REDUCING INFORMATION OVERLOAD VIA AN ANALOG MODEL FOR CYBER RISK
Loading...
Authors
Breuer, Pablo C.
Subjects
cyber
security
information
overload
CND
defense
cybersecurity
information overload
security
information
overload
CND
defense
cybersecurity
information overload
Advisors
Boger, Dan C.
MacKinnon, Douglas J.
Buettner, Raymond R., Jr.
Bordetsky, Alex
Dinolt, George W.
Date of Issue
2020-06
Date
Publisher
Monterey, CA; Naval Postgraduate School
Language
Abstract
Cybersecurity relies on Security Operations Center (SOC) personnel to conduct data triage on large numbers of automated alerts to identify true threats to networks. To achieve this goal, SOC personnel must not only filter out false positives in data streams but also coalesce disparate pieces of data to generate information that yields a conclusion of an existing exception condition in the desired state of cybersecurity and requires action. Additionally, false negatives in data streams may later be identified when a compromise is discovered via human reporting or other means. Limitations of Turing machines used as automated sensors, ever-increasing network size and speed of transmission, limited numbers of qualified personnel, and the necessity to work in uncertainty all serve to exacerbate the continual condition of information overload for network defenders. This research will attempt to address information overload by reducing the information that is presented to personnel working in a SOC. The goal is to propose a new framework for determining cybersecurity risk as a time-dependent function, which will allow for reduced information overload and at least maintain equivalent cybersecurity posture. Our findings indicate that the quantity of information presented to cybersecurity personnel can be reduced, in some cases by more than half, while maintaining the cybersecurity posture required for the completion of mission-essential tasks.
Type
Thesis
Description
Series/Report No
Department
Information Sciences (IS)
Organization
Identifiers
NPS Report Number
Sponsors
Funding
Format
Citation
Distribution Statement
Approved for public release. distribution is unlimited
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.