Paper Type
Complete
Paper Number
1662
Description
Effective response to cyber-attack requires situational awareness (SA) of the incident environment. This paper conducts a systematic literature review (SLR) of cyber security SA and how individuals’ performance can be improved in critical environments facing hybrid warfare threats. We examine how SA enhances Security Operations Centres (SOCs) to manage incidents and how it is understood based on the role of SOCs during attacks. We investigate three aspects of SA: Theoretical foundations; levels of situation; and measurement methods. The paper identifies that most literature is based on Endsley’s three-level model of SA, which has been adapted to the cybersecurity domain as “Cyber Situation Awareness”. However, some studies, especially those focusing on developing tools to enhance SA, lack a clear theoretical basis or use alternative models. We identified a balance between individual, group, and concepts of SA.
Recommended Citation
Hawash, Burkan; Mokhtar, Umi Asma'; Jeong, Jongkil Jay; Maynard, Sean B.; Shukur, Zarina; Abdullah, Siti Norul Huda Sheikh; Razali, Rozilawati; Soon, Lim Joo; and Ahmad, Atif, "Cyber Situational Awareness in Security Operation Centres" (2024). PACIS 2024 Proceedings. 8.
https://aisel.aisnet.org/pacis2024/track07_secprivacy/track07_secprivacy/8
Cyber Situational Awareness in Security Operation Centres
Effective response to cyber-attack requires situational awareness (SA) of the incident environment. This paper conducts a systematic literature review (SLR) of cyber security SA and how individuals’ performance can be improved in critical environments facing hybrid warfare threats. We examine how SA enhances Security Operations Centres (SOCs) to manage incidents and how it is understood based on the role of SOCs during attacks. We investigate three aspects of SA: Theoretical foundations; levels of situation; and measurement methods. The paper identifies that most literature is based on Endsley’s three-level model of SA, which has been adapted to the cybersecurity domain as “Cyber Situation Awareness”. However, some studies, especially those focusing on developing tools to enhance SA, lack a clear theoretical basis or use alternative models. We identified a balance between individual, group, and concepts of SA.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.
Comments
Security