{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,26]],"date-time":"2026-02-26T02:22:55Z","timestamp":1772072575487,"version":"3.50.1"},"reference-count":48,"publisher":"Springer Science and Business Media LLC","issue":"6","license":[{"start":{"date-parts":[[2022,9,14]],"date-time":"2022-09-14T00:00:00Z","timestamp":1663113600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2022,9,14]],"date-time":"2022-09-14T00:00:00Z","timestamp":1663113600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100004955","name":"\u00d6sterreichische Forschungsf\u00f6rderungsgesellschaft","doi-asserted-by":"publisher","award":["873425"],"award-info":[{"award-number":["873425"]}],"id":[{"id":"10.13039\/501100004955","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2022,12]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>Numerous cyber situational awareness models have been proposed in recent years. Yet, one of the main challenges still remains mostly unsolved, which is what information sources contribute to the process for establishing cyber situational awareness and how is relevant information collected. While previous scientific works focused on situational awareness models and decision support based on common operating pictures, ingesting and maintaining a consistent data basis for the cyber domain has rarely been studied in detail. However, this is crucial when data distributed across different systems need to be collected, vetted, correlated, de-duplicated, enriched and finally stored as a basis for flexible cyber security reporting. In this paper, we design an approach and a data model that enable to ingest and store the essential information from disparate organizational units and act as a basis for the flexible creation of cyber security reports. We describe the application of this approach and model in a case study together with the Austrian Ministry of Defense (MoD), in which we surveyed existing data sources and transfer paths and rated the applicability of the CCOP data model and accompanying processes in course of a proof-of-concept implementation.<\/jats:p>","DOI":"10.1007\/s10207-022-00613-7","type":"journal-article","created":{"date-parts":[[2022,9,14]],"date-time":"2022-09-14T07:02:45Z","timestamp":1663138965000},"page":"1323-1347","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["From scattered data to actionable knowledge: flexible cyber security reporting in the military domain"],"prefix":"10.1007","volume":"21","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1922-7892","authenticated-orcid":false,"given":"Florian","family":"Skopik","sequence":"first","affiliation":[]},{"given":"Arndt","family":"Bonitz","sequence":"additional","affiliation":[]},{"given":"Volker","family":"Grantz","sequence":"additional","affiliation":[]},{"given":"G\u00fcnter","family":"G\u00f6hler","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,9,14]]},"reference":[{"key":"613_CR1","doi-asserted-by":"crossref","unstructured":"Endsley, M.R.: Design and evaluation for situation awareness enhancement. In: Proceedings of the Human Factors Society annual meeting, vol.\u00a032, pp. 97\u2013101. Sage Publications Sage CA: Los Angeles, CA (1988)","DOI":"10.1177\/154193128803200221"},{"key":"613_CR2","doi-asserted-by":"crossref","unstructured":"Pahi, T., Leitner, M., Skopik, F.: Analysis and assessment of situational awareness models for national cyber security centers. In: International Conference on Information Systems Security and Privacy, vol.\u00a02, pp. 334\u2013345. SCITEPRESS (2017)","DOI":"10.5220\/0006149703340345"},{"key":"613_CR3","doi-asserted-by":"crossref","unstructured":"Varga, S., Brynielsson, J., Franke, U.: Information requirements for national level cyber situational awareness. In: 2018 IEEE\/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM), pp. 774\u2013781. IEEE (2018)","DOI":"10.1109\/ASONAM.2018.8508410"},{"key":"613_CR4","unstructured":"Conti, G., Nelson, J., Raymond, D.: Towards a cyber common operating picture. In: 2013 5th International Conference on Cyber Conflict (CYCON 2013), pp. 1\u201317. IEEE (2013)"},{"issue":"1","key":"613_CR5","doi-asserted-by":"publisher","first-page":"28","DOI":"10.1504\/IJEM.2014.061659","volume":"10","author":"E Danielsson","year":"2014","unstructured":"Danielsson, E., Alvinius, A., Larsson, G.: From common operating picture to situational awareness. Int. J. Emerg. Manag. 