Chapter

Cyber Defense and Situational Awareness

Volume 62 of the series Advances in Information Security pp 47-62

Date:

Formation of Awareness

  • Massimiliano AlbaneseAffiliated withGeorge Mason University
  • , Sushil JajodiaAffiliated withGeorge Mason University Email author 

* Final gross prices may vary according to local VAT.

Get Access

Abstract

Having discussed the importance and key features of CSA, both in general and in comparison with a better known Kinetic Situational Awareness, we now proceed to explore how and from where the CSA emerges. Formation of Cyber Situational Awareness is a complex process that goes through a number of distinct phases and produces a number of distinct outputs. Humans with widely different roles drive this process while using diverse procedures and computerized tools. This chapter explores how situational awareness forms within the different phases of the cyber defense process, and describes the different roles that are involved in the lifecycle of situational awareness. The chapter presents an overview of the overall process of cyber defense and then identifies several distinct facets of situational awareness in the context of cyber defense. An overview of the state of the art is followed by a detailed description of a comprehensive framework for Cyber Situational Awareness developed by the authors of this chapter. We highlight the significance of five key functions within CSA: learning from attacks, prioritization, metrics, continuous diagnostics and mitigation, and automation.