The study of Knowledge-sharing in CSIRTs using Anthropology Raj Rajagopalan Xinming Ou Honeywell Kansas State U FIRST 2014 (DRAFT)

Slides:



Advertisements
Similar presentations
How to Convert CPRs into AF Introductions The Hows and Whys.
Advertisements

Is blogging good for your professional health? Helen Nicol Capacity and Capability Programme Manager NHS Connecting for Health.
360 degree feedback information session
Kyle Rowe. Service learning is the incorporation of community service into education: a school program that integrates citizenship values into education.
Ethnographic Fieldwork at a University IT Security Office Xinming (Simon) Ou Kansas State University Joint work with John McHugh, S. Raj Rajagopalan, Sathya.
The Open University A Case Study
How teachers use research– and maybe how they should? Ralf St.Clair University of Glasgow.
Guide to HUM 210 Concept Map When we learn, several levels of learning take place, sometimes at the same time. But basically, most of what happens can.
David Singer Enterprises, Inc. Presents Executive Skills Internship.
Using Anthropology to study Security Incident Response Raj Rajagopalan Xinming Ou Honeywell Kansas State U FIRST 2014 June 25, 2014.
The problem with teaching Cyber security
1 Introduction to PBS Positive Behavioral Supports Orientation DDS April 2013.
Accident Investigation S afety A wareness F or E veryone from Cove Risk Services.
Useful INTERNS guide. What is the Role of the Intern  Accompany the teacher in the classroom and provide language support for subjects taught in Spanish.
Buffalo State College Internal Control Program Presented to: Buffalo State College Line Staff Delivered by: BSC IC Program & Department Managers.
Classroom Observations: Open Conversations about your Practice for student improvement. How do we change things? There is some magic stuff being done by.
“The Fundamentals of Process Troubleshooting” Developing Effective Troubleshooters Simulation Solutions, Inc. “The real plant is no place for practice.”
Chapter 2 Strategic Training
VOLUNTEER TRAINING HOLLY SPRINGS ELEMENTARY SCHOOL STEM ACADEMY VOLUNTEER TRAINING 1.
Reflective practice Session 4 – Working together.
Preparing for Your First Day on the Job
(Founded in 1998 ) (Founded in 1998 ) Active Adaptation Counselling Based in the Grenoble - Isère area (France) Providing Counselling for Personal Difficulties.
© Copyright 2011 by the National Restaurant Association Educational Foundation (NRAEF) and published by Pearson Education, Inc. All rights reserved. Chapter.
California Department of Aging Participant Staff Training Assessments SENIOR COMMUNITY SERVICE EMPLOYMENT PROGRAM (SCSEP)
Advanced practice requires advanced education: some challenges for the university Gary Rolfe School of Human and Health Sciences Swansea University
Foundations of Educating Healthcare Providers
What factors enhance student teacher understanding of tacit knowledge when working with experienced teachers? Nicola Warren-Lee Background – Ed D research.
Curriculum Update January What are the big projects? Fall 2013 – Math Common Core Implementation Fall 2014 – English/Language Arts Common Core Implementation.
Quality Directions Australia Improving clinical risk management systems: Root Cause Analysis.
“To study the phenomena of disease without books is to said an uncharted sea. To study books without patients is not to go to sea at all.” Sir William.
Roles and Responsibilities Of the library trustee NJLTA New Jersey Library Association.
Storyboarding 1. Purpose of Storyboarding  To gain an early reaction from users on the concepts proposed for the application.  They are an effective.
Programs That Succeed “Building Student Leadership Teams” The Key to Building Ownership in the Classroom John Chevalier CTE Instructor / Apple Certified.
Employment and PDP in the Biological Sciences Debbie Holmes, Lorraine Weaver Institute of Science and the Environment.
Master 4-H Volunteer Program Concept by Matthew J. Miranda County Extension Agent: 4-H and Youth Development- Guadalupe County.
Definition Observations: ‘the purposeful examination of teaching and/or learning events through the systematic processes of data collection and analysis.
Orphaned Servers and Broken Processes 2007 Security Professionals Conference April 12, 2007.
VOLUNTEER TRAINING Holly Springs Elementary School STEM Academy
By: Kaylon Harrell. Service Learning  Service-Learning is a teaching and learning strategy that integrates meaningful community service with instruction.
Accident Investigation Association Members Workers’ Compensation Trust S afety A wareness F or E veryone from Cove Risk Services.
Accident Investigation S afety A wareness F or E veryone from Cove Risk Services.
Facilitating Multi Stakeholder Processes and Social Learning Herman Brouwer / Karèn Verhoosel Centre for Development Innovation Semi structured.
Dr Heather Skinner, Julie Prior & Dr Paul Jones Fostering Employability Skills in Postgraduate Students – a lesson learned HEA July 2011.
Employees learn more through their day-to-day work than they do in formal training courses. Just as importantly, of the three manager-led development activities.
Young people’s research: Who Cares? Scotland’s advocacy services Sharon Smith Jimmy Paton Laura Dooley Kourtney Stewart David Miller.
Kendall & KendallCopyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall4-1 Interactive Methods to collect Information Requirements Interviewing.
We are all learners: changing a school culture Tanya Thompson and Keith Jackson St Andrews Middle School.
TodaysMeet.com If you would like to share examples or links of products that provide “data at the speed of teaching” with the others in real time: Log.
Interviewer Qualifications Knowledgeable Structuring Clear Gentle Steering Critical Remembering Interpreting.
Health Literacy Training In Stoke-On-Trent An overview of 2 training courses on offer.
LEADERSHIP UPDATE for EPMC Dr. Owen C. Gadeken
Welcome Douglas College and Career Institute Ford NGL Follow Up September 14, 2011.
Copyright © 2014 by The University of Kansas Community-based Participatory Action.
Fiona Phoenix, Rob Wilson, Kim Jervis, Douglas Muzawazi.
By: Dalila Ochoa Mary S Garcia
Copyright © 2015 McGraw-Hill Education. All rights reserved
Copyright © Education Resource Group, Inc. All Rights reserved. Patent Pending Page 1 Copyright © Education Resource Group, Inc. All.
1 People, Planet, Participation Embedding sustainability into the curriculum: A case study of Macquarie University Presented by Leanne Denby Director of.
© 2015 Deloitte Belgium1 Enhancing the management culture at DG EAC Implementation of a 360° feedback exercise.
Developing Professional Practice in Out of Home Care Michael Traynor Principal Social Worker Anglicare-SA.
Culture Snapshot Card Sort Analysis Video Questions.
Lesson Study: Learning to Plan Powerful Lessons Together.
What lessons to be learnt from reflective learning journals written by students to improve learning and intercultural awareness? Lars Peter Jensen Associated.
Helping students know what they know
Vail Resorts – College Recruiting
Balancing Administrative & Clinical Supervision
The Ethnography of Communication ( EC )
What’s in this presentation
The Administrator’s Tool Box - Effectively Using ERG Data u
Participatory Analysis and Collaborative Coding
Presentation transcript:

