situational awareness is a driver for detection and response controls

Reply for below 6 posts with 50-75 words


Situational awareness is critical in cyber security because there is no guarantee that an attack will result from known vulnerabilities. In fact, Harrison and Pagliery (2015) report that between 500K and a million new pieces of malware are created every day. While most of these come from variations of the same tool, there are still plenty of new threats being created. Additionally, cyberattacks continue in the form of phishing, viruses, brute force password attempts, port scans, botnets, and more (“Cyber Attack”, 2019).

It is very difficult to look for something when you do not know what it is that you hope to see. This is the case when protecting data from potential intruders and attackers. Craig, Tryfonas, & May (2014) warn that organizations must adopt strategies and processes to identify attacks that have not been identified or classified in the traditional reactive method of blocking threats. Moreover, they warn of the necessity to build system that will identify new threats based on subtle events and signatures, such as the creation of new files or reduced bandwidth.

The National Federation of Independent Business (NFIB) describes situational awareness (SA) as imperative because of the difficulty in reviewing all of the data that is being transmitted across our networks. Simply reviewing the logs of corporate firewalls can be a daunting task and will not reveal attacks that have found a way around this appliance. Governments and businesses cannot assume that their systems are safe just because attacks have not been identified. Fortunately, combining new technologies, such as SIEM, with trained staff, and sufficient visualization tools, will offer new ways to discover unknown attacks (“What Is Cybersecurity Situational Awareness”, 2018).

One of the key elements of SA is information sharing with peers, associations, developers, and ethical hackers. Sharing details ensures that other people will be able to watch for similar threats and report additional findings for the greater good of all. Instilling a sense of community in which people are willing to share is necessary for the greatest impact. Some players may be more interested in learning what others have discovered while failing to disclose their own finding. For instance, the NSA has been known to discover vulnerabilities and use them to collect information for national security (Amoroso, 2013; Craig, Tryfonas, & May, 2014)


Amoroso, E. G. (2013). Cyber attacks: protecting national infrastructure. Amsterdam: Butterworth-Heinemann

Craig, R., Tryfonas, T., & May, J. (2014). A viable systems approach towards cyber situational awareness. 2014 IEEE International Conference on Systems, Man, and Cybernetics (SMC), 2014 IEEE International Conference On, 1405–1411.

Cyber Attack – What Are Common Cyberthreats? (2019, November 12). Retrieved from


Situational Awareness as a Driver for Detection and Response Control

Situational awareness is simply knowing what is happening around us or the perception of the elements within the environment. This can be achieved by assessing using perception and attention, which is followed by an interpretation of the situation. Once that is done, situational awareness forms the basis of decision making.

Situational awareness is essential in that one gets an accurate knowledge of utility cybersecurity that contributes to the overall process of utility systems (Tianfield, 2016). Proper assessment of the operations occurring in the utilities cybersecurity network and the ability to note potential breakdowns, weak areas can be exploited to maximum effect.

Situational analysis requires inputs from a large number of systems. Such a system may be both internal and external. Such systems may include network management security information and prevention systems hence making it a response control.

Situational analysis can help one’s organization in prioritizing cybersecurity spending’s to achieve good results hence providing reliable performance and security. Many companies need to harness the data from many external and internal systems, and in using situation awareness, this is possible (Rajivan & Cooke, 2017).

The fundamental security aspects are access control, environment monitoring, and having the option to react to incidences when they happen. In the new worldview, security can be conveyed by utilizing situational awareness of the environment and reacting to the danger level identified, however, not by structuring a fortification with the desire for having the option to withstand any assaults. Cybersecurity situational awareness isn’t any single item; it is a way of thinking that must be acknowledged by the intelligent utilization of the processes and products that include the data frameworks.


Rajivan, P., & Cooke, N. (2017). Impact of team collaboration on cybersecurity situational awareness. In Theory and Models for Cyber Situation Awareness (pp. 203-226). Springer, Cham.

