Cyber Situational Awareness in Security Operation Centres

Presenter Information

Burkan Hawash, Universiti Kebangsaan MalaysiaFollow
Umi Asma' Mokhtar, Universiti Kebangsaan MalaysiaFollow
Jongkil Jay Jeong, University of MelbourneFollow
Sean B. Maynard, University of MelbourneFollow
Zarina Shukur, Universiti Kebangsaan MalaysiaFollow
Siti Norul Huda Sheikh Abdullah, Universiti Kebangsaan MalaysiaFollow
Rozilawati Razali, Universiti Kebangsaan MalaysiaFollow
Lim Joo Soon, Universiti Kebangsaan MalaysiaFollow

Paper Type

Complete

Paper Number

1662

Description

Effective response to cyber-attack requires situational awareness (SA) of the incident environment. This paper conducts a systematic literature review (SLR) of cyber security SA and how individuals’ performance can be improved in critical environments facing hybrid warfare threats. We examine how SA enhances Security Operations Centres (SOCs) to manage incidents and how it is understood based on the role of SOCs during attacks. We investigate three aspects of SA: Theoretical foundations; levels of situation; and measurement methods. The paper identifies that most literature is based on Endsley’s three-level model of SA, which has been adapted to the cybersecurity domain as “Cyber Situation Awareness”. However, some studies, especially those focusing on developing tools to enhance SA, lack a clear theoretical basis or use alternative models. We identified a balance between individual, group, and concepts of SA.

Comments

Security

Recommended Citation

Hawash, Burkan; Mokhtar, Umi Asma'; Jeong, Jongkil Jay; Maynard, Sean B.; Shukur, Zarina; Abdullah, Siti Norul Huda Sheikh; Razali, Rozilawati; and Soon, Lim Joo, "Cyber Situational Awareness in Security Operation Centres" (2024). PACIS 2024 Proceedings. 8.
https://aisel.aisnet.org/pacis2024/track07_secprivacy/track07_secprivacy/8