{"title":"网络态势感知测量技术的开发和验证","authors":"Patrik Lif, M. Granåsen, T. Sommestad","doi":"10.1109/CyberSA.2017.8073388","DOIUrl":null,"url":null,"abstract":"Within the cyber security domain, specifically within the field of computer network defence, professional log analysts are employed to monitor organizations' networks in order to detect malicious activity and suggest necessary measures. A log analyst needs to perceive malicious activity, comprehend the impact and type of threat, and predict future consequences. In other words, they need good cyber situation awareness. Research about cyber situation awareness measurement is limited, especially when it comes to practical examples. The current paper describes the development and validation of a freeze-probe technique aiming to measure log analysts' situation awareness. Goal directed task analysis and hierarchical task analysis were used to develop a first version of a measurement technique. The measurement technique had the form of two questionnaires designed for the two different roles in log analysis. The validation was conducted in a realistic setting during an exercise involving five professionals, where the questionnaires were well received by the log analysts. Only smaller adjustments were suggested. The results suggest that the technique can be used to evaluate cyber situation awareness for log analysts, as well as function as a tool in log analysts' daily work to keep track of incidents.","PeriodicalId":365296,"journal":{"name":"2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"13","resultStr":"{\"title\":\"Development and validation of technique to measure cyber situation awareness\",\"authors\":\"Patrik Lif, M. Granåsen, T. Sommestad\",\"doi\":\"10.1109/CyberSA.2017.8073388\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Within the cyber security domain, specifically within the field of computer network defence, professional log analysts are employed to monitor organizations' networks in order to detect malicious activity and suggest necessary measures. A log analyst needs to perceive malicious activity, comprehend the impact and type of threat, and predict future consequences. In other words, they need good cyber situation awareness. Research about cyber situation awareness measurement is limited, especially when it comes to practical examples. The current paper describes the development and validation of a freeze-probe technique aiming to measure log analysts' situation awareness. Goal directed task analysis and hierarchical task analysis were used to develop a first version of a measurement technique. The measurement technique had the form of two questionnaires designed for the two different roles in log analysis. The validation was conducted in a realistic setting during an exercise involving five professionals, where the questionnaires were well received by the log analysts. Only smaller adjustments were suggested. The results suggest that the technique can be used to evaluate cyber situation awareness for log analysts, as well as function as a tool in log analysts' daily work to keep track of incidents.\",\"PeriodicalId\":365296,\"journal\":{\"name\":\"2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-06-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"13\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CyberSA.2017.8073388\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CyberSA.2017.8073388","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Development and validation of technique to measure cyber situation awareness
Within the cyber security domain, specifically within the field of computer network defence, professional log analysts are employed to monitor organizations' networks in order to detect malicious activity and suggest necessary measures. A log analyst needs to perceive malicious activity, comprehend the impact and type of threat, and predict future consequences. In other words, they need good cyber situation awareness. Research about cyber situation awareness measurement is limited, especially when it comes to practical examples. The current paper describes the development and validation of a freeze-probe technique aiming to measure log analysts' situation awareness. Goal directed task analysis and hierarchical task analysis were used to develop a first version of a measurement technique. The measurement technique had the form of two questionnaires designed for the two different roles in log analysis. The validation was conducted in a realistic setting during an exercise involving five professionals, where the questionnaires were well received by the log analysts. Only smaller adjustments were suggested. The results suggest that the technique can be used to evaluate cyber situation awareness for log analysts, as well as function as a tool in log analysts' daily work to keep track of incidents.