A Taxonomy of Cyber Awareness Questions for the User-Centered Design of Cyber Situation Awareness

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8030)


This paper offers insights to how cyber security analysts establish and maintain situation awareness of a large computer network. Through a series of interviews, observations, and a card sorting activity, we examined the questions analysts asked themselves during a network event. We present the results of our work as a taxonomy of cyber awareness questions that represents a mental model of situation awareness in cyber security analysts.


Computer security situation awareness user-centered design 


  1. 1.
    Botta, D., Werlinger, R., Gagné, A., Beznosov, K., Iverson, L., Fels, S., Fisher, B.: Towards Understanding IT Security Professionals and Their Tools. In: ACM Symposium on Usable Privacy and Security, pp. 100–111 (2007)Google Scholar
  2. 2.
    D’Amico, A., Whitley, K., Tesone, D., O’Brien, B., Roth, E.: Achieving Cyber Defense Situational Awareness: A Cognitive Task Analysis of Information Assurance Analysts. In: Human Factors and Ergonomics Society Annual Meeting, pp. 229–233 (2005)Google Scholar
  3. 3.
    D’Amico, A., Whitley, K.: The Real Work of Computer Network Defense Analysts. In: Symposium on Visualizations for Computer Security, pp. 19–37 (2007)Google Scholar
  4. 4.
    Endsley, M.R.: Toward a Theory of Situation Awareness in Dynamic Systems. Human Factors 37(1), 32–64 (1995)CrossRefGoogle Scholar
  5. 5.
    Goodall, J.R., Lutters, W.G., Komlodi, A.: Developing expertise for network intrusion detection. Information Technology & People 22(2), 92–108 (2009)CrossRefGoogle Scholar
  6. 6.
    Hudson, W.: Card Sorting. In: Soegaard, M., Dam, R. (eds.) The Encyclopedia of Human-Computer Interaction, 2nd edn. The Interaction Design Foundation, Aarhus (2013)Google Scholar
  7. 7.
    Thompson, R.S., Rantanen, E.M., Yurcik, W.: Network Intrusion Detection Cognitive Task Analysis: Textual and Visual Tool Usage and Recommendations. In: Human Factors and Ergonomics Society Annual Meeting, pp. 669–673 (2006)Google Scholar
  8. 8.
    Werlinger, R., Muldner, K., Kawkey, K., Beznosov, K.: Preparation, detection, and analysis: the diagnostic work of IT security incident response. Information Management & Computer Security 18(1), 26–42 (2010)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  1. 1.Department of DefenseUSA

Personalised recommendations