See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/335568949

From Cognitive Skills to Automated Cybersecurity Response

Conference Paper · August 2019

CITATIONS READS
0 384

8 authors, including:

Roberto Omar Andrade Maria Cazares

Escuela Politécnica Nacional Universidad Politécnica Salesiana (UPS)
59 PUBLICATIONS 511 CITATIONS 16 PUBLICATIONS 52 CITATIONS

SEE PROFILE SEE PROFILE

Luis Tello Oquendo Walter Fuertes

iWN Lab. | NCSU Universidad de las Fuerzas Armadas-ESPE
73 PUBLICATIONS 683 CITATIONS 116 PUBLICATIONS 880 CITATIONS

SEE PROFILE SEE PROFILE

All content following this page was uploaded by Maria Cazares on 02 September 2019.

The user has requested enhancement of the downloaded file.

Int'l Conf. on Advances on Applied Cognitive Computing | ACC'19 | 19

From Cognitive Skills to Automated Cybersecurity

Response
Roberto O Andrade∗ , Maria Fernanda Cazares† , Luis Tello-Oquendo‡ , Walter Fuertes§ ,
Nicolay Samaniego‡ ,
Susana Cadena¶ Freddy Tapia§
∗ Escuela Politécnica Nacional, Quito, Ecuador
† Departamento Psicologı́a, Universidad Politécnica Salesiana, Quito, Ecuador
‡ Universidad Nacional de Chimborazo, Riobamba, Ecuador
§ Universidad de las Fuerzas Armadas ESPE, Sangolquı́, Ecuador
¶ Universidad Central del Ecuador, Quito, Ecuador

Abstract—Organizations should face cybersecurity attacks
that can strongly affect their operational processes, business
image, and security of critical information. Establishing security
mechanisms helps to reduce possible weaknesses that can be
exploited by attackers; however, they will not always be sufficient,
and an attack can be successful. Therefore, organizations need
to establish plans or procedures to handle these security
incidents or even build incident response teams called CSIRTs.
Due to different forms of attacks and massive data growth,
handling cybersecurity incidents requires to adapt to new security
management strategies. In this sense, the use of big data,
artificial intelligence, and data analytics applied to cybersecurity,
defined as cognitive security, presents a viable alternative
but is necessary to consider that technological solutions
lack effectiveness without adequate training of cybersecurity
specialists or if their technical and non-technical skills are used.
Establishing a close interrelation between human skills and
technological solutions can help to contrive an adequate and
efficient detection and automation process that can improve
the handling of security incidents. This study analyzes the
interrelation between the technological solutions of cognitive
security and the skills of cybersecurity specialists. A framework is
proposed for the automation of incident response by establishing
situation awareness for making decisions.
Index Terms—cognitive security, self-awareness, artificial
intelligence, big-data, teamwork, soft-skills.
I. I NTRODUCTION
Computer security has become an essential element in
the society due to the expansion of technology in different
areas such as financial services, medical services, public
services, and critical infrastructures of water, electricity, and
telecommunications. According to the Massachusetts Institute
of Technology (MIT), security teams will face risks related
mainly to attacks on Internet of Things (IoT) devices,
block-chains, and critical infrastructures [1]; for instance,
MIT mentions that attackers focus on the use of artificial
intelligence and quantum techniques to perform the attacks in
the year 2019. This context involves having better-prepared
organizations with security professionals with the capacity
to face these new challenges; at international level, several
organizations have defined strategy for respond quickly to
security risks through of teams of specialists and researchers
called Computer Incidents Response Teams (CSIRTs) [2].
CSIRT are formed in a multidisciplinary way by specialists
generally from the field of cybersecurity, legal, psychology,
and data analysts. CSIRT acts according to predefined
procedures and policies in order to respond quickly and
effectively to cybersecurity incidents, and mitigate the risk of
cyber-attacks.
Security analysts in CSIRTs require to process massive
amount of data in order to i) determine patterns or anomalies
that trigger alerts of possible attacks, and ii) carry out the
detection process more quickly and effectively. Members of
CSIRTs are seeking new strategies based on technological
solutions such as Big Data, Machine Learning, and Data
Science [3]. International organizations such as the National
Institute of Standards and Technology (NIST), started the
Data Science Research Program (DSRP) to accelerate the
research progress for data analytic methods [4]. In the
field of cybersecurity, the application of cognitive sciences
for information security processes drives the concept of
cognitive security [5]; this allows making predictive and
prescriptive analyzes that could provide a view of the
possible impacts of an security attack. Another critical
factor in the success of CSIRTs is the ability to function
as team and adapt to different environments [6]; security
professionals require skills such as teamwork, critical thinking,
and communication in the 21st century [7]. In September
2015, a collaboration among Association for Computing
Machinery (ACM), IEEE Computer Society (IEEE CS),
Association for Information Systems Special Interest Group
on Information Security and Privacy (AIS SIGSEC), and
International Federation for Information Processing Technical
Committee on Information Security Education (IFIP WG 11.8)
proposed a curricular guide in cybersecurity education which
mentions that non-technical skills denominated soft-skills, are
vital for security professionals and are focused on: teamwork,
communication, generation of situational awareness, and
operation with disparate organizational cultures [8].
The capability to generate cybersecurity situation awareness
in organizations allow to determine proactive strategies to

