Research in the field of information systems is executed in an environment dominated by people from multidisciplinary environments. Contribution of people from fields such as business administration, psychology, and information science among others plays an active role in the design, implementation of designs, and utilisation of information system designs and technologies in an organisation. Thus, theoretical paradigms that have fostered developments of these disciplines cannot be negated in the application of the developments of design science in the derivation of theoretical models to effect cyber SA. Some of these paradigms include epistemological research on the contribution of positivism and interpretivism in design science. Positivism emphasises the relationship and effects of the relationships through factual evidence. Interpretivism looks for motives of engagement in particular behaviours.
Whenever a research is conducted to establish facts about a situation, each research is conducted based on a specific research philosophy that the given researcher wishes to use as a guide to the conclusion of the research undertaking. The research needs to have a strategy that will employ certain instruments to achieve the goal, a research objective, or objectives as a means of finding solutions to a problem and the research question. This chapter is meant to achieve the following purpose:
- To discuss my chosen research philosophy concerning other research philosophies that are used
- To further expand our research strategies together with the methodologies that have been applied
- The discuss the key elements and variables that affect cyber situational awareness
- To build a theoretical model for offensive (active) cyber situational awareness
- To evaluate and validate the theory
A research philosophy can be described as the belief that informs the researcher on the way to collect data on a given phenomenon showing how the same data should be analysed and used. Various philosophies in research are based on two terms that drive the purpose of a research. The terms are epistemology and doxology. On one hand, epistemology can be described as something that has been confirmed to be true, while doxology stands for what is believed to be true. The purpose of research science then is to transform Doxa (something believed to be true) into epistemology (something that has been confirmed to be true). The western tradition of science has identified positivist, interpretivist, and design science as the three major research philosophies. While the positivist paradigm is sometimes referred to as scientific or systematic philosophy, interpretivist paradigm is also termed as anti positivist philosophy.
Positivists believe that it is only possible to observe and describe reality from an objective point of view due to its stability aspect without disturbing the phenomenon being researched on. In this case, the phenomenon should be isolated while the observation made should be recurrent in subsequent tests. Predictions under positivism can be anchored on previously made findings that have been explained as well as their inter relationships. Knowledge claims in society that are not anchored on positivism are usually dismissed as scientific and thus viewed as not being valid. This argument is wholly due to positivism’s rich tradition that has a long history in society. In particular, positivism’s association with physical sciences has been great. The suitability for application of the positivist approach to social sciences is still a matter of debate with many authors recommending a pluralistic approach with regards to IS research methodologies. Although this is not the debate now, it is imperative to recognise that this fact is important to this study since information system is an interaction between people and technology. Thus, it therefore becomes more of a social science than a physical science. Challenges so far faced during information science (IS) research and which include inconsistency of results point to the inadequacy of the positivist paradigm in its use for IS research. Stemming from this argument, Economic Impact Update (2008) maintains that the shortcomings of the current cyber security makes computer network defence suffer from attaining the purposes for which it was established to do. Such purposes entail ensuring that organisations’ information systems are secure and in a continuous state of operations in a reliable and effective way (Economic Impact Update (2008, para.9). To achieve this goal, it is critical that proactive strategies are deployed to facilitate detections, protection, and control, analysing, monitoring, and responding to cyber attacks, network disruptions and intrusions among other perceived actions that are not authorised by network administrators. Such authenticated activities have probabilities of impacting or even compromising systems of information and network defence (Borchgrave et al. 2000, p.56: Cordesman 2002, p.12: Erbschloe 2001, p. 83). The current positivism approaches for SA in the protection of network systems of an organisation against malicious attacks are dependent on the need to foster self-defence against potential cyber threats. However, a major disadvantage is encountered since little literature exists addressing these concerns (Jajodia et al., 2010, p.159: McCumber 2004, p 123).
