Presentation is loading. Please wait.

Presentation is loading. Please wait.

Research Task / Overview Overview1 Goals & Objectives

Published byKevin Clarke Modified over 6 years ago

Similar presentations

Presentation on theme: "Research Task / Overview Overview1 Goals & Objectives"— Presentation transcript:

1 Research Task / Overview Overview1 Goals & Objectives
Cybersecurity Decision Patterns as Adaptive Knowledge Encoding in Cybersecurity Operations Keith D. Willett, PhD Candidate, Enterprise Security Architect, DoD Advisor: Dr. Mark Blackburn Research Task / Overview Overview1 Goals & Objectives Computational Methods Define and elaborate on a method for knowledge management in cybersecurity operations with the intent of knowledge reuse for: Introduce and continually improve security automation.  hypothesis People to people knowledge sharing (people-enhanced cognition (PEC)). Machine use of knowledge in real-time operations. Foundation from which to train artificial intelligence (machine-enhanced cognition (MEC)). Imagine you are a cybersecurity analyst newly prepared with best practices of the day. You are excited to perform good work for a good cause. Fast forward six months when you realize you are constrained by best practices and 98% of what you do are rote tasks with little to no time to explore new, unique scenarios. Cybersecurity Decision Patterns… more of what works, faster! Cybersecurity Decision Patterns (CDPs): capture and reuse knowledge …for processing anomalies in 11 workflow phases …to increase quantity of known-known anomalies processed A cybersecurity operations framework conducive to identify the role, fit, function, and impact of any cybersecurity solution System dynamics modeling as a surrogate to people to test hypothesis Experiment Design: Control group: anomaly processing without CDPs Treated group: anomaly processing with CDPs Data & Analysis Methodology Quantitative: CDP affect on quantity of anomalies processed Qualitative: cybersecurity tactical framework to analyze operations Approach: system dynamics modeling of cybersecurity operations to test the role, fit, function, and impact of using CDPs to introduce and continually improve security automation. Tactical Context Dynamic interaction of cybersecurity domain Elaborate on and quantify the tactical focus (e.g. quantity of anomalies) Hypothesis Test for KK Characterize Conclusion: CDPs do significantly improve the quantity of known-known (KK) anomalies processed within the characterize workflow phase. Hypothesis Test for KK Notify Conclusion: CDPs do significantly improve the quantity of known-known anomalies processed within the notify workflow phase. Tactical Focus Hypothesis Test for KK Escalate Conclusion: CDPs do not significantly improve the quantity of known-known anomalies processed within the escalate workflow phase. Hypothesis Test for KK Triage Conclusion: CDPs do significantly improve the quantity of known-known anomalies processed within the triage workflow phase. Elaboration of Tactical Framework (Cybersecurity Operations Workflow) Monitor: ongoing observation with intent to raise awareness Detect: indicator of anomaly Characterize: known-known, known-unknown, unknown-unknown, unknown-known Notify: first tier support Triage: determine priorities Escalate: send to subject matter expert(s) Isolate: contain threat or threat effects Restore: restore effective operations even at diminished efficiency Root Cause Analysis: identify root cause of problem Recover: recover effective & efficient operations to desired performance level Feedback: minimize recurrence and effects of recurrence Hypothesis Test for KK Restore Conclusion: CDPs do significantly improve the quantity of known-known anomalies processed within the restore workflow phase. Hypothesis Test for KK Isolate Conclusion: CDPs do significantly improve the quantity of known-known anomalies processed within the isolate workflow phase. Future Research Operationalize: Cybersecurity Decision Patterns (CDPs) as a foundation from which to train artificial intelligence in the domain of cybersecurity operations; and, Cybersecurity Decision Pattern Language (CDPL) as a repository from which to identify and apply knowledge in the form of people-enhanced cognition (PEC) and machine-enhanced cognition (MEC). Hypothesis Test for KK Recover Conclusion: CDPs do not significantly improve the quantity of known-known anomalies processed within the recover workflow phase. Conclusions CDPs have significant affect on most workflow phases. Exceptions: Detect: purposely not included Escalate: Root Cause Analysis: manual only Feedback: manual only Contacts/References Imagine you are a new cybersecurity analyst… fast forward six months when you realize CDPs help free you from rote tasks and provide you time to constantly explore new, unique scenarios. Keith D. Willett; Dr. Mark Blackburn; SERC Sponsor Research Review, November 17, 2016

Download ppt "Research Task / Overview Overview1 Goals & Objectives"

Similar presentations

1 The role of human in ATM automation: a key issue Alain Printemps head of DNA/CENA.

1 The role of human in ATM automation: a key issue Alain Printemps head of DNA/CENA.
Name:Ms. Hinal Shah Student ID: 41388577 Supervisor: Dr. Peter Busch Date: 13 th November 2009 Grounded Theory Map of “Innovation Knowledge”

Name:Ms. Hinal Shah Student ID: Supervisor: Dr. Peter Busch Date: 13 th November 2009 Grounded Theory Map of “Innovation Knowledge”
CAP 252 Lecture Topic: Requirement Analysis Class Exercise: Use Cases.

