Anita D'Amico

• Ph.D.
• CEO at Code Dx

We report on a qualitative study of application security (AppSec) program management. We sought to establish the boundaries used to define program scope, the goals of AppSec practitioners, and the metrics and tools used to measure performance. We find that the overarching goal of AppSec groups is to ensure the security of software systems; this is...

In a survey of cyber defense practitioners, we presented 39 assertions about the work cyber operators do, data sources they use, and how they use or could use cyber security visual presentations. The assertions were drawn from prior work in cyber security visualization over 15 years. Our goal was to determine if these assertions are still valid for...

Best practices for transitioning commercially funded research to operational environments don't always apply to government-funded cybersecurity endeavors due to constraints imposed by government regulations, certifications, and funding cycles. Most approaches for crossing this "valley of death" have been offered from the perspective of government s...

Decision makers must know if their cyber assets are ready to execute critical missions and business processes. Network operators need to know who relies on a failed network asset (e.g. IP address, network service, application) and what critical operations are impacted. This requires a mapping between network assets and the critical operations that...

The cyber security task is an intensely cognitive task that is embedded in a large multi-layered sociotechnical system of analysts, computers, and networks. Effective performance in this world is hampered by enormous size and complexity of the network data, the adaptive nature of intelligent adversaries, the lack of ground truth to assess performan...

Critical infrastructure can be vulnerable to cyber attacks through 802.11 wireless networks. Because wireless intruders are within short range of the targeted network, they can be directly observed by security forces cued to their presence. WildCAT is a prototype system that extends the reach of a physical security force into the cyber realm to det...

Despite more than a decade of significant government investment in network defense research and technology development, there have been relatively few successful transitions across the chasm between research and operational use. Prior work describes approaches to crossing the “valley of death” from the perspective of the government sponsor or indep...

Security visualization has been focused largely on graphic representation of data and relationships between network activity, security sensor output, and attacker activity. Visual analysis tools have not been designed to facilitate the analysis of data related to defender activities and decisions. This paper reports on the initial effort of a resea...

Awareness of the dependencies between cyber assets, missions and users is critical to assessing the mission impact of cyber attacks and maintaining continuity of business operations. However, there is no systematic method for defining the complex mapping between cyber assets (hardware, software, data), missions and users. This paper reports the res...

This research advances Cyber Situation Management by proposing methods for automated mapping of Cyber Assets to Missions and Users (Camus). To enable accurate and efficient cyber incident mission impact assessment, a Camus ontology that defines entities, relationships and attributes (ERAs) associated with them has been drafted. Methods for fusing d...

As wireless networking has become near ubiquitous, the ability to discover, identify, and locate mobile cyber assets over time is becoming increasingly important to information security auditors, penetration testers, and network administrators. We describe a new prototype called MeerCAT (Mobile Cyber Asset Tracks) for visualizing wireless assets, i...

This paper explores the relationship between physical and cyber infrastructures, focusing on how threats and disruptions in physical infrastructures can cascade into failures in the cyber infrastructure. It also examines the challenges involved in organizing and managing massive amounts of critical infrastructure data that are geographically and lo...

Computer network defense (CND) requires analysts to detect both known and novel forms of attacks in massive volumes of network data. Visualization tools can potentially assist in the discovery of suspicious patterns of network activity and relationships between seemingly disparate security events, but few CND analysts are leveraging visualization t...

This paper reports on investigations of how computer network defense (CND) analysts conduct their analysis on a day-to-day basis and discusses the implications of these cognitive requirements for designing effective CND visualizations. The supporting data come from a cognitive task analysis (CTA) conducted to baseline the state of the practice in t...

Information visualization has proven to be a valuable tool for working more effectively with complex data and maintaining situational awareness in demanding operational domains. Unfortunately, many applications of visualization technology fall short of expectations because the technology is used inappropriately - the wrong tool applied in the wrong...

A Cognitive Task Analysis (CTA) was performed to investigate the workflow, decision processes, and cognitive demands of information assurance (IA) analysts responsible for defending against attacks on critical computer networks. We interviewed and observed 41 IA analysts responsible for various aspects of cyber defense in seven organizations within...

One of the objectives of the DARPA Phase 2 SBIR project entitled "Visual Representation of Cyber Defense Situational Awareness" was to prototype 3-D visual representations of mission impact of information security events. Secure Decisions, a Division of Applied Visions Inc., prototyped several mission impact visual displays, and incorporated the mo...

The primary objectives of this project were to design and prototype 3D visual representations of: 1) time trends in information security events; and 2) mission impact of information security events. Secure Decisions, a Division of Applied Visions, Inc., interviewed several information security analysts in the US Dept. of Defense and in commercial i...

By definition, network defenders must prepare for the latest attacks on the latest software running on the newest network topologies. Network product lifecycles shorten, and simulations are expected to incorporate the latest devices, protocols, and network management tools. This has been the authors' experience with SimBLEND, a 3D game-based framew...

Typescript. Thesis (Ph. D.)--Adelphi University, 1984. Includes bibliographical references (leaves 178-185). Photocopy.