Skip to main content

Understanding and Enabling Tactical Situational Awareness in a Security Operations Center

  • Conference paper
  • First Online:
Advances in Human Factors in Cybersecurity (AHFE 2020)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1219))

Included in the following conference series:

  • 1723 Accesses

Abstract

Cybersecurity operations are highly complex, requiring the coordination of specialized skills across multiple teams to successfully execute missions. Command and control within security operations centers is dominated by fragile mental models, demonstrating a need for systems that reinforce shared situational awareness across the organization. In this paper, we present the results of our research to: (1) define the needs associated with tactical cyber situational awareness; and (2) evaluate the usability and utility of a prototype tactical situational awareness dashboard. We found that incident tracking, tasking structure, execution timeline, and resource health constitute the essential aspects of tactical cyber situational awareness. Evaluations of prototypes suggest that three visualizations are well suited for conveying this information. We believe these results generalizable and will enable the development of tactical situational awareness capabilities in Security Operations Centers across public and private enterprises.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Endsley, M.R.: Design and evaluation for situation awareness enhancement. In: Proceedings of the Human Factors Society Annual Meeting, vol. 32, no. 2, pp. 97–101. SAGE Publications, Los Angeles (1988)

    Google Scholar 

  2. Franke, U., Brynielsson, J.: Cyber situational awareness–a systematic review of the literature. Comput. Secur. 46, 18–31 (2014)

    Article  Google Scholar 

  3. Jajodia, S., Noel, S., Kalapa, P., Albanese, M., Williams, J.: Cauldron mission-centric cyber situational awareness with defense in depth. In: MILCOM, pp. 1339–1344 (2011)

    Google Scholar 

  4. Matthews, E.D., Arata III, H.J., Hale, B.L.: Cyber situational awareness. Cyber Def. Rev. 1(1), 35–46 (2016)

    Google Scholar 

  5. Entin, E.E., Serfaty, D.: Adaptive team coordination. Hum. Factors 41(2), 312–325 (1999)

    Article  Google Scholar 

  6. MacMillan, J., Entin, E.E., Serfaty, D.: Communication Overhead: The Hidden Cost of Team Cognition. Team Cognition: Process and Performance at the Inter- and Intra-Individual Level. American Psychological Association, Washington, DC (2004)

    Google Scholar 

  7. Sundaramurthy, S.C., Case, J., Truong, T., Zomlot, L., Hoffmann, M.: A tale of three security operation centers. In: Proceedings of the 2014 ACM Workshop on Security Information Workers, pp. 43–50. ACM (2014)

    Google Scholar 

  8. Cichonski, P., Millar, T., Grance, T., Scarfone, K.: Computer security incident handling guide. NIST Spec. Publ. 800(61), 1–147 (2012)

    Google Scholar 

  9. Cyber Incident Handling Program, CJCSM 6510.01b, Joint Chiefs of Staff, Washington, D.C. (2012)

    Google Scholar 

  10. Shneiderman, B.: The eyes have it: a task by data type taxonomy for information visualizations. In: Proceedings of the 1996 IEEE Symposium on Visual Languages. IEEE (1996)

    Google Scholar 

  11. Halton, J.H.: Algorithm 247: radical-inverse quasi-random point sequence. Commun. ACM 7(12), 701–702 (1964)

    Article  Google Scholar 

  12. Bennett, K.B., Flach, J.M.: Display and Interface Design: Subtle Science. Exact Art. CRC Press, Boca Raton (2011)

    Book  Google Scholar 

  13. Virzi, R.A.: Refining the test phase of usability evaluation: how many subjects is enough? Hum. Factors 34(4), 457–471 (1992)

    Article  Google Scholar 

  14. Woods, D.D.: Essential characteristics of resilience. In: Resilience Engineering, pp. 33–46. CRC Press (2017)

    Google Scholar 

  15. Roberts, J.C.: State of the art: coordinated & multiple views in exploratory visualization. In: IEEE Fifth International Conference on Coordinated and Multiple Views in Exploratory Visualization CMV 2007, pp. 61–71 (2007)

    Google Scholar 

Download references

Acknowledgments

This work was conducted in connection with contract FA8750-17-C-0203 with the Air Force Research Laboratory. The views, opinions, and findings contained herein are those of the authors alone. The authors would like to thank Rick Fedors, Capt. Jonathan Beabout, TSgt. Freddie Morales-Torres, Robert Hoffman, Larry Bunch, John Schrimpf, and Mike Garrity for their contributions to this work.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Ryan Mullins .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2020 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Mullins, R., Nargi, B., Fouse, A. (2020). Understanding and Enabling Tactical Situational Awareness in a Security Operations Center. In: Corradini, I., Nardelli, E., Ahram, T. (eds) Advances in Human Factors in Cybersecurity. AHFE 2020. Advances in Intelligent Systems and Computing, vol 1219. Springer, Cham. https://doi.org/10.1007/978-3-030-52581-1_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-52581-1_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-52580-4

  • Online ISBN: 978-3-030-52581-1

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics