CRUSOE: A Toolset for Cyber Situational Awareness and Decision Support in Incident Handling
The result's identifiers
Result code in IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14610%2F22%3A00125183" target="_blank" >RIV/00216224:14610/22:00125183 - isvavai.cz</a>
Result on the web
<a href="https://www.sciencedirect.com/science/article/pii/S0167404822000086" target="_blank" >https://www.sciencedirect.com/science/article/pii/S0167404822000086</a>
DOI - Digital Object Identifier
<a href="http://dx.doi.org/10.1016/j.cose.2022.102609" target="_blank" >10.1016/j.cose.2022.102609</a>
Alternative languages
Result language
angličtina
Original language name
CRUSOE: A Toolset for Cyber Situational Awareness and Decision Support in Incident Handling
Original language description
The growing size and complexity of today’s computer network make it hard to achieve and maintain so-called cyber situational awareness, i.e., the ability to perceive and comprehend the cyber environment and be able to project the situation in the near future. Namely, the personnel of cybersecurity incident response teams or security operation centers should be aware of the security situation in the network to effectively prevent or mitigate cyber attacks and avoid mistakes in the process. In this paper, we present a toolset for achieving cyber situational awareness in a large and heterogeneous environment. Our goal is to support cybersecurity teams in iterating through the OODA loop (Observe, Orient, Decide, Act). We designed tools to help the operator make informed decisions in incident handling and response for each phase of the cycle. The Observe phase builds on common tools for active and passive network monitoring and vulnerability assessment. In the Orient phase, the data on the network are structured and presented in a comprehensible and visually appealing manner. The Decide phase opens opportunities for decision-support systems, in our case, a recommender system that suggests the most resilient configuration of the critical infrastructure. Finally, the Act phase is supported by a service that orchestrates network security tools and allows for prompt mitigation actions. Finally, we present lessons learned from the deployment of the toolset in the campus network and the results of a user evaluation study.
Czech name
—
Czech description
—
Classification
Type
J<sub>imp</sub> - Article in a specialist periodical, which is included in the Web of Science database
CEP classification
—
OECD FORD branch
10200 - Computer and information sciences
Result continuities
Project
<a href="/en/project/EF16_019%2F0000822" target="_blank" >EF16_019/0000822: CyberSecurity, CyberCrime and Critical Information Infrastructures Center of Excellence</a><br>
Continuities
P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)
Others
Publication year
2022
Confidentiality
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Data specific for result type
Name of the periodical
Computers & Security
ISSN
0167-4048
e-ISSN
—
Volume of the periodical
115
Issue of the periodical within the volume
April
Country of publishing house
NL - THE KINGDOM OF THE NETHERLANDS
Number of pages
19
Pages from-to
1-19
UT code for WoS article
000754601100005
EID of the result in the Scopus database
2-s2.0-85123054280