ISBN: 1-60132-491-X, CSREA Press ©

20
Cognitive skills
Cognitive Sciences
Cybersecurity
Psychology
Cognitive
Security
Teamwork Self-awareness
Data Analytics
Figure 1. Cognitive Security.
face the ongoing and upcoming attacks or threats. Situation
awareness is generated from three cognitive processes:
perception, comprehension and projection. Cognitive
processes are inherent to the human behaviour that can be
affected by different factors such as: stress, fatigue, distraction,
and physical or environmental conditions. Analyzing the
performance of tasks and the influence of this factors is of
interest for some researchers. For instance, Robert Karasek
proposed the Demand Control Model (DICT) [9] that study
the cognitive, emotional, and physical demands in different
labor fields, where the computer officer has a high level of
psychological demands. In this context, the development of
cognitive strategies in all levels of information processing is
necessary; furthermore, it is important to analyze the way
that executive functions integrate all levels of information
processing through of: inhibitory control, optimization
of working memory processing [10], which could help
cybersecurity professionals to work with efficiency and
adequate response time.
In this study, we propose a model to integrate cognition
skills, teamwork and data analytics in the field of cybersecurity
as depicted in Fig. 1. Cognitive security allows to take
advantage of the characteristics of the cognitive abilities of
the security analyst to transfer this knowledge and intelligence
to the computer systems; by doing so, they can carry out
an immediate response action or notification to the security
team for the decision making against attacks of security, as
illustrated in Diagram 1.
Incident-Response
dynamic
cognitive decision game agents
making theory
Diagram 1. Incident Response Models.
ISBN: 1-60132-491-X, CSREA Press ©
Int'l Conf. on Advances on Applied Cognitive Computing | ACC'19 |
The rest of the study is organized as follows. Section II
presents related works about automated cybersecurity
response. Section III presents a background on the importance
of psychology in cybersecurity. Section IV presents a proposal
of framework for automated cybersecurity based on cognitive
process. Finally, Section VI draws the conclusions and
presents the future work.
II. R ELATED W ORK
According to the analysis of the MIT Review [11], in the
year 2018, the cities will implement layers of sensors to
monitor the air quality, levels of trash or amount of traffic;
this forecast, in addition to Gartnert’s projection for 2020,
there will be 20.4 billion connected devices [12]. In new
security scenarios organizations must face a drastic change
in the size and complexity of the networks or computing
platforms on which they are based for support the provision
of services and connection of devices. Under this new context,
the capacity of action of traditional security solutions and the
human reaction to detect and respond to security incidents
is limited. Alternatives for cybersecurity are evaluated for
organizations and researchers is the use of cognitive models as
a proposal to enhanced the security of computing environments
and expand the analytical capacity of the human.
In [13], the authors present a combination of machine
learning based detection with temporal logic based analysis
that allows distinguishing anomalies and enabling dynamic
network response. In [14], includes the use of cognitive
security for personal devices to allow the device to recognize
the owner and autonomous security so that the device takes its
own security decisions. Through of autonomic computation is
possible the automation of diagnoses based on the knowledge
of the functions and dependencies [15]. The work “A survey of
autonomic computing methods in digital service ecosystems”
[16], presents different 25 different digital ecosystems on
which the concepts of autonomic computing are applied,
in [13], present how the cognitive security approach can
establish“good anomalies” for establishing normal parameters
of operation and how any variation generates an automatic
auto-re-configuration of the network equipment to control the
flow of data.
III. C OGNITIVE S KILLS AND C YBERSECURITY
A. Situation Awareness
Situation Awareness is defined, from the field of psychology,
as the capacity of an human to generate understanding about
his life based on his experiences [17]. This concept has been
adapted to the field of computer systems; for instance, Lewis
defines self-awareness of a computational system as the ability
to obtain knowledge about itself based on internal and external
events [18]. In [19], self-awareness is defined as the capacity
of generate knowledge for a computer system about itself and
its environment and determine the actions that will be executed
