Designing Information Systems and Network Components for Situational Awareness
Operators need situational awareness (SA) of their organisation’s computer networks and Information Systems in order to identify threats, estimate impact of attacks, evaluate risks, understand situations, and make sound decisions swiftly and accurately on what to protect against, and how to address incidents that may impact valued assets. Enterprise computer networks are often huge and complex, spanning across several WANs and supporting a number of distributed services. Understanding situations in such dynamic and complex networks is time-consuming and challenging. Operators SA are enhanced through a number of ways, one of which is through the use of situation-aware systems and technology. Designing situation-aware systems for computer network defence (CND) is difficult without understanding basic situational awareness design requirements of network applications and systems. Thus, this chapter investigates pertinent features that are foundation, essential, and beneficial for designing situation-aware systems, software, and network applications for CND.