Enhanced Training for Cyber Situational Awareness
A study was conducted in which participants received either tool-based or narrative-based training and then completed challenges associated with network security threats. Three teams were formed: (1) Tool-Based, for which each participant received tool-based training; (2) Narrative-Based, for which each participant received narrative-based training and (3) Combined, for which three participants received tool-based training and two received narrative-based training. Results showed that the Narrative-Based team recognized the spatial-temporal relationship between events and constructed a timeline that was a reasonable approximation of ground truth. In contrast, the Combined team produced a linear sequence of events that did not encompass the relationships between different adversaries. Finally, the Tool-Based team demonstrated little appreciation of either the spatial or temporal relationships between events. These findings suggest that participants receiving Narrative-Based training were able to use the software tools in a way that allowed them to gain a greater level of situation awareness.
Keywordscyber security training situational awareness
Unable to display preview. Download preview PDF.
- 1.Abbott, R., Haass, M., Trumbo, M., Stevens-Adams, S., Hendrickson, S., Forsythe, C.: Robust Automated Knowledge Capture, SAND 2011-8448, Sandia National Laboratories (October 2011)Google Scholar
- 3.Tadda, G.P.: Measuring the Performance of Cyber Situational Awareness Systems. In: Proceedings of the 11th International Conference on Information Fusion, Cologne GE, June 30-July 3 (2008)Google Scholar