Functional requirements of situational awareness in computer network security

Abstract

The underpinning of situational awareness in computer networks is to identify adversaries, estimate impact of attacks, evaluate risks, understand situations and make sound decisions on how to protect valued assets swiftly and accurately. SA also underscores situation assessment in order to make accurate forecast in dynamic and complex environments. In this paper, situational awareness in computer network security is investigated. Functional attributes of situational awareness in computer network security are discussed: dynamism and complexity, automation, realtime processing, multisource data fusion, heterogeneity, security visualisation, decision control, risk assessment, resolution, forecasting and prediction.