Cognitive Impacts of Explainable AI in Cybersecurity Incident Response: Challenges and Propositions

IF 6.9 3区管理学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Information Systems Frontiers Pub Date : 2025-05-13 DOI:10.1007/s10796-025-10609-y

Chen Zhong, Alper Yayla

{"title":"Cognitive Impacts of Explainable AI in Cybersecurity Incident Response: Challenges and Propositions","authors":"Chen Zhong, Alper Yayla","doi":"10.1007/s10796-025-10609-y","DOIUrl":null,"url":null,"abstract":"<p>Cybersecurity incident response (CSIR) is paramount for organizational resilience. At its core, analysts undertake a cognitively demanding process of data analytics to correlate data points, identify patterns, and synthesize diverse information. Recently, artificial intelligence (AI) based solutions have been utilized to streamline CSIR workflows, notably with an increasing focus on explainable AI (XAI) to ensure transparency. However, XAI also poses challenges, requiring analysts to allocate additional time to process explanations. This study addresses the gap in understanding how AI and its explanations can be seamlessly integrated into CSIR workflows. Employing a multi-method approach, we first interviewed analysts to identify their cognitive challenges, interactions with AI, and expectations from XAI. In a subsequent case study, we investigated the evolution of analysts' needs for AI explanations throughout the investigative process. Our findings yield several key propositions for addressing the cognitive impacts of XAI in CSIR, aiming to enhance cognitive fit to reduce analysts' cognitive load during investigations.</p>","PeriodicalId":13610,"journal":{"name":"Information Systems Frontiers","volume":"41 1","pages":""},"PeriodicalIF":6.9000,"publicationDate":"2025-05-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information Systems Frontiers","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s10796-025-10609-y","RegionNum":3,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Cybersecurity incident response (CSIR) is paramount for organizational resilience. At its core, analysts undertake a cognitively demanding process of data analytics to correlate data points, identify patterns, and synthesize diverse information. Recently, artificial intelligence (AI) based solutions have been utilized to streamline CSIR workflows, notably with an increasing focus on explainable AI (XAI) to ensure transparency. However, XAI also poses challenges, requiring analysts to allocate additional time to process explanations. This study addresses the gap in understanding how AI and its explanations can be seamlessly integrated into CSIR workflows. Employing a multi-method approach, we first interviewed analysts to identify their cognitive challenges, interactions with AI, and expectations from XAI. In a subsequent case study, we investigated the evolution of analysts' needs for AI explanations throughout the investigative process. Our findings yield several key propositions for addressing the cognitive impacts of XAI in CSIR, aiming to enhance cognitive fit to reduce analysts' cognitive load during investigations.

查看原文本刊更多论文

可解释人工智能在网络安全事件响应中的认知影响：挑战与主张

网络安全事件响应（CSIR）对组织弹性至关重要。在其核心，分析师承担一个认知要求的数据分析过程，以关联数据点，识别模式，并综合不同的信息。最近，基于人工智能（AI）的解决方案已被用于简化CSIR工作流程，特别是越来越关注可解释的人工智能（XAI），以确保透明度。然而，XAI也带来了挑战，要求分析人员分配额外的时间来处理解释。这项研究解决了理解人工智能及其解释如何无缝集成到CSIR工作流程中的空白。采用多方法方法，我们首先采访了分析师，以确定他们的认知挑战、与人工智能的互动以及对XAI的期望。在随后的案例研究中，我们调查了分析师在整个调查过程中对人工智能解释需求的演变。我们的研究结果为解决CSIR中XAI的认知影响提出了几个关键命题，旨在提高认知契合度，以减少分析师在调查过程中的认知负荷。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Information Systems Frontiers 工程技术-计算机：理论方法

CiteScore

13.30

自引率

18.60%

发文量

127

审稿时长

9 months

期刊介绍： The interdisciplinary interfaces of Information Systems (IS) are fast emerging as defining areas of research and development in IS. These developments are largely due to the transformation of Information Technology (IT) towards networked worlds and its effects on global communications and economies. While these developments are shaping the way information is used in all forms of human enterprise, they are also setting the tone and pace of information systems of the future. The major advances in IT such as client/server systems, the Internet and the desktop/multimedia computing revolution, for example, have led to numerous important vistas of research and development with considerable practical impact and academic significance. While the industry seeks to develop high performance IS/IT solutions to a variety of contemporary information support needs, academia looks to extend the reach of IS technology into new application domains. Information Systems Frontiers (ISF) aims to provide a common forum of dissemination of frontline industrial developments of substantial academic value and pioneering academic research of significant practical impact.