VizSEC 2007 pp 19-37 | Cite as

The Real Work of Computer Network Defense Analysts

The Analysis Roles and Processes that Transform Network Data into Security Situation Awareness
  • A. D’Amico
  • K. Whitley
Part of the Mathematics and Visualization book series (MATHVISUAL)


This paper reports on investigations of how computer network defense (CND) analysts conduct their analysis on a day-to-day basis and discusses the implications of these cognitive requirements for designing effective CND visualizations. The supporting data come from a cognitive task analysis (CTA) conducted to baseline the state of the practice in the U.S. Department of Defense CND community. The CTA collected data from CND analysts about their analytic goals, workflow, tasks, types of decisions made, data sources used to make those decisions, cognitive demands, tools used and the biggest challenges that they face. The effort focused on understanding how CND analysts inspect raw data and build their comprehension into a diagnosis or decision, especially in cases requiring data fusion and correlation across multiple data sources. This paper covers three of the findings from the CND CTA: (1) the hierarchy of data created as the analytical process transforms data into security situation awareness; (2) the definition and description of different CND analysis roles; and (3) the workflow that analysts and analytical organizations engage in to produce analytic conclusions.

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • A. D’Amico
    • 1
  • K. Whitley
    • 2
  1. 1.Secure Decisions division of Applied Visions, Inc.USA
  2. 2.Department of DefenseUSA

Personalised recommendations