Decision Support System for Situational Awareness of Cybersecurity Operations Centre

Abstract

The increasing number of cybersecurity threats and incidents, with the dependence on cyberspace to conduct most of the operations contributed to the need of efficient Cybersecurity Operation Centres (SOCs) to secure the operations of critical infrastructures. However, most of SOCs are facing challenges hindering the cybersecurity operators from achieving cyber situational awareness (CSA) and making an appropriate decision. Therefore, recommending a Decision Support System (DSS) for CSA of SOCs was necessary to speed up decision-making processes in the first place, enhance cyber resilience, reduce threats and vulnerabilities, share information and forecast the extent to which an organisation may suffer a cybersecurity incident in the near future. In addition, we proposed a OOPDA model that supports the concept of achieving CSA must be a continuous (loop) process as well as CSA and decision-making are not separate processes but are strictly connected. To further strengthen the proposed model, various components and tools that would help achieve and maintain CSA have been provided, defined, and classified based on the proposed model (OOPDA).