Cyber Defense Situational awareness Research Paper

Cyber Defense Situational awareness - Research Paper ExampleThe chapter except outlines the topical issue through sub-topics such(prenominal) as OODA loop, PDAR and J2 intelligence cycle, Cycle and CND and contingency response. Other sub-topics include the role of Digital Forensic in Cyber C2 for concomitant awareness, how models relate in situation awareness, issues with cyber falsification in situation awareness and why active defense is required. The chapter provides a presentation on how active defense enhance organization intelligence cycle. It ends with a summary of the main points in the literature review.2.2 Defining Cyber Security and Situation Awareness.Situation awareness is defined as the capacity to swiftly and efficiently address arriving stimuli with appropriate responses (Cumiford, 2006). It impacts defensive operations at the tactical level through the provision of the ability to recognize and oppose to actions of the adversary (Tadda, n.d.). Endsley (1995) desc ribes SA as the view of the fundamentals in the surroundings within a degree of time and space, the understanding of their connotation, and the protuberance of their status in the turn up future. SA integrates the surroundings, goal, organization, existing substantial and human possessions, and other actors in the environment (Pew, 2000). Situation awareness provides a decision making model that can be disquieted into three components. The first one entails being aware of the current environment (Endlay and Garland, 2000). It is followed by the other component of determining the importance of certain incidents in the cyber creative activity domain. The last component entail being able to tie the alertness to opportune and apt responses (Cumiford, 2006). In the SA model, cyber situation awareness dodging is responsible for bear upon of the incoming data the purpose is to try and repel any attacks from the external source (Tadda, n.d.). In order to do so, a cyber SA system must feed such tools as intrusion detection systems, firewall logs, system logs, network flow and connection data (Tadda, n.d.). Models within a cyber SA system combine to enable the cyber SA system to capture and reason about past, current, and future states of the system operations and possible threats. The system is able to build new models or modify existing ones establish on a combination of new and old information. This is made possible through positive relations of all models within the cyber domain, as well seek in the field (Hettinger and McKeely, 2011). The Cyber SA updates these models based on the input from the external environment, self status and planning and reasoning outputs. This decision making model is pegged on the pursual capabilities recognition of particular situations, determination of the significance of particular situations, reactive and proactive capabilities, ability to handle uncertainty and incompleteness, and ability to break goals into constituent part s (Cumiford, 2006). To project the cyber SA decision making model perform better, four additional capabilities are required. Temporal reasoning is required as situations occur in time, including the modal logic. 2.3 CND and incident response and its role in SA Computer network defense is a system aimed at protecting information systems against attacks. A classic CND is comprised of multiple recessional intrusion detection tools, each of which carries out network data analysis and produce a unique alerting output (Beaver, et al, n.d.). Passive defense involves such tools as password protection, data encryption, and firewalls. However, these tools suffer from limitations in that hackers are