Susan TRAEBER-BURDIN - Academia.edu (original) (raw)

Papers by Susan TRAEBER-BURDIN

Research paper thumbnail of Exploration of User Centered and System Based Approaches to Cyber Situation Awareness

The North Atlantic Treaty Organization (NATO) Research Task Group on exploratory visual analytics... more The North Atlantic Treaty Organization (NATO) Research Task Group on exploratory visual analytics works to promote the research and deployment of visual analytics and visualization techniques among NATO member and partner nations. This poster reports a study conducted by the group in exploring User Centered and System Based approaches to cyber situation awareness.

Research paper thumbnail of Human Systems Integration Approach to Cyber Security (Démarche d'intégration humain-systèmes appliquée à la cybersécurité) Final Report of Research Task Group HFM-259. Distribution and Availability on Back Cover

Human Systems Integration Approach to Cyber Security (Démarche d’intégration humain-systèmes appliquée à la cybersécurité). Final Report of Research Task Group HFM-259., 2020

PURPOSE The NATO Science and Technology Organization (STO) Human Factors and Medicine (HFM) Panel... more PURPOSE
The NATO Science and Technology Organization (STO) Human Factors and Medicine (HFM) Panel 259 Research Task Group (RTG), titled Human Systems Integration Approach to Cyber Security, was established to promote cooperative human-centred research activities in a NATO framework on the complex phenomenon of cyber security as a socio-technical system. The idea was to implement a common research perspective to study cyber security that focuses on the interrelatedness between technology and software developments, concepts, strategies and doctrines, organizational processes improvement and human performance.
More precisely, the goals of the HFM-259 RTG were:
• Identification and mitigation of potential cyber security vulnerabilities due to the role of people in the system;
• To study specific issues related to selection, education, training and retention of cyber force, and to identify the spectrum of Knowledge, Skills, and Abilities that IT experts need for efficient performance;
• To suggest possible approaches to improve resilience to cyber attacks at individual, team and organization level;
• To develop human factors support tools for enhancing individual and group cyber security sensitivity; and
• Improving human-machine interfaces in cyber security.
RESULTS, SIGNIFICANCE TO NATO AND PRACTICAL IMPLICATIONS
The foundation for the application of the Human Systems Integration (HSI) approach to cyber security is laid out in Chapter 2. The chapter defines the general human system integration approach and its domains and discusses how these domains apply to cyber security.
The central point in the NATO STO HFM-259 Program of Work was the development of the Human Systems Integration Framework for Cyber Security. This framework was a necessary step to gather and collate available information (reports, papers, concepts, doctrines, strategies, etc.) with respect to human factors involved in cyber security. The underlying assumption was that humans are significant nodes in cyber system, and therefore their behaviour influences the (in)security of this system. As a next step we tested the developed framework via subject-matter-expert interviews in each participating nation and implemented the ontology into software system (database and tool), which included populating with collected sources. The primary step in the development of the HSI framework to study cyber security was the actual coding process.
The team coded 230 information sources.
At the final stage we used the developed knowledge base and analytical tool to study interrelationships among different concepts, factors, actors, etc. and to write this Technical Report.
Chapter 3 describes the development of the HSI Framework for Cyber Security, its structure, validation, and population with information sources. Chapter 3 also discusses the types of analyses that could be conducted using the framework. The analyses provide useful insights into how different aspects of user behaviour and cognition increase or decrease cyber security.
The following four chapters, i.e., Chapters 4 – 7, discuss some of these theoretical and practical insights in more detail. Chapter 4 focuses on the individual perspective and examines how understanding of various aspects of human cognition, decision making and resulting behaviour can inform our understanding of cyber security. Chapter 5 takes on an organizational focus and examines factors associated with security policy management and its effectiveness, i.e., Information Systems Security Policy compliance. Chapter 6 presents some initial recommendations for how to recruit, select, train, and retain cyber security personnel. Chapter 7 discusses the general overarching cyber security considerations for learning and education.
The last three chapters discuss the efforts to disseminate the work (Chapter 8), offer a general discussion of the findings (Chapter 9) and provide a list of the sources used to inform this work (Chapter 10).
In brief, the NATO STO HFM-259 team developed and tested an HSI framework to study cyber security, knowledge base and used sophisticated software tooling to analyse the role of human factors in cyber security. The products of our work (database and tool) are available to be used by NATO STO and interested national institutions of the contributing nations: Bulgaria, Canada, Germany, the Netherlands, Sweden, Ukraine and the USA.
We believe that our report will be useful for both cyber security experts and military commanders for better understanding of individual and organizational factors influencing cyber security, raising cyber security awareness and building cyber security culture, mitigating insider threats, as well as improving selection, education, training and retention of cyber force.