according to this knowledge.
Int'l Conf. on Advances on Applied Cognitive Computing | ACC'19 |
1) Cybersecurity Situation Awareness (CSA): The concept
of situation awareness (SA) describes the current situation
of the organization about threats and attacks, the impact
of a possible attack and the identification of the attacker
and user behavior [20]. The analyst must understand the
security situation and determine the likelihood of impact. For
generate situation awareness, we can use the OODA loop.
The cognitive OODA loop proposed by Breton is based on
the cognitive processes of perception, comprehension and
projection [21]. Table I shows the relationships between
cognitive phases, cognitive processes and products generated
according to Brenton’s proposal.
Table I
OODA C OGNITIVE P HASES .
P hase P rocess
Observe Perceiving - Feature Matching
Orient Comprehending - Projecting - Mental Models
Decide Recalling - Evaluating
2) Cyber-cognitive situation awareness (CCSA): To
establish the cybersecurity situation awareness of the
organization, we could rely on cognitive aspects oriented to the
support of decision-making processes. Adapted to cyberspace
the cognitive processes of perception, comprehension and
projection, we would have the relationships shown in Table II.
Table II
C YBER C OGNITIVE S ITUATION AWARENESS .
Process Attribute
Perception Identification of relevant data
Interpretation of data
Comprehension
Conversion in knowledge
Prediction of futures events
Projection
Evaluation of possible impacts
B. Non-technical Skills
Organisms like the U.S. Department of Homeland Security
(DHS) and the National CyberSecurity Alliance (NCSA) have
promoted the National CyberSecurity Awareness Month that
in 2018 has celebrated its 15th edition [22], to promote that the
community know about the relevant aspects of the risks and
threats in the digital environment. In these spaces is necessary
that security professionals have non-technical skills to be able
to disseminate knowledge in a clear and consistent way to
a group of people without technical background. Concerning
cybersecurity in organizations, defense strategy are based on
risk management, established in four levels cybersecurity risk
management life-cycle depicted in Fig. 2.
Within the cybersecurity risk management life-cycle, the
following personnel is required, as a minimum:
• Team leader / coordinator;
• Responsible for systems and information security;
• Communication team or public relations;
ISBN: 1-60132-491-X, CSREA Press ©
21
Id
en
r
ve
tif
y
co
Re
RISK
Cycle
Pr
ct
ot
te
ec
De
t
Figure 2. Cybersecurity Risk Management Cycle.
• Classifier or triage;
• Incident management team - second level;
• Legal team.
This emphasizes the need to develop collaborative skills
within an environment of professionals of heterogeneous
disciplines that must work in coordination, so teamwork is
a very critical skill in cybersecurity specialists. Newstrom
mentions that organizations or companies in the 21st century
are more flexible, to adapt quickly to change, and that
horizontal relationships are more effective [23]; therefore,
organizations today give it greater importance to flexible
structures and horizontal communication. The tasks and roles
are defined in a more open manner, the environment is more
dynamic and the creation of teams allows the described
aspects to be fulfilled. Morin bases that the complexity and
multidisciplinary work are part of the 21st century, education
of the future must be centered on the human condition and
the diverse relations between humans [24]. Another essential
aspect mentioned by Morin in Education 21st century is to
prepare students to face the uncertainty that is generated in
the different events of daily life.
Regarding the first aspect mentioned by Morin about
focusing on the human aspects of students, it may be important
to begin to emphasize a training focused on strengthening
the skills. Mumford presents a classification of skills in four
categories [25]:
1) Cognitive Skills;
2) Interpersonal Skills;
3) Business Skills;
4) Strategic Skills.
Generally, universities in the field of cybersecurity focus
primarily on enhance cognitive, business and strategic skills
but do not focus heavily on non-technical skills. According
to the classification proposed by Mumford, the teamwork,
the collaboration, the communication, and the networking
are included in the interpersonal skills category. Future
professionals of cybersecurity are studying the university;
therefore, the education in engineering, requires encouraging
the development of non-technical skills. Kyllonen presents the
skills that are required in the 21st century among which the
following are mentioned [7]:
• Critical thinking;
• Oral and written communication;
22 Int'l Conf. on Advances on Applied Cognitive Computing | ACC'19 |

