July 2024
·
202 Reads
Effective response to cyber-attack requires situational awareness (SA) of the incident environment. This paper conducts a systematic literature review (SLR) of cyber security SA and how individuals' performance can be improved in critical environments facing hybrid warfare threats. We examine how SA enhances Security Operations Centres (SOCs) to manage incidents and how it is understood based on the role of SOCs during attacks. We investigate three aspects of SA: Theoretical foundations; levels of situation; and measurement methods. The paper identifies that most literature is based on Endsley's three-level model of SA, which has been adapted to the cybersecurity domain as "Cyber Situation Awareness". However, some studies, especially those focusing on developing tools to enhance SA, lack a clear theoretical basis or use alternative models. We identified a balance between individual, group, and concepts of SA.