Prog.PhD STI
Adm. – Grad.2018 –
Dir.; Codir.Stéphane Gagnon; Raul Valverde

Situational Awareness in Cybersecurity: An Empirical Software Engineering Study

Sidenko, Svetlana

Cybersecurity Situational Awareness (CyberSA) relates to the complex team-based tasks of «gathering information, perceiving and understanding the state of the world, and predicting states of the world forward in time.» (Gutzwiller et al., 2020). As per this recent study «research and our additional professional field observations in government, industry, and academia suggest that the utility of SA analysis and measurement has yet to be realized in cyberspace». Adopting an Empirical Software Engineering methodology, we propose to develop a measurement instrument allowing cybersecurity response centers to better recommend the course of action more rapidly in cyber emergency situations. We will use an existing cybersecurity ontology and develop semantic reasoning testing CyberSA capabilities in actual Cyber Incident Responses, Control, Containment, and Countermeasures (CIRC3) scenarios. The countermeasures recommended by the semantic reasoning queries will serve as an optimal gold standard, against which we can measure the degree of departure by the actual CIRC3 scenario actions by team members. Hence, CyberSA will be measured using the F1 measure and Matthews Correlation Coefficient (MCC) to evaluate the quality of our ontology inference capabilities. The results of this research could serve cybersecurity planning with more attention to how CyberSA impacts the quality of threat response.