The philosophy of interpretivism postulates that only through subjective interpretation of reality, and only through reality, can reality be fully comprehended. The interpretivism philosophy is anchored in the study of phenomena as it is found in its natural setting with the acceptance that scientists cannot avoid disturbing those phenomena they are studying. They concur that, although there are many interpretations of reality, these realities remain a part of the scientific knowledge they are pursuing. Interpretivisim has its followers the same way as positivism. They advocate for garnering adequate evidence on motivators of human behaviour qualitatively as the basis of making decision. One of the fundamental requirements of interpretivism is a clear definition of issues that design science seeks to resolve. In fact, the major limitation of interpretivism is the inability of many designers to define issues correctly and clearly. From the contexts of interpretivism, understanding a design problem is critical and a determinant of how effective a strategy deployed to resolve a problem would appear. Central to the concerns of interpretivism is the need to establish the motivators of human behaviour. In the contexts of using the interpretivism approach to derive theoretical models for cyber SA, Recognition, comprehension and projection of human behaviours is critical. Recognition implies creating situational awareness of the persisting network threat situations. Comprehension relates to developing an incredible understanding of various malicious behaviours of people, which may pose threats to an organisation’s network systems hence deterring information flow process of the organisation in question (Tadda et al. 2006, p.625). Projection emphasises the need to assess the future anticipated threats in cyber space coupled with the possible future mechanisms of responding to the threats. These arguments imply that designing a theoretical model for SA, which would be successful in helping to curtail incidences of cyber attacks, permanently calls for the operation of human decision makers (Lute & McConnell 2011, p.1: Sideman 2011, p.6). While reading the attackers’ domains and analysis of functionalities of malwares utilised by enemies to track the login details and other network accessibility confidential information of an organisation’s network systems, decisions for counter-attacking are largely dependent on the effectiveness of the analysis of the threats by human network operators. Jajodia et al. (2010) argues out that the capacity of corporate to enhance network protection from cyber attacks and malware through deployment of algorithms and myriads of available cyber tools is dependent on employment of human intervention interfaces in helping to make the overall decision that sets the necessary course of action at a distant goal (p.157).
Hence, the role played by human operators of the network systems in fostering cyber security of network systems is both indispensable and vital (Gonzalez et al. 2011, p.51: Johnson-Laird 2006, p.11). Cyber-situational analysis is a function of the network analyst’s memory of cyber insecurity situations (Jajodia et al. 2010, p.159) and risk tolerance capacity developed by an analyst (McCumber 2004, p.123). Approaching SA from this interpretivism dimension poses an enormous threat (and hence a limitation to the approach) to organisational goals encompassing the need of remaining risks and threats resilient in the future since experience is only developed upon exposure. Application of SA in cyber security can be benchmarked with military and air traffic control. Indeed, the application of SA in air traffic control has been revolutionary. Comparatively, the effectiveness of SA application in a military operation is critical since military operations are comparable to computer network defence in terms of eminent threats that are posed by the enemies. However, while application of SA in military operations has been largely researched on, research on application of SA in computer network defence is still at its embryonic phase (Ou, Boyer & McQueen 2006, p.336). Deployment of SA in military applications gives rise to enhanced operations of the military in the context of identification of threats that are susceptible to a nation coupled with the different alternative ways through which the threats can be mitigated. However, it is crucial for the strategies used to mitigate the threats, which are informed by SA not to create a room for occurrence of similar attacks (Salerno, Hinman, & Boulware 2005, p.54). Applying a similar concept in the field of cyber security, any attempt to block the enemy would result to making the enemy attempt to develop an alternative way of attacking without being blocked. Arguably, focusing on blocking the enemy as the main approach of enhancing security of an organisation’s information and network systems does not resolve the problems of cyber threats because organisations prevent attacks in the short-run without gaining ample information on the intents and missions of the enemy.
