This year, we will emphasize risk management and decision making in cyberspace by continuing to explore novel and predictive analytic approaches and visualization techniques.  Among the specific topics we wish to explore at the workshop are the following:

--Decision-making and risk management:  The ability to estimate the occurrence of future events using expertise, observation and intuition is critical to the human decision-making process. From a biophysical perspective, there is strong evidence that the neocortex provides a basic framework for memory and prediction in which human intelligence emerges as a process of pattern storage, recognition and projection rooted in our experience of the world and driven by perception and creativity. The human decision making can therefore be seen as a situation-action matching process which is context-bound and driven by experiential knowledge and intuition. However, despite the natural disposition of humans towards prediction, our ability analyze, to forecast and respond to plausible futures remains one of the greatest intelligence challenges because of limitations on human reasoning due to cognitive and cultural biases. The objective of track discussions will center on how to assist analysts and policymakers in providing better cybersecurity analysis and response through the enablement of a human-based approach to decision-making that is unhindered by cognitive and cultural biases. The following questions illustrate some of the topics that will be discussed.

What aspects of decision-making and risk management are unique to cybersecurity?  What are the parallel analytic strengths and pathologies in cyberspace and how do they manifest themselves? 

• How do cognitive and cultural biases affect human decision-making in cybersecurity?
• What methods can be used to reduce human biases that hamper decision-making in cybersecurity?
• Can social intelligence practices such as crowdsourcing and collaborative decision-making aid us in improving human decision-making in identifying and mitigating cyberspace threats?
• How can methods and practices that improve human decision-making be applied by the cybersecurity practitioner?  Are these methods and practices within reach? 
• What technologies can be used to implement these methods and practices? Will these technologies be accepted by cybersecurity practitioners?
• What aspects of social networking can be applied to cybersecurity for predictive analysis or problem solution?

--From Visualization to Perception:  The massive volumes of data being collected in the physical and cyber worlds are dwarfing our abilities to assess, identify, characterize, and prioritize items, objects, and issues of interest.  This is the antecedent of any action designed to anticipate or respond.  New visualization methods, as well as those that help humans respond more effectively, are required, especially to help analysts orient and assess large areas of data.   As we discussed at C3E 2010, effective cybersecurity will have to take advantage of effective use of both humans and machines for the things that they each do best.    Some questions we will explore at the C3E Workshop related to the Visualization and Perception track are the following:  

• What are the emerging “best practices” in visualization for the analyst?  How can they orient, assess, and move around large data sets efficiently and effectively?   How can visualization provide a tool for the analysts to navigate easily through large data sets to explore potential relationships and to develop or validate hypotheses?                  

• What is the role of streaming analytics and other techniques in enhancing perception of cyberspace threats?        

• What is our current scientific understanding of the relationship between visualization and perception in both the human and machine-learning worlds?        

• How can we distinguish between anomalies recognized by machines – often the result of incomplete data or computational errors – and anomalies that merit further investigation or immediate response?