Identifying Expertise Gaps in Cyber Incident Response: Cyber Defender Needs vs. Technological Development

Nyre-Yu, Megan
Journal Title
Journal ISSN
Volume Title
Incident response is an area within cyber defense that is responsible for detecting, mitigating, and preventing threats within a given network. Like other areas of cyber security, incident response is experiencing a shortage of qualified workers which has led to technological development aimed at alleviating labor-related pressures on organizations. A cognitive task analysis was conducted with incident response experts to capture expertise requirements and used an existing construct to help prioritize development of new technology. Findings indicated that current software development incorporates factors such as analyst efficiency and consistency. Gaps were identified regarding communication and team navigation that are inherent to dynamic team environments. This research identified which expertise areas are needed at lower-tier levels of incident response and which of those areas current automation platforms are addressing. These gaps help focus future studies by bridging expertise research to development efforts.
Cyber Deception and Cyber Psychology for Defense, automation, cognitive task analysis, cyber security, expertise, incident response
Access Rights
Email if you need this content in ADA-compliant format.