Career Paper
Cyber Defense Forensics Analyst
Abstract
By incorporating social sciences into daily duties, cyber defense forensic analysts can improve their ability to detect, prevent and respond to threats while also considering the human factors involved in said incidents. Discussed in this paper are the roles and duties of a cyber defense forensic analyst and social science topics such as human behavior, social engineering defense, and ethical and legal considerations.
Introduction
According to the Cybersecurity & Infrastructure Security Agency (CISA), primary duties of a cyber defense forensic analyst include,
“Conduct analysis of log files, evidence, and other information to determine best methods for identifying the perpetrator(s) of a network intrusion, confirm what is known about an intrusion and discover new information, if possible, after identifying intrusion via dynamic analysis, provide technical summary of findings in accordance with established reporting procedures, perform file system forensic analysis, collect and analyze intrusion artifacts (e.g., source code, malware, and system configuration) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise.” (Cyber Defense Forensics Analyst | CISA, n.d.)
A cyber defense forensic analyst integrates social sciences into their daily work using contextual understanding to conduct more comprehensive investigations while considering ethical considerations ensuring marginalized groups are included in their studies. This leads to a better understanding of the psychological aspects of cyberattacks.
Social engineering defense
Social engineering tactics are often based on the principals of social influence. By exploiting people’s habits of conforming to social or group norms or complying with authority figures, social engineers can manipulate victims by invoking an emotional response to influence the victim’s behavior. Cyber defense forensic analysts who understand these emotional triggers are better equipped to develop countermeasures to avoid these tactics.
Understanding human behavior
“The shift in focus from technology to processes, and subsequently the human element, has come with the realization that technology and processes are only as good as the human beings that use them.” (Dontamsetti & Narayanan, 2011 p.16) Reasearch in psychology brings with it an understanding of human decision-making processes and openness to social engineering attacks. Understanding the behavior of threats and users helps make defending and mitigating risks easier. For the cyber defense forensic analyst, identifying the intruder and how they were let in is crucial to job success.
Legal and ethical considerations
Forensic analysts follow a professional code of ethics to guide their decision making. Ethical codes established by organizations such as the International Association of Computer Investigative Specialists (IACIS) or the International Society of Forensic Computer Examiners (ISFCE) provide guidance for these ethical responsibilities. Recognizing that cultural variations exist, especially in marginalized groups who may have limited legal protections, is essential for conducting ethical and respectful analyses. Social science research on cultural diversity educates forensic analysts about cultural norms and differences related to privacy allowing for better analysis.
Conclusion
Intergrating social sciences principles into cyber defense forensic analysis increases the effectiveness of cybersecurity efforts by considering both technical and human factors. By understanding human behavior, social engineering tactics and legal and ethical considerations, while considering marginalized groups, analysts can better protect against cyber threats. It becomes evident that understanding human behavior allows analysts to anticipate and counteract these tactics effectively. By recognizing patterns of behavior and susceptibility to manipulation analysts can develop strategies to defend again cyber criminals looking to exploit human psychology. Furthermore, adhering to a strict code of ethics and recognizing cultural variations of feelings towards privacy, analysts ensure integrity and legality of their investigations. The integration of social science principles allows cyber defense analysts to have greater insight and effectiveness. By using knowledge from social science discipline such as psychology and cultural studies, cyber defense forensic analysts can improve their ability to protect against cyber threats for all parties.
References
Cyber Defense Forensics Analyst | CISA. (n.d.). Cybersecurity and Infrastructure Security Agency CISA. https://www.cisa.gov/careers/work-rolescyber-defense-forensics-analyst
Dontamsetti, M., & Narayanan, A. (2011). Impact of the human element on information security. In IGI Global eBooks (pp. 16–42). https://doi.org/10.4018/978-1-60566-036-3.ch003
International Association of Computer Investigative Specialists. (2022). IACIS Policies and Procedures Manual. https://www.iacis.com/wp-content/uploads/2023/03/IACIS-Policies-and-Procedures-Manual-2023.pdf