Design science as a research philosophy is a set of analytical techniques that are used in conducting research in the fields of information systems as well as computing. It involves the analysis of how equipment is designed for performing functions in terms of information systems. The term design means to come up with a structure of something that is meant to perform a particular function. It is to discover something. For one to understand design better at an intellectual point of view, one needs to view it from two platforms that are natural science and artificial science. Natural science describes the behaviour of objects and their interaction with one another while artificial science is involved with knowledge that deals with artificial objects. Due to the ever-changing nature of software development, design science research has been viewed as an interactive approach that is best suited for this field. It would require one to move a step back or moving a step forward. To come up with something new or improved, one needs to go back to the previous step as part of the build up process. Design Science Research can be broken down into five stages: awareness of the problem, suggestion, development, evaluation, and conclusion.
Awareness of the problem is informed by multiple sources that bring to the attention of the researcher the need being looked into. It can be feedback from the field or new developments in the industry. This awareness will therefore lead to either the preparation of a proposal or simply a research undertaking. At the suggestion stage, the tentative design of the proposal is made. Development stage is the stage for the development of the provisional design, which is referred to as the artefact. It is commonly referred to as the stage of provisional implementation of the design. Once the artefact has been provisionally designed, it is evaluated in the evaluation stage to be found out if it meets the needs as set out in the awareness of the problem stage. Evaluation can take both an implicit and explicit approach in the proposal. Conclusion stage is usually the final bit of the research. If the results are positive enough though with minimal deviations, the result is considered successful. From here, the information gathered is written down. The facts found out are now considered firm facts that can be onwardly applied in studies. Any information collected that might need more explanation due to its inconsistencies can become a matter for further research. Design science research therefore comes up as the best methodology for development of information systems because of its systematic approach in tackling problems.
Design science in cyber situational awareness is the empiricism of creating risks aware information system devises that are because it relies on the capacity to simulate risk, risk tolerance, and memorisation of the experiences that were developed through analyses of the attack mechanisms following an ardent exposure to cyber threat (Dutt et al. 2010, p.10). Design science is good since its effectiveness in enhancing future mitigation of simulated risks of attacks depends on the capacity of a network analyst in making subtle decisions to respond to risks in the appropriate time and in the right way. Research finding on JDM (judgment and decision making processes) makes design science limiting in mitigation of future network attacks risks. According to these findings, people’s experiences in various environmental events incredibly shape the manner in which people make choices (Dutt et al. 2010, p.10: Granville, 2003). The tasks of computer network defence are executed by collective and collaborative efforts of an organisation’s personnel predominantly charged with monitoring, defence system maintenance and management, operation, and maintenance of network infrastructure (p.104).
Applying the epistemologies of design science in cyber SA is problematic and hence a limitation of design science since research in the field of cyber security does not only fail to contend on common utilisation of terminologies. It also differs on how and what is meant to be achieved by measures to enhance cyber security (Research Councils UK 2011, p. 2). Research Councils UK (2011) further suggests that cyber security research can be defined as “any research that seeks ultimately to make electronic systems and activities they support less likely to suffer harm and disruption because of deliberate attacks” (p. 2). This step would entangle both active and defensive measures to enhance security of network systems of an organisation. Problems of cyber threats are critical since the modern world is dependent on information flow through interconnected computer and network systems (Albanese, et al 2011). According to Yang (2002), internet has altered the way business is conducted in the modern revolutionary world since people are being served through virtue systems (p.45). Many organisations have endeavoured to hike their productivity coupled with enhancing their customers’ satisfaction via embracement of internet-based technology (Rao et al. 2004). In this sense, distributed computing emerges as a magical key for facilitation of business in the global market (Nagappan, Skoczylas & Sriganesh 2003). In the process, business organisations must interact with other organisations through their network systems. Nandigam, Gudivada, and Kalavala (2005) insist that, during such interactions, an organisation’s information systems are opened to attacks from malicious people who would have the intention to disrupt information flow process, steal the information, or even damage the information (p. 55). This argument perhaps explains the relationship between cyber SA and the problems of cyber threats and hence why SA is crucial in the modern era of internet-based communication processes between organisations as both positivism and interpretivism would advocate.
