REDUCING INFORMATION OVERLOAD VIA AN ANALOG MODEL FOR CYBER RISK
Breuer, Pablo C.
Boger, Dan C.
MacKinnon, Douglas J.
Buettner, Raymond R., Jr.
Dinolt, George W.
MetadataShow full item record
Cybersecurity relies on Security Operations Center (SOC) personnel to conduct data triage on large numbers of automated alerts to identify true threats to networks. To achieve this goal, SOC personnel must not only filter out false positives in data streams but also coalesce disparate pieces of data to generate information that yields a conclusion of an existing exception condition in the desired state of cybersecurity and requires action. Additionally, false negatives in data streams may later be identified when a compromise is discovered via human reporting or other means. Limitations of Turing machines used as automated sensors, ever-increasing network size and speed of transmission, limited numbers of qualified personnel, and the necessity to work in uncertainty all serve to exacerbate the continual condition of information overload for network defenders. This research will attempt to address information overload by reducing the information that is presented to personnel working in a SOC. The goal is to propose a new framework for determining cybersecurity risk as a time-dependent function, which will allow for reduced information overload and at least maintain equivalent cybersecurity posture. Our findings indicate that the quantity of information presented to cybersecurity personnel can be reduced, in some cases by more than half, while maintaining the cybersecurity posture required for the completion of mission-essential tasks.
RightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Showing items related by title, author, creator and subject.
Web-based database applications : an educational, administrative management system for military academies Topuz, Rasim (Monterey, California. Naval Postgraduate School, 2002-03);Not only does a military academy have all the information overload of a normal university but it also has the extra burden of the military environment. Without a reliable information system, administrative and educational ...
Achieving Better Buying Power for Mobile Open Architecture Software Systems through Diverse Acquisition Scenarios Scacchi, Walt; Alspaugh, Thomas A. (Monterey, California. Naval Postgraduate School, 2017-05); UCI-AM-17-041This research seeks to identify, track, and analyze software component costs and cost reduction opportunities within diverse acquisition life cycle scenarios for open architecture systems accommodating Web-based and mobile ...
Digital hive project: prototyping a collaborative web portal for the explosive ordnance disposal community Hayes, John J. (Monterey, California: Naval Postgraduate School, 2014-06);Information is currently being produced at a volume and velocity that surpasses the ability of individuals to make full use of it within a given time constraint—a condition known as information overload. Advances in ...