CAP 252 Lecture Topic: Requirement Analysis Class Exercise: Use Cases.
PSU CS 370 – Artificial Intelligence Dr. Mohamed Tounsi Artificial Intelligence 1. Introduction Dr. M. Tounsi.

PSU CS 370 – Artificial Intelligence Dr. Mohamed Tounsi Artificial Intelligence 1. Introduction Dr. M. Tounsi.
Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.

Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.
Research team members Adaptive Complex Enterprise Data Warehousing Repository Generation Semantic Web Knowledge Extraction.

Research team members Adaptive Complex Enterprise Data Warehousing Repository Generation Semantic Web Knowledge Extraction.
LEARN. NETWORK. DISCOVER. | #QADexplore Implementing Business Process Management: Steps to Success WCUG – November 18, 2014.

LEARN. NETWORK. DISCOVER. | #QADexplore Implementing Business Process Management: Steps to Success WCUG – November 18, 2014.
What is Business Analysis Planning & Monitoring?

What is Business Analysis Planning & Monitoring?
S/W Project Management

S/W Project Management
Supporting Resilence in Air Traffic Management A. Tedeschi, M. Felici, V. Meduri, C. Riccucci SERENE 2008 November 17-19, 2008, Newcastle upon Tyne, UK.

Supporting Resilence in Air Traffic Management A. Tedeschi, M. Felici, V. Meduri, C. Riccucci SERENE 2008 November 17-19, 2008, Newcastle upon Tyne, UK.
Chapter 1: Business Intelligence and its Impacts

Chapter 1: Business Intelligence and its Impacts
Annual SERC Research Review, October 5-6, 2011 1 By Jennifer Bayuk Annual SERC Research Review October 5-6, 2011 University of Maryland Marriott Inn and.

Annual SERC Research Review, October 5-6, By Jennifer Bayuk Annual SERC Research Review October 5-6, 2011 University of Maryland Marriott Inn and.
CSIAC is a DoD Information Analysis Center (IAC) sponsored by the Defense Technical Information Center (DTIC) Presentation to: Insider Threat SOAR Workshop.

CSIAC is a DoD Information Analysis Center (IAC) sponsored by the Defense Technical Information Center (DTIC) Presentation to: Insider Threat SOAR Workshop.
11 C H A P T E R Artificial Intelligence and Expert Systems.

11 C H A P T E R Artificial Intelligence and Expert Systems.
Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley The Resonant Interface HCI Foundations for Interaction Design First Edition.

Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley The Resonant Interface HCI Foundations for Interaction Design First Edition.
Dana Barsch Janssen, LP. Kendall Gay Kendall Gay Consulting, Inc (USA)  session  When traditional models don't work Slippage, constructionism, and.

Dana Barsch Janssen, LP. Kendall Gay Kendall Gay Consulting, Inc (USA)  session  When traditional models don't work Slippage, constructionism, and.
Case Study Summary Link Translation entered a partner agreement with Autodesk to provide translation solutions integrating human and machine translation.

Case Study Summary Link Translation entered a partner agreement with Autodesk to provide translation solutions integrating human and machine translation.
Quality Evaluation methodologies for e-Learning systems (in the frame of the EC Project UNITE) Tatiana Rikure Researcher, Riga Technical University (RTU),

Quality Evaluation methodologies for e-Learning systems (in the frame of the EC Project UNITE) Tatiana Rikure Researcher, Riga Technical University (RTU),
1 What is OO Design? OO Design is a process of invention, where developers create the abstractions necessary to meet the system’s requirements OO Design.

1 What is OO Design? OO Design is a process of invention, where developers create the abstractions necessary to meet the system’s requirements OO Design.
“Mind the Gap” A Guide To Exceptional Customer Service Mark Ernst President Ernst Enterprises, LLC.

“Mind the Gap” A Guide To Exceptional Customer Service Mark Ernst President Ernst Enterprises, LLC.

Similar presentations

Ads by Google