Lately, I’ve been thinking about “cybercrime” as I have been learning more about Information Security and the people involved. Cyber Security is a pretty top of mind topic — seems like there is a news story every other day. Even my pal who is a Wall Street investor (bad week for him) — and a self-proclaimed “Tech Luddite” — sent me a MarketWatch post last month about how for bank robbers, data has replaced guns.
Right here, in Portland — just up the street from us, an entire floor of the federal building is filled with FBI agents who spend every day surfing the Web, ferreting out crimes ranging from petty scams to child pornography.
This month the UX team has been working on user personas as part of our ongoing effort to understand the people involved in Infosec. Ferris, here, is an example of a user persona we are working on as we think about how people need to be able to make sense out of the data they get from their log files. Ferris’ primary goal is to proactively detect potential security threats so that he can protect his organization’s sensitive data. He ferrets out suspicious, malicious or unusual behavior. (I think this stock image represents him quite nicely)
- Corporate Goal: Must investigate alerts to prevent potential data loss and deliver the right information to the right people so they can protect their systems
- Pragmatic Goal: Needs to quickly ferret out relevant suspicious, malicious, or unusual behavior in a sea of change and event data and deliver grokable reports
- Personal Goal: Cybersleuth Hero
Ferris has been doing integrity checking faithfully. He has a daily practice that incorporates analysis into daily operations so he can identify threat trends and patterns. His ferreting out suspicious, malicious and unusual behavior has paid off.
He has discovered his system has been compromised. He is a trained professional so he DOES NOT PANIC. He lovingly clutches his copy of The Hitchhiker’s Guide to the Galaxy to his bosom for fortification. Ferris needs to be able to think clearly about what he is doing.
Ferris needs to figure out who the hacker is, how he got in, and what vulnerabilities were exploited — (not necessarily in that order).
To further analyze the intrusion, he uses a tool to look longitudinally at the data so he can do a “post-mortem” system analysis.
When he finds the problem he prepares to inform system or network administrators who might be affected — both his own and those on other networks. Ferris might even report the incident to the Computer Emergency Response Team (CERT). If he does, he will need to provide report information related to the cybercrime activities he noticed, including the means by which he noticed, the host systems and networks involved in the attack, and any other data he has gathered from log files, network activity analysis, and use of forensic tools.
Funny story. I was looking for some stock images to represent our personas. Mark Little, one of our interaction designers, sent me this link from Boing Boing on “Hacker Stock Art”. It is so hilarious, I laughed for twenty minutes. Go here you won’t be sorry.
Note: This post was originally published on Tripwire’s blog – The State of Security at this link: http://www.tripwire.com/state-of-security/it-security-data-protection/cyber-security/ux-research-ferreting-out-cybercrime/