Design science encompasses myriads of processes of perception of possible elements in an environment that may open threats to network systems of an organisation. It also entangles creation of an understanding of the elements through intensive analysis while not disregarding future projections of impacts of such threats (Endsley 2004, p.33: Gonzalez et al. 2003, p.593). This argument implies that, in CND approaches, SA essentially focuses on assessing various situations in the complex and dynamic computer network environment to make precise forecasts that enable operators to estimate the repercussions of attacks. Precisely, SA is essential in the process of identification of network threats and conducting an evaluation of risks as central foundations of arriving at the most subtle decisions to proactively protect the most valued assets of an organisation- information systems, in a concise manner (Gonzalez & Dutt 2010, p.412: Busemeyer & Diederich 2009, p.103: Schneier 2008, p.71 ). Given these central areas of concern of SA in network defence systems, it is likely that SA can produce immense benefits in enhancing security of networks owing to the success of SA in other fields such as safety controls, military operations, and flight operations.
Discussion and Rationale for choice of Approach
Research traditions of positivist, design science, and anti positivist have a long history that can be traced back to some of the greatest Greek philosophers. On one hand, there is Aristotle and Plato who were considered to be positivists. On the other hand, there is sophist who was considered an antipositivist. The renaissance of this discipline occurred in the 16th and 17th century after a long period of inactivity. This case thereafter saw the coming up of other positivists like Durheim, Russell, Descartes, Mill, Bacon and popper. On the opposite side, there is Freud, Marx, Kuhn, Hegel, and Kant. Interpretive research used to be the dominant mode in areas of organisation science and information systems research until the late 1970s before positivism took over the stage with statistics indicating that 98% of research in IS in the United States of America uses this mode. Only 4% of 122 journals consulted indicated the use of interpretivist mode. The conclusion is that there is no single research methodology that should be viewed as to being superior to the other. All the three methodologies have their own merits and demerits. It has therefore been recommended that a way should be found of merging the three methodologies to come up with one. Some institutions have come up with a combination of the three methodologies for their own in-house use. This research avoids the use of a single methodology called methodological Monism, which is the insistence of the use of a single methodology. The combination of the three methods should not be viewed as an inability to gauge their merits or demerits but simply because all methods are good enough because their strong point supplements each other’s weakness. The appropriate application of these methods is what should be valuable to the researcher because all the methods are valuable. One concern that has been put into consideration is that the chosen research should be relevant to the research question at hand. Thus, our belief is that the positivism and design science philosophies should be applied for this purpose because they involve the need to understand how groups as well as their adaptation in their use concerning the Group Support Systems can adopt information systems. The research at hand involves some bits of technology transfer. Due to lack of impartiality linked with interpretivist study technique, the positivist and design science methods will be used for a quantitative strategy in the establishment of the study mechanism.
Design science and positivism in this case are the best models that can be applied due to the nature of research being conducted. The nature of research, which in this case is action research, applies a theory on the ground while at the same time making observations. The introduction of active offensive mechanisms in a work environment requires positivism for the researcher to come out with feedback. Positivism involves dealing with the subject in its natural setting while design science involves testing of software. Positivism advocates for offensive hacking of the enemy network systems once an organisation is beyond any reasonable doubt convinced that a given online activity amounted to a cyber attack. The approach for determination of assurance is discussed in the above section. In the sphere of the cyberspace security, two main groups of people open threats to organisations’ network systems. They are crackers and hackers. “Hackers have an immense interest in computers, and networks and actually enjoy the game of discovering vulnerabilities and loop holes in systems” (Mattord 2008, p.41). Before hacking is conducted, positivism would require the developer of security systems to determine the sources of motivation for conducting the attacks since the best design would be the one that would impair the motivations. The hackers’ main motivation may be driven by the desire to expose private information of an organisation to the public without the intention to damage the data. Comparatively, crackers’ intentions are principally criminal. They may aim at stealing credit card numbers and passwords. The motivation for hacking is inspired by various things ranging from revenge to curiosity. In the context of seeking to realise individual and group curiosity, Mattord (2008) reckons, “attacking and outsmarting large corporation can create a huge ego boost” (p.53). On the other hand, hacking for revenge is growing trend in cyber security for organisations. In case the attacks are engineered by organisations, accessing FAX information, Email addresses, and phone numbers is a major millstone in providing a means for accessing the log in details into the target domain (Li, Ou & Rajagopalan 2009, Para. 5). Effective profiling will also require the knowledge of attackers’ IP addresses and versions of target operating systems and or web servers. Interaction with the attackers can also help in fostering mechanisms of identification of improperly configured DNS. This step is credible in helping to identify the IP addresses of the attackers.