• Labor ethics;
• Teamwork;
Complexity
• Collaboration;
• Professionalism;
• Troubleshooting.

NICE Cybersecurity Workforce Framework [26] establishes

a set of knowledge, skills, and abilities for security
professionals related to the non-technical aspect such as:
• Ability to participate as a member of planning teams,
Multi- Situation
coordination groups, and task forces as necessary; disciplinary KSA Awareness
• Ability to apply collaborative skills and strategies;
• Ability to apply critical reading / thinking skills;
• Ability to collaborate effectively with others.

Regarding the second aspect, uncertainty, proposed by

Morin in the field of computer science, some authors such
as [27] and [28] mention that the uncertainty in software
development processes may be associated with human
participation, concurrency, and problem-domain uncertainties.
In the software context, the uncertainty can arise between the
development of a product and the variation of the requirements
presented by the user initially. In the field of cybersecurity,
uncertainty can be associated with others aspects such as the
time, the type and the goal of the cyber-attack.
Working in team also generates uncertainty; in [29] the
authors mention that uncertainty can be generated in function
of people and the environment work, depending on variables
such as preconceptions, altruistic intelligence, harvesting and
serendipity. In [30] the authors suggest that uncertainty
depends on the structure of the teamwork and the interaction
of the members.
In the context of the 21st Century education, there are four
main aspects, as illustrated in Fig. 3, that must be worked in
the education of computer science engineering students in the
field of cybersecurity.
IV. C YBERSECURITY AUTOMATED R ESPONSE BASED ON
C OGNITIVE S KILLS
Our proposal for the automation of incident response is
based on the importance of establish situation awareness to
make the right decision based on an understanding of the
positive and negative aspects of security of organization. Our
proposal takes advantage of the collaborative approach for the
generation of self-awareness and decision-making, is based on
the importance of the cognitive processes of security analysts
to be able to determine a security incident in the multiple
events between which it has to be identified an anomalous
behavior that can alert about an attack. One aspect that
we consider in our proposal is that in order to strengthen
cognitive processes. At the 2017 RSA conference, IBM [31]
presented the cognitive tasks that a security analyst must
perform in the investigation of an incident, in the table III we
propose an association between cybersecurity cognitive tasks
and cognitive processes.
For the process of automation of response to security
incidents, we have proposed a layered architecture depicted
Uncertainty
Figure 3. Knowledge, Skills, Abilities (KSA) in 21st Century.
in Fig. 4. Our proposal emphasizes the analysis layer, in
which the understanding of the data acquired by different
sources such as sensors, logs, or security blogs is made.
Besides, in this layer, the experience of security analysts
and effective communication is fundamental, because it will
predict to adequately evaluate an event and classify it as an
incident if it is the case, and establish the most appropriate
decision to reduce the impact of an attack. Concretely, in
this layer, we have proposed two sub-components that allow
establishing the situation awareness: i) the sub-component
of automatic learning and ii) the teamwork. These two
sub-components share a direct communication aiming at
generating the labels that serve to train the supervised learning
algorithms based on the knowledge generated by the analysts
based on the interaction and exchange of ideas. On the other
hand, unsupervised learning algorithms can detect patterns
or anomalies that are not easily detectable and alert security
analysts to determine if they correspond to a security attack
jointly.
A framework is designed based on processes for data
management that ensure the integrity and quality of the data
in the different layers; then, it includes:
• Collection;
• Preparation;
• Analyze;
• Visualization;
• Access.
In the following, we present a detailed description of the
layers that compose our proposed framework in Fig. 4.
a) Cyber Collect Layer: It covers the sources of
information that will be used to create cybersecurity situation
awareness. Among the sources of information, the following

