Abstract
Cybersecurity operations are highly complex, requiring the coordination of specialized skills across multiple teams to successfully execute missions. Command and control within security operations centers is dominated by fragile mental models, demonstrating a need for systems that reinforce shared situational awareness across the organization. In this paper, we present the results of our research to: (1) define the needs associated with tactical cyber situational awareness; and (2) evaluate the usability and utility of a prototype tactical situational awareness dashboard. We found that incident tracking, tasking structure, execution timeline, and resource health constitute the essential aspects of tactical cyber situational awareness. Evaluations of prototypes suggest that three visualizations are well suited for conveying this information. We believe these results generalizable and will enable the development of tactical situational awareness capabilities in Security Operations Centers across public and private enterprises.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Endsley, M.R.: Design and evaluation for situation awareness enhancement. In: Proceedings of the Human Factors Society Annual Meeting, vol. 32, no. 2, pp. 97–101. SAGE Publications, Los Angeles (1988)
Franke, U., Brynielsson, J.: Cyber situational awareness–a systematic review of the literature. Comput. Secur. 46, 18–31 (2014)
Jajodia, S., Noel, S., Kalapa, P., Albanese, M., Williams, J.: Cauldron mission-centric cyber situational awareness with defense in depth. In: MILCOM, pp. 1339–1344 (2011)
Matthews, E.D., Arata III, H.J., Hale, B.L.: Cyber situational awareness. Cyber Def. Rev. 1(1), 35–46 (2016)
Entin, E.E., Serfaty, D.: Adaptive team coordination. Hum. Factors 41(2), 312–325 (1999)
MacMillan, J., Entin, E.E., Serfaty, D.: Communication Overhead: The Hidden Cost of Team Cognition. Team Cognition: Process and Performance at the Inter- and Intra-Individual Level. American Psychological Association, Washington, DC (2004)
Sundaramurthy, S.C., Case, J., Truong, T., Zomlot, L., Hoffmann, M.: A tale of three security operation centers. In: Proceedings of the 2014 ACM Workshop on Security Information Workers, pp. 43–50. ACM (2014)
Cichonski, P., Millar, T., Grance, T., Scarfone, K.: Computer security incident handling guide. NIST Spec. Publ. 800(61), 1–147 (2012)
Cyber Incident Handling Program, CJCSM 6510.01b, Joint Chiefs of Staff, Washington, D.C. (2012)
Shneiderman, B.: The eyes have it: a task by data type taxonomy for information visualizations. In: Proceedings of the 1996 IEEE Symposium on Visual Languages. IEEE (1996)
Halton, J.H.: Algorithm 247: radical-inverse quasi-random point sequence. Commun. ACM 7(12), 701–702 (1964)
Bennett, K.B., Flach, J.M.: Display and Interface Design: Subtle Science. Exact Art. CRC Press, Boca Raton (2011)
Virzi, R.A.: Refining the test phase of usability evaluation: how many subjects is enough? Hum. Factors 34(4), 457–471 (1992)
Woods, D.D.: Essential characteristics of resilience. In: Resilience Engineering, pp. 33–46. CRC Press (2017)
Roberts, J.C.: State of the art: coordinated & multiple views in exploratory visualization. In: IEEE Fifth International Conference on Coordinated and Multiple Views in Exploratory Visualization CMV 2007, pp. 61–71 (2007)
Acknowledgments
This work was conducted in connection with contract FA8750-17-C-0203 with the Air Force Research Laboratory. The views, opinions, and findings contained herein are those of the authors alone. The authors would like to thank Rick Fedors, Capt. Jonathan Beabout, TSgt. Freddie Morales-Torres, Robert Hoffman, Larry Bunch, John Schrimpf, and Mike Garrity for their contributions to this work.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Mullins, R., Nargi, B., Fouse, A. (2020). Understanding and Enabling Tactical Situational Awareness in a Security Operations Center. In: Corradini, I., Nardelli, E., Ahram, T. (eds) Advances in Human Factors in Cybersecurity. AHFE 2020. Advances in Intelligent Systems and Computing, vol 1219. Springer, Cham. https://doi.org/10.1007/978-3-030-52581-1_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-52581-1_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-52580-4
Online ISBN: 978-3-030-52581-1
eBook Packages: EngineeringEngineering (R0)