Since from the context of positivism, adequate information is required as the basis for making decision, in effecting offensive hacking, it is vital to garner information about the attacker through scanning. This move is important “to create a list of networks devices active on the network” (Thomas 2010, p.90). In this end, several strategies can be employed. One of them is to use PING sweeps in aiding to identify active systems in the networks that pose a threat to other organisations’ networks. It is crucial to note that scanners such as NAI cybercorp, web trends security analysers, and ISS internet scanners among other commercially available scanners are used to execute legitimate scanning procedures (Granville 2003, p.105). However, they can also be used in scanning the identified and deceived enemy networks. In addition to open source scanning tools such as nessus, all these scanners can incredibly aid in revealing the enemy’s applications of the operating systems coupled with likely loopholes, which an organisation can utilise to deny the enemies’ service, expose out, and or even corrupt their systems. Concerning Moore’s words, “identifying and accessing various resources of network system can allow a way into confidential documents or even databases” (2005, p.258). Therefore, enumeration process demands active interaction with the enemy server through maintained connections with sources of attacks. Since it is undesirable for an organisation to expose its genuine information to risk, deceptive server and deceptive databases become necessary to execute the enumeration process. Other mechanisms of enumerating the attacker may embrace approaches such as establishing active connection of FTP and or web applications of the enemy via the deceptive server. Upon accomplishing this step, with the help of password grinders, which deploy common password dictionaries, guessable passwords can be used to access the attackers’ accounts. Indeed, “applications such as SNMP- simple network management protocol- may help in leaking public community strings, which can be used for the system and version identification” (Tim & Taylor 2004, p.134).
The strategy deployed in this paper applies either of the methodologies depending on the researcher’s taste or nature of the research, the data collected, and the techniques that would be used for analysis. An observer researcher is best placed to capture better details of reality as it allows more variables to be analysed than is usually possible in experimental and survey research. The restriction of case studies to a single organisation makes it a weak methodology because it is never easy to find a replica case with almost the same data that can be analysed statistically. It is further subject to bias because different researchers interpret the same data differently. Action research is a kind of research that involves the researcher in some form of activity with the research subjects who benefit from the research while at the same time the researcher collects data that is important for constructing theoretical knowledge. The researcher in this case intervenes directly to the problem affecting the given group while at the same time building knowledge on the same subject thus adding to what has previously been recorded. It shares similarities with case study in such a way that it is restricted to a single research area. Thus, it needs strict ethical discipline in a researcher to use it without personal bias.
Case study Research
Many articles have been written about the case study research. Three reasons for validating a case study as a mode of research include its ability to allow phenomenon to be studied in its natural form, which is important to the research. It allows the researcher to ask questions like how and what in pursuit of the exact information on how things happen in the given process. In addition, research in this case happens in situations with no research taking or having taken place. However, a number of factors should guide one in the choosing of methodology. Therefore, one should find out if the case is in its natural settings and that contemporary events guide the phenomenon. Secondly, he or she needs to find out if the case has some theoretical base. Moreover, the need for the research should take precedence to methodology. The site of the case study should be carefully chosen and should not be opportunistic. More cases should be viewed so that it is not instructive when one case only is used.