ISBN: 1-60132-491-X, CSREA Press ©

Int'l Conf. on Advances on Applied Cognitive Computing | ACC'19 |
Table III
TASKS AND S KILLS IN CYBERSECURITY OPERATIONS .
Tasks
TC-1. Review incident data.
TC-2. Review the events by aspects of interest
TC-3. Pivot in the data to find atypical values or outliers
TC-4. Expand the search to find more data
TC-5. Investigate the threat to develop experience
TC-6. Discover new threats
TC-7. Determine indicators of commitment in other sources
TC-8. Apply intelligence to investigate the incident
TC-9. Discover IPs potentially infected
TC-10. Qualify the incident based on the knowledge generated based on the investigation of the threat
TC-11. Prescriptive analysis in base of attack profile
TC-12. Analysis of lessons learned based on the dispersion map of the attack
Figure 4. Cybersecurity Automated Response based on Cognitive Skills.
can be considered:
• Cyber simulations platforms;
• Sensors;
• Intrusion detection systems;
• Vulnerability analysis;
• Security portals, blogs or feeds;
• Netflow;
• Servers and networking appliances logs.
b) Infrastructure Layer: The following components are
included in the infrastructure layer:
• Servers of data collection, in these servers the process
of data ingestion of the different sources of information
will be carried out. At least three servers are considered
ISBN: 1-60132-491-X, CSREA Press ©
23
Cognitive skills
Perception
Perception
Comprehension
Projection
Comprehension
Projection
Comprehension
Projection
Awareness
Comprehension
Awareness
Awareness
for the load balancing process, and high availability.
• Indexing servers, in these servers the process of indexing
the data is performed, for which the attributes are defined
on the basis of which the process of debugging the
data and processing it is performed for the generation
of information in the visualization layer . At least two
servers are considered for the load balancing and high
availability process.
• Queue management servers, this server establishes the
processes to manage the processing resources of the
Big Data solution when several requests for information
are executed simultaneously Reporting servers and data
visualization, this server handles the tools for data
visualization and allows the interaction with the analyst
to be able to perform information queries.
• Intrusion Detection server, in this server the rules for
the detection of patterns related to security attacks are
defined, the server has access with the security sensors.
• Alert management server, in this server the alert
management is defined to notify the analyst when
anomalous patterns are detected, in this server the
inclusion of an incident management system that allows
the flow control of escalations in front of the detection
of security incidents.
c) Indexing Layer: It contributes to define search
dictionary.
d) Situation Awareness Layer: This layer is the core our
proposal. In this layer the objective is establish a baseline
of the security status of an organization, for this purpose
we consider two components, the first consisting of learning
machine algorithms that allow to identify patterns or anomalies
based on pre-processed data from different sources as server
logs, the second component called teamwork generates the
establishment of self-awareness based on the collaborative
work of CSIRT security analysts. Based on the generation
of knowledge produced by the teamwork you can train the
learning algorithms to improve their accuracy.
e) Triage Layer: It defines the alerts that are generated
towards security analysts, CSIRT or other actors in the incident
management process. In accordance with good practices, it is
advisable to define a categorization of alert levels.
24 Int'l Conf. on Advances on Applied Cognitive Computing | ACC'19 |
f) Automated Response Layer: It defines the response
actions that can be automated, for this is necessary to establish
a security incident management plan.