The study of Knowledge-sharing in CSIRTs using Anthropology Raj Rajagopalan Xinming Ou Honeywell Kansas State U FIRST 2014 (DRAFT)

The Team Kansas State: Sathya Chandran, Mike Wesch, Xinming Ou Honeywell: Raj Rajagopalan RedJack: John McHugh

SOCs and CSIRTs are our first line of defense and yet … we don’t know much about how they actually function

For example, we don’t know how to make incident handling more automated how to train new analysts quickly how to share information effectively across teams

To do this we have to know a SOC/CSIRT really works But don’t we know that already? But first a little story…

Back in 2006 a group of intrepid security researchers were on a mission to find out how to build an effective IDS So they went to the nearest SOC/CSIRT which happened to be the one on campus What did they learn?

What we saw Some of us (Ou and graduate students) watched the SOC handle a malware incident affecting campus servers. What they discovered was not what they expected

What we saw 1. SOC analysts don’t use high tech tools! 2. Most of the work is grubby manual work 3. Most of the analysis is hit-and-miss What we learned Academic security research is well-separated from the practice of research.

What we did Embedded ourselves in the SOC to observe it in action How did that work Not well. What was wrong?

Who we set out to observe

What we were actually doing

1. Time for Reflection what was happening? Embedded researchers could not get time of day from the SOC staff SOC personnel were too busy and too suspicious SOC jobs are learned primarily via a master- apprentice model We were on the outside looking in!

1. The Professional Observer Dr. Mike Wesch, Socio-cultural Anthropologist to the rescue!

Introduction to Anthropology the study of all people in all times in all places See the big picture and the small picture at the same time.

1. What we think Anthropologists do!

1. Other things Anthropologists do!

What Anthropology teaches us Get rid of your familiar biases!

What does Anthropology tell us about studying the SOC? People know more than they can tell Knowledge is held in the community Converting tacit knowledge to explicit knowledge requires patient study.

What Anthropology teaches us It is not enough to live there You have be one of them

Knowledge comes when the observer achieves the perspective of the observed

How did we put Anthropology into the SOC? Our Embeds 1. Worked patiently on the sidelines 2. Built tools for the SOC analysts 3. Gained the trust of SOC analysts 4. Co-created tools with the SOC analysts over the course of 18 months!

How to observe what is being said S-P-E-A-K-I-N-G Setting and Scene Participants Ends Act Sequence Key (tone, manner, or spirit of the event) Instrumentalities (forms and styles used) Norms (social rules governing the action) Genre not what’s being said … it’s what what’s being said says

What we learned when we applied Anthropological techniques 1. SOC analysts’ knowledge is very tacit 2. Analysts are not always aware of their own knowledge. 3. It is necessary but possible to become a SOC “insider” 4. SOCs need to empower and incentivize knowledge sharing among analysts 5. Tool co-creation is the best way to transfer technology into a SOC

How did Anthropology help? 1. The SOC is a unique socio-cultural environment. 2. SOC culture is closed and suspicious by necessity. 3. A few hours or interviews of SOC staff is not likely to reveal much. 4. We have a methodology to extract knowledge.

Further work This work was limited to one SOC in a university environment. We have now expanded the study to include two corporate SOCs. We need to conduct the study at more SOCs. We would like to invite participation from the FIRST community in our study. Study participation can benefit both the SOC and the community.

What we hope to achieve in the long run Deeper understanding of how security analysis works by converting tacit knowledge into explicit Learn to make our SOC/CIRT more effective Learn to train our analysts better Create a SOC/CIRT community that learns to observe itself and share better

How and when we share information is not that different after all

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.