Tianfield, H. (2016, December). Cybersecurity situational awareness. In 2016 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData) (pp. 782-787). IEEE.


Like other terms of cybersecurity, the situational awareness proves to be the traditional warfare needed for detection and response controls. It also helps in the understanding of the threats and studying how the threats could be changing with the time and fluctuating the variables in the environment. The cybersecurity teams should be in a position to understand the situational awareness and the current threats towards the sensitive data of the organization along with the future threats that are possible (Vanderburg, 2018).

With the pace of the technology related threats that continue to grow, one should be ready with the processes and solutions that regulate them. Data mining is one such solution that help in understanding the data in a better way and gain the insights over it. The situational awareness always needs the input from the larger systems that include both the external and internal things of the organization. The technical systems should be aiming at the organization that even include the network management, event management, security information, and the asset inventory along with the intrusion prevention systems. The external systems might be including the threat and vulnerability databases, along with the data breach notices and exploit details (Vanderburg, 2018).

The other tool is the machine learning which can be used in situational awareness and also in experimenting the hypothetical threat models that help in the identification of the impact and the likelihood of the threats. This will be providing the data that is essential in terms of assigning the risk value and the organizations will be in a situation that will determine the controls that needs to be implemented against the threat. Machine learning is essential in terms of identifying the new hypotheses that emerge from the data. There are risk management programs which are reactive in terms of responding towards the threats and they are realized with the situational awareness that actually protects from the threats. With the environmental changes, the threats will be re-evaluated with the emerging new data (Franke et al, 2014).


Franke et al. (2014). Cyber situational awareness – A systematic review of the literature. Retrieved from,

Vanderburg, E. (2018). What Is Cybersecurity Situational Awareness And Why Should It Be A Critical Part Of Your Security Strategy? Retrieved from,


Cyber-Security is a security process to avoid possible threats from complex tasks. Where the large amounts of network data will be there so then there will be more chances of cyber-attacks. Identifying the threats that could take place from the tasks and avoiding breaching and loss of data is termed as cyber-security (Ben-Asher, 2015). There are many intrusion detection systems to detect the unwanted activities of cybercriminals and what they are going to do so that we can implement the security programs.

To detect all these issues cyber employees should have the knowledge on the cyber activities; the basic awareness of the cyber technologies will facilitate the chance of detecting malicious activities. This knowledge on the cybersecurity can help to detect the malicious activities (Barford, 2010); situated knowledge regarding any specific or particular network in our hands is one of the required things, thus it will help us to take critical network decisions for the right situation.

Cyber situational awareness these days grasping the attention of everyone in the society as it features national cyber strategies of many countries including the research. Situational awareness is a process of identifying the type of attack in that situation, from where the attack is taking place (source of the attack), the target of the attack (Franke, 2014). This situational awareness is advanced to the intrusion detection system. Tracking that situation is the major component of this. Situational awareness is the process structured established to identify the threats and to manage the threat management system (Zhang, 2019).


  1. Ben-Asher, N., & Gonzalez, C. (2015). Effects of cyber security knowledge on attack detection. Computers in Human Behavior, 48, 51-61.
  2. Barford, P., Dacier, M., Dietterich, T. G., Fredrikson, M., Giffin, J., Jajodia, S., … & Ou, X. (2010). Cyber SA: Situational awareness for cyber defense. In Cyber situational awareness (pp. 3-13). Springer, Boston, MA.
  3. Franke, U., & Brynielsson, J. (2014). Cyber situational awareness–a systematic review of the literature. Computers & Security, 46, 18-31.
  4. Zhang, B., Li, W., Sun, X., & Zhao, Y. (2019, April). Mimic Defense Structured Information System Threat Identification and Centralized Control. In Journal of Physics: Conference Series (Vol. 1187, No. 3, p. 032102). IOP Publishing.


