InCReASE: A Dynamic Framework Towards Enhancing Situational Awareness in Cyber Incident Response - Information Technology in Disaster Risk Reduction
Conference Papers Year : 2023

InCReASE: A Dynamic Framework Towards Enhancing Situational Awareness in Cyber Incident Response

Lucia Castro Herrera
  • Function : Author
  • PersonId : 1132859

Abstract

Protecting valuable IT assets is one of the most significant challenges that organizations face today. Cyber criminals operating beyond physical boundaries, are able to disrupt and destroy cyber infrastructure, deny organizations access to IT services, and steal sensitive data. In response, enterprises organize security operations centres at the heart of their entities with the purpose of employing socio-technical systems with capabilities to detect, analyze and respond to these threats. This exploratory study examines how such capabilities are operationalized in leading “Managed Security Service Providers” (MSSPs) providing cybersecurity operations and incident response, and looks at how situation awareness knowledge is constructed through the organizational levels of the enterprise detection and response. In this context, situational awareness span over different levels in the organization starting from team personnel, ending at top management. Our work contributes to situational awareness theory in the context of cybersecurity operations and incident response. Thus, we advance the understanding of the organizational capabilities of MSSPs to develop awareness of the cyber-threat landscape and the broader operational dynamics. By introducing InCReASE, a dynamic framework towards enhancing situation awareness in Security Operations Centers (SOC) operations and incident response; we extend existing situational awareness models, combining elements of the existing body of knowledge and our empirical findings. The presented work is a reflection on the best practices adopted by MSSPs organizations operating in Norway.
Embargoed file
Embargoed file
1 2 0
Year Month Jours
Avant la publication
Thursday, January 1, 2026
Embargoed file
Thursday, January 1, 2026
Please log in to request access to the document

Dates and versions

hal-04680531 , version 1 (28-08-2024)

Licence

Identifiers

Cite

Jarl Andreassen, Martin Eileraas, Lucia Castro Herrera, Nadia Saad Noori. InCReASE: A Dynamic Framework Towards Enhancing Situational Awareness in Cyber Incident Response. 7th International Conference on Information Technology in Disaster Risk Reduction (ITDRR), Oct 2022, Krisitansand, Norway. pp.230-243, ⟨10.1007/978-3-031-34207-3_15⟩. ⟨hal-04680531⟩
34 View
1 Download

Altmetric

Share

More