V. D ISCUSSION
In psychology research, job performance is a topic that
seeks to improve performance at work thought of personal and
environmental variables. The variables that we have analyzed
in this study are the cognitive skills in the professionals
who perform incident management in the cybersecurity field.
We consider that the higher cognitive processes linked to
executive function produce higher performance of the tasks
solved for security analyst, due to the high demand in the
quick response to reduce the impact of attacks. For this reason,
it is essential strengthening cognitive flexibility in order to i)
expand the analysis of the incidents’ data, ii) being able to
visualize a more significant number of possibilities to face
the cyber attacks, ii) develop of inhibitory control to improve
the degree of precision and effectiveness in their decisions.
On the other hand, working memory plays a vital role in
the storage of experiences and the subsequent use of this
information, so this cognitive process also contributes to the
development of the awareness of the situation of risks and
threats to which organizations are exposed. Another critical
variable is linked to the management of stress in the work of
incident management professionals to develop strategies that
allow them to counteract labor demands.
Analyzing if executive functions integrates the perception,
comprehension and projection process, in the cybersecurity
management model based on situation awareness for
improving task’s performance, could enhanced the decision
making process. There are several aspects where non-technical
skills play a crucial role because without adequate
communication and the ability to build shared knowledge,
cybersecurity teams will not reach the effectiveness they need
to face security attacks. For instance, handling complexity
when facing the events or problems that come up should
not be all led to simplistic reasoning by the security analyst
but to be able to generate mental models that represent
the complexity and working as a team. This understanding
can be complicated, so proposals such as the management
of shared mental maps can be significant. Another fact is
multidisciplinary work where specialists from different areas
must participate together, but there are problems of interaction
due to limited knowledge of the area of knowledge of the
pair, different technical vocabularies, and heterogeneous work
methodologies. Finally, handling the uncertainty of knowing
at the end the result of an activity or the interaction with other
team members.
The proposed model of Big Data cover the different
components that must be considered for the generation of
knowledge regarding the cybersecurity status (Cybersecurity
Situation Awareness). Just implementing a Big Data
architecture is not enough to solve the problem of dealing with
the processing of large amounts of data, we should work on
identifying reliable information sources, establish data quality
ISBN: 1-60132-491-X, CSREA Press ©
control processes, generate safety commitment indicators, and
define the update data times.
To establish situation awareness from the information that
can be processed by security analysts, we have proposed
a framework composed of four modules as illustrated in
Fig. 5: sources, cognitive processes, collaborative security
tasks, and soft-skills. The teamwork supports the four modules.
In [23], the authors mention that the goal of a team is
to encourage the members to analyze the way they work
together, identify their weaknesses, and develop new forms of
collaboration. To achieve this, it is essential that the learning
process focuses on tasks. Following the Newstrom model of
equipment construction [23], we propose the following in the
cybersecurity field:
• Trained Specialist to identify the problem;
• Data collection;
• Feedback for the development of action plans;
• Generation of situational awareness;
• Solution experience;
