Paper Type

Complete

Paper Number

1662

Description

Effective response to cyber-attack requires situational awareness (SA) of the incident environment. This paper conducts a systematic literature review (SLR) of cyber security SA and how individuals’ performance can be improved in critical environments facing hybrid warfare threats. We examine how SA enhances Security Operations Centres (SOCs) to manage incidents and how it is understood based on the role of SOCs during attacks. We investigate three aspects of SA: Theoretical foundations; levels of situation; and measurement methods. The paper identifies that most literature is based on Endsley’s three-level model of SA, which has been adapted to the cybersecurity domain as “Cyber Situation Awareness”. However, some studies, especially those focusing on developing tools to enhance SA, lack a clear theoretical basis or use alternative models. We identified a balance between individual, group, and concepts of SA.

Comments

Security

Share

COinS
 
Jul 2nd, 12:00 AM

Cyber Situational Awareness in Security Operation Centres

Effective response to cyber-attack requires situational awareness (SA) of the incident environment. This paper conducts a systematic literature review (SLR) of cyber security SA and how individuals’ performance can be improved in critical environments facing hybrid warfare threats. We examine how SA enhances Security Operations Centres (SOCs) to manage incidents and how it is understood based on the role of SOCs during attacks. We investigate three aspects of SA: Theoretical foundations; levels of situation; and measurement methods. The paper identifies that most literature is based on Endsley’s three-level model of SA, which has been adapted to the cybersecurity domain as “Cyber Situation Awareness”. However, some studies, especially those focusing on developing tools to enhance SA, lack a clear theoretical basis or use alternative models. We identified a balance between individual, group, and concepts of SA.

When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.