Research paper thumbnail of Exploration of User Centered and System Based Approaches to Cyber Situation Awareness

The North Atlantic Treaty Organization (NATO) Research Task Group on exploratory visual analytics... more The North Atlantic Treaty Organization (NATO) Research Task Group on exploratory visual analytics works to promote the research and deployment of visual analytics and visualization techniques among NATO member and partner nations. This poster reports a study conducted by the group in exploring User Centered and System Based approaches to cyber situation awareness.

Research paper thumbnail of Human Systems Integration Approach to Cyber Security (Démarche d'intégration humain-systèmes appliquée à la cybersécurité) Final Report of Research Task Group HFM-259. Distribution and Availability on Back Cover

Human Systems Integration Approach to Cyber Security (Démarche d’intégration humain-systèmes appliquée à la cybersécurité). Final Report of Research Task Group HFM-259., 2020

PURPOSE The NATO Science and Technology Organization (STO) Human Factors and Medicine (HFM) Panel... more PURPOSE
The NATO Science and Technology Organization (STO) Human Factors and Medicine (HFM) Panel 259 Research Task Group (RTG), titled Human Systems Integration Approach to Cyber Security, was established to promote cooperative human-centred research activities in a NATO framework on the complex phenomenon of cyber security as a socio-technical system. The idea was to implement a common research perspective to study cyber security that focuses on the interrelatedness between technology and software developments, concepts, strategies and doctrines, organizational processes improvement and human performance.
More precisely, the goals of the HFM-259 RTG were:
• Identification and mitigation of potential cyber security vulnerabilities due to the role of people in the system;
• To study specific issues related to selection, education, training and retention of cyber force, and to identify the spectrum of Knowledge, Skills, and Abilities that IT experts need for efficient performance;
• To suggest possible approaches to improve resilience to cyber attacks at individual, team and organization level;
• To develop human factors support tools for enhancing individual and group cyber security sensitivity; and
• Improving human-machine interfaces in cyber security.
RESULTS, SIGNIFICANCE TO NATO AND PRACTICAL IMPLICATIONS
The foundation for the application of the Human Systems Integration (HSI) approach to cyber security is laid out in Chapter 2. The chapter defines the general human system integration approach and its domains and discusses how these domains apply to cyber security.
The central point in the NATO STO HFM-259 Program of Work was the development of the Human Systems Integration Framework for Cyber Security. This framework was a necessary step to gather and collate available information (reports, papers, concepts, doctrines, strategies, etc.) with respect to human factors involved in cyber security. The underlying assumption was that humans are significant nodes in cyber system, and therefore their behaviour influences the (in)security of this system. As a next step we tested the developed framework via subject-matter-expert interviews in each participating nation and implemented the ontology into software system (database and tool), which included populating with collected sources. The primary step in the development of the HSI framework to study cyber security was the actual coding process.
The team coded 230 information sources.
At the final stage we used the developed knowledge base and analytical tool to study interrelationships among different concepts, factors, actors, etc. and to write this Technical Report.
Chapter 3 describes the development of the HSI Framework for Cyber Security, its structure, validation, and population with information sources. Chapter 3 also discusses the types of analyses that could be conducted using the framework. The analyses provide useful insights into how different aspects of user behaviour and cognition increase or decrease cyber security.
The following four chapters, i.e., Chapters 4 – 7, discuss some of these theoretical and practical insights in more detail. Chapter 4 focuses on the individual perspective and examines how understanding of various aspects of human cognition, decision making and resulting behaviour can inform our understanding of cyber security. Chapter 5 takes on an organizational focus and examines factors associated with security policy management and its effectiveness, i.e., Information Systems Security Policy compliance. Chapter 6 presents some initial recommendations for how to recruit, select, train, and retain cyber security personnel. Chapter 7 discusses the general overarching cyber security considerations for learning and education.
The last three chapters discuss the efforts to disseminate the work (Chapter 8), offer a general discussion of the findings (Chapter 9) and provide a list of the sources used to inform this work (Chapter 10).
In brief, the NATO STO HFM-259 team developed and tested an HSI framework to study cyber security, knowledge base and used sophisticated software tooling to analyse the role of human factors in cyber security. The products of our work (database and tool) are available to be used by NATO STO and interested national institutions of the contributing nations: Bulgaria, Canada, Germany, the Netherlands, Sweden, Ukraine and the USA.
We believe that our report will be useful for both cyber security experts and military commanders for better understanding of individual and organizational factors influencing cyber security, raising cyber security awareness and building cyber security culture, mitigating insider threats, as well as improving selection, education, training and retention of cyber force.