on process and team support; We are now in the process of developing ways to enhance collaborative sensemaking in Security Operation Centres and Computer Security Incident Response Teams; Cyber security, as a system state, is dependant not only on human behaviour of target & threat entities, but on teamwork of cybersecurity professionals as well. 08 January 2018Digital teammate to support collaborative sensemaking in Cyber Security Incident Response Teams
  • 22. THANK YOU FOR YOUR ATTENTION Take a look: TIME.TNO.NL