• Continuous improvement.
VI. C ONCLUSIONS AND F UTURE WORK
The technological and social changes generate dynamic
and complex environments that produce large amounts of
data. This fact poses new challenges to security analysts who
must process the data to determine patterns or anomalies
that allow identifying threats or security attacks. The use
of Cognitive Security is proposed as a new alternative to
improve the effectiveness of security operations by providing
the ability to process large volumes of data of different formats
in a short time. In the field of cybersecurity, Big Data is
applied majority to monitoring operations and detection of
anomalies which focus on reactive security strategies, but other
security activities could be enhanced by Big Data analytics for
proactive strategies such as threat hunting or cyber deception.
Cybersecurity tasks for incident management include
identifying data about the incident to have an amplitude of the
attack scenario. Developing experiences from the data about
the threats and attacks allow establishing the awareness of the
cybersecurity situation. Establishing cybersecurity situation
awareness require cognitive and emotional skills in which the
ability of cognitive processes are essential; perception and
attention are the first filters that allow security analyst to
collect information from the external environment. The higher
cognitive processes linked to working memory, cognitive
flexibility, and inhibitory control, have a participation in the
decision making and in the behaviors that are externalized in
the incident management tasks.
Continuous improvement of cognitive process in security
analysts can be achieved through these two skills:
1) Process control that is an important skill within a
team member because it helps members to perceive,
understand and react constructively.
2) Feedback that allows you to have data in which to
sustain your decisions, self-correction based on how they
see other members of the team.
Int'l Conf. on Advances on Applied Cognitive Computing | ACC'19 |
Figure 5. Cybersecurity Teamwork Framework
There are different proposals in the commercial and
academic field regarding the use of Big Data and machine
learning in the security field; however, they have not been
widely implemented. We consider that a possible future work
is to analyze the reasons for that, in general perspective, could
be budget, personnel experience, lack of technical support.
Furthermore, a review through a focus group could be an
important contribution to complement the present study.
ACKNOWLEDGMENT
The authors would like to thank the financial support of the
Ecuadorian Corporation for the Development of Research and
the Academy (RED CEDIA) for the development of this work,
under Project Grant GT-II-2017.
R EFERENCES
[1] M. Review. (2019) Las cinco nuevas ciberamenazas más peligrosas que
veremos en 2019. [Online]. Available: https://www.technologyreview.es
[2] FIRST. (2019) Forum of incident response and security teams. [Online].
Available: https://www.first.org
[3] IBM. (2018) Ai for cybersecurity. [Online]. Available:
https://www.ibm.com/security/artificial-intelligence
[4] NIST. (2018) Big data public working group. [Online]. Available:
https://www.nist.gov/el/cyber-physical-systems/big-data-pwg
[5] MIT. (2018) Cognitive science. [Online]. Available:
https://bcs.mit.edu/research/cognitive-science
[6] J. Steinke, “Improving cybersecurity incident response team
effectiveness using teams-based research,” IEEE Security and Privacy,
vol. 13, no. 4, pp. 20–29, Jul. 2015.
[7] P. Kyllonen, “Measurement of 21st century skills within the common
core state standards,” 01 2012.
[8] ACM. (2017) Cibersecurity curricula 2017. [Online]. Available:
https://www.acm.org
[9] R. Karasek, C. Brisson, N. Kawakami, I. Houtman, P. Bongers,
and B. Amick, “The job content questionnaire (jcq): An instrument
for internationally comparative assessments of psychosocial job
