The IT Law Wiki

Cyber situational awareness

32,081pages on
this wiki
Add New Page
Add New Page Talk0

Definition Edit

Cyber situational awareness is

[t]he immediate knowledge of friendly, adversary and other relevant information regarding activities in and through cyberspace and the EMS. It is gained from a combination of intelligence and operational activity in cyberspace, the EMS, and in the other domains, both unilaterally and through collaboration with our unified action and public-private partners.[1]

Overview Edit

Cyber situational awareness is the capability that helps security analysts and decision makers:

Cyber situational awareness involves the normalization, deconfliction, and correlation of disparate sensor data, and the ability to analyze data and display the results of these analyses. Situational awareness (SA) is an integral part of an information assurance (IA) common operational picture. Such a picture provides a graphical, statistical, and analytical view of the status of computer networks and the defensive posture.

Situational awareness is the key to effective computer network defense. A robust situational awareness capability is necessitated by the highly interconnected nature of information systems and computer networks, the degree to which they share risk, and the coordination and synchronization requirements of response efforts.

Analysts and decision makers must have tools enabling timely assessment and understanding of the status of the networks and systems that make up the IT infrastructure. This situational understanding must be presented at multiple levels of resolution: 1) a top-level, global indication of system health; 2) exploration of various unfolding threat scenarios against various components of the system; and 3) more local-level details of recognizable or previously unseen anomalous activities.

References Edit

  1. Cyberspace Operations Concept Capability Plan 2016-2028, at 67-68.

Also on Fandom

Random Wiki