Action research has been a distinctive form of research since the 1940s. It is viewed as a kind of research that is meant to bring change whenever it is applied especially with the view to positive social change. It is further defined as a problem solving research. It is intended on solving practically solve the problems of society while at the same time aiming at solving the problems of social science in an acceptable way. Some researchers view action research as part of case study research while others view it as an independent mode of studying that should be viewed on its own. Action research should be conducted with the view of providing much more solutions than the ones intended in the specific research. It happens in four stages: planning, execution, observation, and then reflection. The need to align with action-based research is based on the need to explore new areas, which in this case is the use of active offensive mechanisms.
Theoretical model for Cyber SA
In the development of theoretical models for cyber SA, it was considered that it is possible to gain information about the real world (positivism approach to design science). It is thus important to consider how information systems are designed. For the case of cyber SA, such systems need to be informed by learned experiences about cyber threats. In this due process, both qualitative and quantitative data is necessary to help in the design of security systems (active defence mechanisms). In this sense, design science is essential particularly when it is informed by positivism and interpretivism epistemologies. Inclined to positivism approaches in design science, Hevner and Ram (2004) assert, active defence systems “are implemented within an organisation for the purpose of improving the effectiveness and efficiency of that organisation” (p.75). A model for cyber SA should then serve to hike an organisation’s efficiency and effectiveness to curtail incidences of cyber attacks. Hevner and Ram (2004) also prescribe two approaches to the modelling of interventions for information systems. They are building and evaluations (Hevner and Ram 2004, p.78). Building entails the development of various models that can solve certain problems encountered by information systems. The aspect of evaluation cuts across the feasibility of the models in resolution of the problems that the built models’ endeavour to resolve. In this extent, positivism approaches in design of active defence systems are crucial in the sense that a model for cyber SA needs to yield real results: incapacitate the enemy from attacking an organisation’s network systems.
In this section, a model for countering cyber attacks through offensive hacking is proposed. The model is aligned with positivism lines of thought since it endeavours to incapacitate the ability of the attackers to interfere with the functioning of an organisation’s systems. According to The White House (2006), cyber environment “ involves circumstances in which one or more adversaries attempt to change the outcome of a mission by denying, degrading, disrupting, or destroying cyber capabilities, or by altering the usage, product, or confidence in that capabilities” (p.11). These situations model the areas that cyber SA should focus on besides also deriving mechanisms of countering them. Using the approach of offensive hacking to counter cyber attacks amounts to a business strategy aimed at developing resilience to cyber attacks while the information technology strategy to effect the business strategy is offensive hacking. Hacking of an organisation’s information and network systems is an international offense. Hence utilising the approach to enhance cyber security needs to be conducted within the legal provisions. This consideration makes the model aligned with the concerns of interpretivism, which maintain that human actions need to be evaluated based on their moral, ethical, and legal limitations and provisions. The implication here is that offensive hacking should be used whenever there is sufficient evidence that a given person, groups of persons, and or organisations have the ability or have attempted to impair normal operation of another organisation’s network and information systems. These concerns underline the importance of theorising an effective cyber SA before offensive hacking can be deployed as an active response mechanism.
Experimental Design of Evaluating the Effectiveness of an Active Defence in Enhancing Cyber SA
The proposed model for cyber SA is composed of recognition, followed by judgment, choice of a variety of alternatives, execution of the chosen alternative, and finally the feedback. Important to note is that these phases underline the functions of human decision makers in effecting cyber security, and are a representation of an entire learning cycles in the contextualisation and comprehension of cyber treats. The phase of recognition coupled with judgment are central to the comprehension stage in effecting SA as discussed in Endsley’s (1995) model for situational analysis. In this theoretical model SA, decisions are computed based on the various memory mechanisms including recency and frequency of occurrence of cyber threats.