Situational Awareness (SA) is a vital part of our daily lives. We conduct situational awareness every day without thinking about it. Imagine standing at a busy intersection. We need to be aware of traffic conditions, traffic lights, safety signs, and who is next to around us. Having situational awareness is necessary to survive in the physical world and provides the information that we need to detect potential issues and in turn, respond to situations as they occur. The behavioral science community provides a definition of situational awareness as an up to the minute cognizance or awareness required to move about, operate equipment, or maintain a system (Pew & Mavor, 1998). If situational awareness is so vital and present in the physical world, it’s not a stretch to think that the same is true once we enter the digital world.

The idea of SA in cyber-systems is not a new concept. There are many models of SA that have been put forward. It is critical that cyber network operators must retain detailed and relevant SA and often face the challenge of protecting critical information (Ioannou, Louvieris & Clewley, 2019). The previous statement could be extended to include critical cyber-systems such as those that are integrated into the national infrastructure.

The age old idea of cyber defense has been replaced by techniques designed to detect intrusions. Organizations are using SA by monitoring ingress and egress routes, cataloging tactics, techniques, and procedures of adversaries to understand impact and adversaries alike (Hathaway, 2014). Another use of SA is the creation of threat assessments or intelligence reports. Inputs to threat assessments can be known threats and trends and recent attacks combined with potential impacts to the infrastructure. The output of threat assessments are the potential problems facing large scale networks. In reality, awareness is not enough as a standalone method to detect intrusions. The awareness must lead to informed action (Hathaway, 2014). Ultimately, the creation of any program of situational awareness must include awareness of real time risks (Amoroso, 2013).

Risk identification is crucial to defining a response strategy when cyber-attacks occur. A detailed ratiocination is needed to define any possible attack scenario. These risks must be recorded and categorized according to potential harm to the network. Once risks are identified, potential responses can be developed. It is far easier to define a response while thinking in blue sky rather in the fog of a cyber-attack while it is happening.


Amoroso, E. (2013). Cyber attacks: protecting national infrastructure. Amsterdam: Butterworth-


Hathaway, M. (2014). Best practices in computer network defense: incident detection and response.

Amsterdam: IOS Press.

Ioannou, G., Louvieris, P. & Clewley, N. (2019). A Markov multi-phase transferable belief model for

Cyber situational awareness. Retrieved from


Pew, R. & Mavor, A. (1998). Modeling human and organizational behavior. Retrieved from…


Situational awareness

Situational awareness in general term is the identification of the status which describes the position of the entity in the environment and also envision the future state of the same entity. In the field of cybersecurity, situational awareness describes the existing threat to the Information Systems of the organization. Through situational awareness, the organization can identify the potential threats that can be occurring in the future. This is measured through time and space (, 2012).

The situational awareness is not just a single phenomenon, rather is the combination of the various steps, by going through which the situational awareness can be derived. These twelve steps are the basics of the learning of the security postures of the organization. these steps are mostly related to management. The steps are following;

  • Asset management of the company
  • Determining the vulnerabilities and managing them
  • Managing the events in the organization that can disturb the security
  • Managing the system configuration, which can provide access to the attackers if in a weak position
  • Managing the information being provided to the system
  • Getting assurance from the software, that should be promising in the capacity to handle the attacker’s move
  • Detection of the malware is necessary for this process

The detection is the first step in the protection of the system, as the virus or the attack of any kind must be detected then after this the right move should be made by the security systems of the organization against the attack. The situational awareness collects the data from both the external and internal sources which makes the machine learning easy to retaliate against the threats being faced by the organization. on the basis of this machine learning, the threat model is being saved which can be used against the possible attack in the future. Through this technique, situational awareness protects the systems form the threats which are yet to be realized (Vanderburg, 2018).


Vanderburg, E. (2018, Sept 6). What Is Cybersecurity Situational Awareness And Why Should It Be A Critical Part Of Your Security Strategy? Retrieved from… (2012, Mar 14). A Practical Guide to Situational Awareness. Retrieved from…