characteristics,” Journal of occupational health psychology, vol. 32, pp.
322–55, 1998.
[10] A. Miyake and M. J. W. A. H. H. A. W. T. D. Friedman, N.
P.and Emerson, “The unity and diversity of executive functions and their
contributions to complex “frontal lobe” tasks: A latent variable analysis.”
Cognitive Psychology, vol. 41, p. 49–100, 2000.
[11] MIT. (2018) Tr10: La ciudad sensible. [Online]. Available:
https://www.technologyreview.es/s/10023/tr10-la-ciudad-sensible
[12] Gartner. (2017) Press release. [Online]. Available:
https://www.gartner.com
[13] L. Jagadeesan, A. Mc Bride, V. K. Gurbani, and J. Yang,
“Cognitive security: Security analytics and autonomics for
virtualized networks,” in Proceedings of the Principles Systems
and Applications on IP Telecommunications, ser. IPTComm ’15.
New York, NY, USA: ACM, 2015, pp. 43–50. [Online]. Available:
http://doi.acm.org/10.1145/2843491.2843837
ISBN: 1-60132-491-X, CSREA Press ©
View publication stats
25
[14] R. Greenstadt and J. Beal, “Cognitive security for personal devices,”
in Proceedings of the 1st ACM Workshop on Workshop on AISec, ser.
AISec ’08. New York, NY, USA: ACM, 2008, pp. 27–30. [Online].
Available: http://doi.acm.org/10.1145/1456377.1456383
[15] M. Möstl, J. Schlatow, R. Ernst, H. Hoffmann, A. Merchant, and
A. Shraer, “Self-aware systems for the internet-of-things,” in 2016
International Conference on Hardware/Software Codesign and System
Synthesis (CODES+ISSS), Oct 2016, pp. 1–9.
[16] D. B. Abeywickrama and E. Ovaska, “A survey of autonomic
computing methods in digital service ecosystems,” Serv. Oriented
Comput. Appl., vol. 11, no. 1, pp. 1–31, Mar. 2017. [Online]. Available:
https://doi.org/10.1007/s11761-016-0203-8
[17] S. Baker, “The identification of the self,” Psychological Review, no. 3,
pp. 272–284, May 1897.
[18] P. R. Lewis, A. Chandra, and Parsons, “Self-awareness and
self-expression: Inspiration from psychology,” in Self-awareness and
Self-expression: Inspiration from Psychology. Springer, Cham, 2016.
[19] J. Camara, S. Kounevand, J. Kephart, A. Milenkoski, and X. Zhu,
“Self-aware computing systems: Related concepts and research areas,” in
Self-aware Computing Systems: Related Concepts and Research Areas.
Springer, Cham, 2017.
[20] J. Timonen, “Improving situational awareness of cyber physical systems
based on operator’s goals,” 06 2015, pp. 1–6.
[21] R. Breton and R. Rousseau, “The c-ooda: A cognitive version of the
ooda loop to represent c2 activities. topic: C2 process modelling,” 03
2019.
[22] CSIAC. (2018) National cyber security awareness month. [Online].
Available: https://www.csiac.org
[23] K. Davis and J. W. Newstrom, “Comportamiento humano en el trabajo
/ k. davis, j.w. newstrom ; tr. por antonio núñez ramos.” 03 2019.
[24] E. Morin and A. Sátiro, “Edgar morin y los siete
saberes necesarios para la educación del futuro,”
http://www.redined.mec.es/oai/indexg.php?registro=018200430039,
03 1999.
[25] M. D. Mumford, E. Todd, C. Higgs, and T. Mcintosh, “Cognitive skills
and leadership performance: The nine critical skills,” The Leadership
Quarterly, vol. 28, 11 2016.
[26] NICSS. (2018) Cybersecurity workforce framework. [Online]. Available:
https://niccs.us-cert.gov/
[27] H. Ziv and D. Richardson, “The uncertainty principle in software
engineering,” 09 1996.
[28] H. Ibrahim, B. H. Far, A. Eberlein, and Y. Daradkeh, “Uncertainty
management in software engineering: Past, present, and future,” in 2009
Canadian Conference on Electrical and Computer Engineering, May
2009, pp. 7–12.
[29] Y. Engel, M. Kaandorp, and T. Elfring, “Toward a dynamic process
model of entrepreneurial networking under uncertainty,” Journal of
Business Venturing, vol. 32, pp. 35–51, 01 2017.
[30] P. Nowell and K. Williams-Middleton, “Trust-control relationships in
new venture teams during organizational emergence,” 11 2016.
[31] IBM. (2017) Applied cognitive security complementing the security
analyst. [Online]. Available: https://www.rsaconference.com