Validation of the model
In the attempt to validate offensive hacking as practical models for enhancing cyber SA, it is important to determine what people who would be impacted by such actions think about the appropriateness of offensive hacking as an effective cyber SA model. This goal can be accomplished through administration of questionnaires to different organisations seeking to determine their take on the issue of offensive hacking. Given the negative experiences of people and various organisations accruing from malicious hacking of their systems, it is arguable that offensive hacking is open to scrutiny on the grounds of ethical and moral considerations of executing it. No single organisation would want its systems to be hacked on mere basis of suspicion of engagement in malicious online activities. However, when adequate qualitative and quantitative evidence exist on a given organisation’s engagement in malicious online activities, offensive hacking seems the only active strategy for designing systems of network defence. The effectiveness of this strategy may be well considered by considering the effectiveness of the current models for enhancing cyber SA.
The effectiveness of the current strategies for enhancing and protecting an organisation’s information and network systems from attacks validates the approach. For instance, in the effort to enhance the security of network systems, firewall system match its rules with the incoming traffic. Firewalls possess only the capacity to detect potentially risky situations involving malicious malwares at they get into an organisation’s system as opposed to after entering a net work system (Mattord 2008, p.290). Hence, the overall intent of developing firewalls is to block the potentially dangerous traffic from getting into the system. IDS (intrusion detection system) are largely passive. IDS watch data packets going through the system without blocking them. Much like firewalls, IDSs have numerous rules with which they match the data packets for attacks. When potential attacks are detected, the IDSs raise an alarm to the administrator (Amoroso 2007, p.45). Again, no means of responding to attacks is effected by the IDS. Lastly, for the case of IPS, intrusion prevention system (IPS) possesses all essential features of IDS. However, it is different from IDS in the sense that it can burr malicious traffic and malware from attacking an organisation. IPS operates by waiting in-line in the traffic flow into a network for possible attacks where it shuts off all attempted attacks flowing through the network wire. Additionally, IPS has the ability to terminate connections in the network by blocking the target access from the account of the user, IP addresses, or any other network association with attackers (Anderson, 2002, p.114). Similar to the other two approaches (firewall and IDS), IPS does not give an organisation an opportunity to study the behaviours of the attackers coupled with derivation of a mechanism of counter attack. They are thus passive mechanisms of enhancing cyber security. Consequently, offensive hacking following successful cyber SA serves as an active strategy for enhancing cyber security.
Albanese, M, Jajodia, S, Pugliese, A, & Subrahmanian, S 2011, Scalable analysis of attack scenarios, In Proceedings of the 16th European Conference on Research in Computer Security, Springer-Verlag Berlin, Leuven, Belgium.
Amoroso, E 2007, Intrusion Detection: An Introduction to Internet Surveillance, Correlation, Trace Back, Traps, and Response, Intrusion.Net Books, New Jersey.
Anderson, P 2002, Computer Security Threat Monitoring and Surveillance, Anderson Co., New Jersey.
Borchgrave, A et al. 2000, Cyber Threats and Information Security: Meeting the 21st Century Challenge, Washington, D.C. The Centre for Strategic and International Studies (CSIS), New York.
Busemeyer, R & Diederich, A 2009, Cognitive modeling, Sage, New York, NY.
Economic Impact Update 2008, Computer Economics Malicious Code Attack: On- line. Internet, Web.
Cordesman, A 2002, Cyber-Threats, Information Warfare, and Critical Infrastructure, Patience Hall, New Jersey.
Dutt, V, Cassenti, N, & Gonzalez, C 2010, Modelling a robotics operator manager in a tactical battlefield, In Proceedings of the IEEE Conference on Cognitive Methods in Situation Awareness and Decision Support, Miami, Miami Beach, FL.
Endsley, M 1995, ‘Toward a theory of situation awareness in dynamic systems’, Human Factors Journal, vol.37 no.1, pp. 32–64.
Endsley, M 2004, Situation awareness: Progress and directions, In Banbury, S., & Tremblay, A cognitive approach to situation awareness: Theory, measurement and application, Ashgate Publishing, Aldershot, UK.
