Cyber Defense Situational awareness Research Paper

Cyber abnegation Situational certainness - Research Paper ExampleThe chapter further outlines the topical issue through sub-topics such as OODA loop, PDAR and J2 intelligence cycle, Cycle and CND and accompanying response. Other sub-topics include the role of Digital Forensic in Cyber C2 for website awareness, how models relate in situation awareness, issues with cyber demur in situation awareness and why active defense is required. The chapter provides a presentation on how active defense enhance organization intelligence cycle. It ends with a compendium of the main points in the literature review.2.2 Defining Cyber Security and Situation Awareness.Situation awareness is defined as the capacity to swiftly and efficiently address arriving stimuli with appropriate responses (Cumiford, 2006). It impacts defensive operations at the tactical take through the provision of the ability to recognize and respond to actions of the adversary (Tadda, n.d.). Endsley (1995) describes SA as the view of the fundamentals in the surroundings at heart a degree of time and space, the understanding of their connotation, and the protuberance of their status in the conterminous future. SA integrates the surroundings, goal, organization, existing substantial and human possessions, and other actors in the environment (Pew, 2000). Situation awareness provides a closing making model that can be broken into three components. The first one entails being aware of the current environment (Endlay and Garland, 2000). It is followed by the other component of determining the importance of certain incidents in the cyber foundation domain. The last component entail being able to tie the alertness to opportune and apt responses (Cumiford, 2006). In the SA model, cyber situation awareness dust is responsible for processing of the incoming data the purpose is to try and repulse any attacks from the external source (Tadda, n.d.). In order to do so, a cyber SA system must wealthy person such tools as intrusion detection systems, firewall logs, system logs, intercommunicate flow and connection data (Tadda, n.d.). Models within a cyber SA system combine to enable the cyber SA system to capture and reason about past, current, and future states of the system operations and possible threats. The system is able to build new models or modify existing ones found on a combination of new and old information. This is made possible through positive traffic of all models within the cyber domain, as well research in the field (Hettinger and McKeely, 2011). The Cyber SA updates these models based on the insert from the external environment, self status and planning and reasoning outputs. This decision making model is pegged on the adjacent capabilities recognition of particular situations, determination of the significance of particular situations, reactive and proactive capabilities, ability to handle unbelief and incompleteness, and ability to break goals into constituent parts (Cumiford, 2006). To make the cyber SA decision making model perform better, quatern additional capabilities are required. Temporal reasoning is required as situations occur in time, including the modal logic. 2.3 CND and incident response and its role in SA Computer network defense is a system aimed at protect information systems against attacks. A classic CND is comprised of multiple niche intrusion detection tools, each of which carries out network data analysis and produce a unique alerting output (Beaver, et al, n.d.). Passive defense involves such tools as password protection, data encryption, and firewalls. However, these tools suffer from limitations in that hackers are