Document

Developing decision support for cybersecurity threat and incident managers

Overzicht

Publicatiedatum
Beschikbaarheid
Niet bekend
DOI

Beschrijving

Cybersecurity threat and incident managers in large organizations, especially
in the financial sector, are confronted more and more with an increase in volume and
complexity of threats and incidents. At the same time, these managers have to deal with many
internal processes and criteria, in addition to requirements from external parties, such as
regulators that pose an additional challenge to handling threats and incidents. Little research
has been carried out to understand to what extent decision support can aid these professionals
in managing threats and incidents. The purpose of this research was to develop decision
support for cybersecurity threat and incident managers in the financial sector. To this end, we
carried out a cognitive task analysis and the first two phases of a cognitive work analysis,
based on two rounds of in-depth interviews with ten professionals from three financial
institutions. Our results show that decision support should address the problem of balancing
the bigger picture with details. That is, being able to simultaneously keep the broader
operational context in mind as well as adequately investigating, containing and remediating a
cyberattack. In close consultation with the three financial institutions involved, we developed
a critical-thinking memory aid that follows typical incident response process steps, but adds big picture elements and critical thinking steps. This should make cybersecurity threat and
incident managers more aware of the broader operational implications of threats and incidents
while keeping a critical mindset. Although a summative evaluation was beyond the scope of
the present research, we conducted iterative formative evaluations of the memory aid that
show its potential.


© 2024 SURF