Erbschloe, M 2001, Information Warfare: How to Survive Cyber Attacks, Osborne/McGraw-Hill, New York City.
Gonzalez, C & Dutt, V 2010, ‘Instance-based learning: Integrating decisions from experience in sampling and repeated choice paradigms’, Psychological Review, vol. 118 no.4, pp. 412- 417.
Gonzalez, C, Dutt, V, & Lejarraja, T 2011, How did an IBL model become the runners-up in the market entry competition?, Springer, New York.
Gonzalez, C, Lerch, F, & Lebiere, C 2003, ‘Instance-based learning in dynamic decision making’, Cognitive Science, vol.27 no.4, pp. 591–635.
Granville, J 2003, ‘Dot con: the dangers of cyber crime and a cal fro proactive solutions’, Australian Journal of Politics and History, vol. 49, no. 1, pp. 102–109.
Hertwig, R, Barron, G, Weber, U, & Erev, I 2004, ‘Decisions from experience and the effect of rare events in risky choice’, Psychological Science, vol. 15 no.8, pp. 534–539.
Hevner, A & Ram, S 2004, ‘Design science in information systems research’, MIS Quarterly, vol. 28 no. 1, pp. 75-105.
Jajodia, S, Liu, P, Swarup, V, & Wang, C 2010, Cyber situational awareness, NY, Springer, New York.
Johnson-Laird, P 2006, How we reason, Oxford University Press, London, UK.
Li, J, Ou, X, & Rajagopalan, R 2009, Uncertainty and risk management in cyber situational awareness, Web.
Lute, H & McConnell, B 2011, A civil perspective on cyber security, Web.
Mattord, V 2008, Principles of Information Security, Oxford: Oxford University Press, Course Technology.
McCumber, J 2004, Assessing and managing security risk in IT systems: A structured methodology, Auerbach Publications, Boca Raton, FL.
Moore, R 2005, Cybercrime: Investigating High Technology Computer Crime, Bender & Company, New York.
Nagappan, R, Skoczylas, R, & Sriganesh, P 2003, Developing Java Web Services, Wiley Publishing, Inc., Indianapolis, Indiana.
Nandigam, J, Gudivada, N, & Kalavala, M 2005, ‘Semantic Web Services’, Journal of Computer information systems security, vol. 21 no.1, pp. 50-63.
Ou, X, Boyer, F, & McQueen, A 2006, A scalable approach to attack graph generation. In Proceedings of the 13th ACM Conference on Computer and Communications Security, Vancouver, British Columbia, Canada.
Rao, Y, Feng, B, Han, C, & Li, C 2004, ‘SX-RSRPM: a Security Integrated Model for Web Services’, Proceedings of the Third International Conference on Machine Learning and Cybernetics, Shanghai, China, 26-29 August 2004, pp. 2953-2958, Shankar, Ravi.
Research Councils UK 2011, An RCUK green paper for cyber security research, Research councils UK, London.
Salerno, J, Hinman, M, & Boulware, D 2005, A Situation Awareness Model Applied To Multiple Domains, Proc. Defense and Security Conference, Orlando, FL, London.
Schneier, B 2008, Secrets and Lies: Digital Security in a Networked World, Wiley Computer Publishing, New York City, NY.
Sideman, A 2011, Agencies must determine computer security teams in face of potential federal shutdown, Web.
Tadda, G, Salerno, J, Boulware, D, Hinman, M, & Gorton, S 2006, ‘Realising situation awareness within a cyber environment’, SPIE, vol. 62 no. 42, pp. 624-204.
The White House 2006, National Military Strategy for Cyberspace Operations, White House, New York.
Thomas, D 2010, Hacker Culture, University of Minnesota Press, Minnesota.
Yang, A 2002, ‘Web Services Security’, EAI Journal, vol.3 no. 1, pp. 19-23.