Understanding situation awareness in SOCs, a systematic literature review

Ofte, Håvard Jakobsen; Katsikas, Sokratis K.

doi:10.1016/j.cose.2022.103069

Cited by 10 publications

(8 citation statements)

References 45 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A recent review [6] on situation awareness in the Security Operations Center, focusing on cybersecurity, showed that human factors emphasizing situation awareness are important in understanding and improving human performance in complex systems. Another study [7] identified organizational awareness in security management as the most important factor, along with security controls and supportive top management.…”

Section: Theoretical Backgroundmentioning

confidence: 99%

“…For example, given the different areas of research, awareness receives distinctive adjectives, such as context awareness, situational awareness, space situational awareness, cyber awareness, temporal awareness, dynamic unawareness, partial awareness, individual awareness, knowledge awareness, public awareness, environmental awareness, brand awareness, etc. ( [6,[21][22][23][24][25][26][27][28][29][30]). Given the application, the research spans cyber security, surveillance, autonomous vehicles, wireless technologies, the Internet of things, intelligence and software methods, operations research, management, and marketing.…”

Section: Theoretical Backgroundmentioning

confidence: 99%

“…This role may encompass a range of responsibilities, from a generalist overseeing multiple aspects of business operations and security, including cybersecurity, to a more specialized individual with specific training in IT or cybersecurity management. The framework developed herein does not presuppose advanced cybersecurity expertise, making it applicable to a broad spectrum of managerial roles within SMEs [6]. Managerial awareness refers to the knowledge and understanding that managers have about cybersecurity threats and how these threats can affect their organization.…”

Section: Game Settingmentioning

confidence: 99%

See 2 more Smart Citations

Dynamic Awareness and Strategic Adaptation in Cybersecurity: A Game-Theory Approach

Kostelić

2024

Games

View full text Add to dashboard Cite

Awareness and human factors are becoming ever more important in cybersecurity, particularly in the context of small companies that may need more resources to deal with cybersecurity effectively. This paper introduces a theoretical framework for game analysis of the role of awareness in strategic interactions between the manager and a hacker. A computable approach is proposed based on Bayesian updating to model awareness in a cybersecurity context. The process of gaining awareness considers the manager’s perception of the properties of the hacker’s actions, game history, and common knowledge. The role of awareness in strategy choices and outcomes is analyzed and simulated, providing insights into decision-making processes for managers and highlighting the need to consider probabilistic assessments of threats and the effectiveness of countermeasures. The accuracy of the initial frequencies plays a significant role in the manager’s success, with aligned frequencies leading to optimal results. Inaccurate information on prior frequencies still outperforms complete uncertainty, emphasizing the value of any available intelligence. However, the results suggest that other awareness modeling approaches are necessary to enhance the manager’s agility and adaptiveness when the prior frequencies do not reflect the immediate attacker’s type, indicating the need for improved intelligence about cyber-attacks and examinations of different awareness modeling approaches.

show abstract

Section: Theoretical Backgroundmentioning

confidence: 99%

Section: Theoretical Backgroundmentioning

confidence: 99%

Section: Game Settingmentioning

confidence: 99%

See 1 more Smart Citation

Dynamic Awareness and Strategic Adaptation in Cybersecurity: A Game-Theory Approach

Kostelić

2024

Games

View full text Add to dashboard Cite

show abstract

“…The SA model by Endsley (1988) is the most commonly used model for SA in cybersecurity contexts (Ofte and Katsikas, 2022). Building on the framework of Endsley (1988), seven requirements have been suggested to achieve full Cyber SA (CSA) for cyber defense (Barford et al, 2009).…”

Section: Situational Awareness For Decision-making and Performancementioning

confidence: 99%

“…Performance metrics are lacking for human cyber operators (Agyepong et al, 2020). This includes measures of CSA as most studies on SA in SOC teams only utilize indirect measures of CSA (Ofte and Katsikas, 2022). There is still a need to understand what SA means for human cyber operators and methods to objectively measure it in ways that are useful for cybersecurity (Gutzwiller et al, 2020).…”

Section: Cyber Situational Awarenessmentioning

confidence: 99%

Gamification as a neuroergonomic approach to improving interpersonal situational awareness in cyber defense

et al. 2023

View full text Add to dashboard Cite

In cyber threat situations, the establishment of a shared situational awareness as a basis for cyber defense decision-making results from adequate communication of a Recognized Cyber Picture (RCP). RCPs consist of actively selected information and have the goal of accurately presenting the severity and potential consequences of the situation. RCPs must be communicated between individuals, but also between organizations, and often from technical to non−/less technical personnel. The communication of RCPs is subject to many challenges that may affect the transfer of critical information between individuals. There are currently no common best practices for training communication for shared situational awareness among cyber defense personnel. The Orient, Locate, Bridge (OLB) model is a pedagogic tool to improve communication between individuals during a cyber threat situation. According to the model, an individual must apply meta-cognitive awareness (O), perspective taking (L), and communication skills (B) to successfully communicate the RCP. Gamification (applying game elements to non-game contexts) has shown promise as an approach to learning. We propose a novel OLB-based Gamification design to improve dyadic communication for shared situational awareness among (technical and non-technical) individuals during a cyber threat situation. The design includes the Gamification elements of narrative, scoring, feedback, and judgment of self. The proposed concept contributes to the educational development of cyber operators from both military and civilian organizations responsible for defending and securing digital infrastructure. This is achieved by combining the elements of a novel communication model with Gamification in a context in urgent need for educational input.

show abstract

Paralyzed or Compromised: A Case Study of Decisions in Cyber-Physical Systems

Ofte,

Katsikas

2024

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Understanding situation awareness in SOCs, a systematic literature review

Cited by 10 publications

References 45 publications

Dynamic Awareness and Strategic Adaptation in Cybersecurity: A Game-Theory Approach

Dynamic Awareness and Strategic Adaptation in Cybersecurity: A Game-Theory Approach

Gamification as a neuroergonomic approach to improving interpersonal situational awareness in cyber defense

Paralyzed or Compromised: A Case Study of Decisions in Cyber-Physical Systems

Contact Info

Product

Resources

About