Regresar

From cognitive skills to automated cybersecurity

Abstract:

Organizations should face cybersecurity attacks that can strongly affect their operational processes, business image, and security of critical information. Establishing security mechanisms helps to reduce possible weaknesses that can be exploited by attackers; however, they will not always be sufficient, and an attack can be successful. Therefore, organizations need to establish plans or procedures to handle these security incidents or even build incident response teams called CSIRTs. Due to different forms of attacks and massive data growth, handling cybersecurity incidents requires to adapt to new security management strategies. In this sense, the use of big data, artificial intelligence, and data analytics applied to cybersecurity, defined as cognitive security, presents a viable alternative but is necessary to consider that technological solutions lack effectiveness without adequate training of cybersecurity specialists or if their technical and non-technical skills are used. Establishing a close interrelation between human skills and technological solutions can help to contrive an adequate and efficient detection and automation process that can improve the handling of security incidents. This study analyzes the interrelation between the technological solutions of cognitive security and the skills of cybersecurity specialists. A framework is proposed for the automation of incident response by establishing situation awareness for making decisions.