1
|
Chung MH(M, Yang Y(A, Wang L, Cento G, Jerath K, Taank P, Raman A, Chan JH, Chignell MH. Enhancing cybersecurity situation awareness through visualization: A USB data exfiltration case study. Heliyon 2023; 9:e13025. [PMID: 36820176 PMCID: PMC9938479 DOI: 10.1016/j.heliyon.2023.e13025] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 09/23/2022] [Revised: 01/12/2023] [Accepted: 01/13/2023] [Indexed: 01/18/2023] Open
Abstract
Employees who have legitimate access to an organization's data may occasionally put sensitive corporate data at risk, either carelessly or maliciously. Ideally, potential breaches should be detected as soon as they occur, but in practice there may be delays, because human analysts are not able to recognize data exfiltration behaviors quickly enough with the tools available to them. Visualization may improve cybersecurity situation awareness. In this paper, we present a dashboard application for investigating file activity, as a way to improve situation awareness. We developed this dashboard for a wide range of stakeholders within a large financial services company. Cybersecurity experts/analysts, data owners, team leaders/managers, high level administrators, and other investigators all provided input to its design. The use of a co-design approach helped to create trust between users and the new visualization tools, which were built to be compatible with existing work processes. We discuss the user-centered design process that informed the development of the dashboard, and the functionality of its three inter-operable monitoring dashboards. In this case three dashboards were developed covering high-level overview, file volume/type comparison, and individual activity, but the appropriate number and type of dashboards to use will likely vary according to the nature of the detection task). We also present two use cases with usability results and preliminary usage data. The results presented examined the amount of use that the dashboards received as well as measures obtained using the Technology Acceptance Model (TAM). We also report user comments about the dashboards and how to improve them.
Collapse
Affiliation(s)
- Mu-Huan (Miles) Chung
- Mechanical and Industrial Engineering, University of Toronto, 5 King's College Rd, Toronto, M5S 3G8, ON, Canada,Corresponding author.
| | | | - Lu Wang
- Mechanical and Industrial Engineering, University of Toronto, 5 King's College Rd, Toronto, M5S 3G8, ON, Canada
| | - Greg Cento
- Sun Life Financial Inc, 1 York St., Toronto, M5J 0B6, ON, Canada
| | - Khilan Jerath
- Sun Life Financial Inc, 1 York St., Toronto, M5J 0B6, ON, Canada
| | - Parwinder Taank
- Sun Life Financial Inc, 1 York St., Toronto, M5J 0B6, ON, Canada
| | - Abhay Raman
- Sun Life Financial Inc, 1 York St., Toronto, M5J 0B6, ON, Canada
| | - Jonathan H. Chan
- Innovative Cognitive Computing (IC2) Research Center, King Mongkut's University of Technology Thonburi, 126 Pracha Uthit Rd, Bang Mot, Thung Khru, Bangkok, 10140, Thailand
| | - Mark H. Chignell
- Mechanical and Industrial Engineering, University of Toronto, 5 King's College Rd, Toronto, M5S 3G8, ON, Canada
| |
Collapse
|