10(1), 28\u201347 (2014)","journal-title":"Int. J. Emerg. Manag."},{"key":"613_CR6","volume-title":"Situation awareness metrics program","author":"WL Hamilton","year":"1987","unstructured":"Hamilton, W.L.: Situation awareness metrics program. Tech. Rep., SAE Technical Paper (1987)"},{"key":"613_CR7","unstructured":"Harwood, K., Barnett, B., Wickens, C.D.: Situational awareness: A conceptual and methodological framework. In: Proceedings of the 11th Biennial Psychology in the Department of Defense Symposium, pp. 23\u20137. US Air Force Academy (1988)"},{"key":"613_CR8","unstructured":"Billings, C.E.: Situation awareness measurement and analysis: a commentary. In: Proceedings of the International Conference on Experimental Analysis and Measurement of Situation Awareness, vol.\u00a01. Daytona Beach, FL: Embry-Riddle Aeronautical University Press (1995)"},{"issue":"1","key":"613_CR9","doi-asserted-by":"publisher","first-page":"65","DOI":"10.1518\/001872095779049499","volume":"37","author":"MR Endsley","year":"1995","unstructured":"Endsley, M.R.: Measurement of situation awareness in dynamic systems. Human Factors 37(1), 65\u201384 (1995)","journal-title":"Human Factors"},{"issue":"1","key":"613_CR10","doi-asserted-by":"publisher","first-page":"55","DOI":"10.3390\/ai3010005","volume":"3","author":"A Munir","year":"2022","unstructured":"Munir, A., Aved, A., Blasch, E.: Situational awareness: techniques, challenges, and prospects. AI 3(1), 55\u201377 (2022). https:\/\/doi.org\/10.3390\/ai3010005","journal-title":"AI"},{"key":"613_CR11","unstructured":"Chiefs\u00a0of Staff, J.: JP 2-01.3 Joint intelligence preparation of the operational environment (2009)"},{"key":"613_CR12","unstructured":"Okolica, J., McDonald, J.T., Peterson, G.L., Mills, R.F., Haas, M.W.: Developing systems for cyber situational awareness. In: 2nd Cyberspace Research Workshop, vol.\u00a046 (2009)"},{"key":"613_CR13","doi-asserted-by":"crossref","unstructured":"Tadda, G.P., Salerno, J.S.: Overview of cyber situation awareness. In: Cyber situational awareness, pp. 15\u201335. Springer (2010)","DOI":"10.1007\/978-1-4419-0140-8_2"},{"key":"613_CR14","doi-asserted-by":"crossref","unstructured":"Brynielsson, J., Franke, U., Varga, S.: Cyber Situational awareness testing. In: Combatting cybercrime and cyberterrorism: challenges, trends and priorities, pp. 209\u2013233. Springer (2016)","DOI":"10.1007\/978-3-319-38930-1_12"},{"key":"613_CR15","doi-asserted-by":"publisher","unstructured":"Kom\u00e1rkov\u00e1, J., Hus\u00e1k, M., La\u0161tovi\u010dka, M., Tovar\u0148\u00e1k, D.: CRUSOE data model for cyber situational awareness. In: Proceedings of the 13th International Conference on Availability, Reliability and Security, ARES 2018. Association for Computing Machinery, New York, NY, USA (2018). https:\/\/doi.org\/10.1145\/3230833.3232798","DOI":"10.1145\/3230833.3232798"},{"key":"613_CR16","doi-asserted-by":"crossref","unstructured":"Hus\u00e1k, M., Jirs\u00edk, T., Yang, S.J.: SoK: contemporary issues and challenges to enable cyber situational awareness for network security. In: Proceedings of the 15th International Conference on Availability, Reliability and Security, pp. 1\u201310 (2020)","DOI":"10.1145\/3407023.3407062"},{"key":"613_CR17","doi-asserted-by":"crossref","unstructured":"Skopik, F., Ma, Z., Smith, P., Bleier, T.: Designing a cyber attack information system for national situational awareness. In: Future Security Research Conference, pp. 277\u2013288. Springer (2012)","DOI":"10.1007\/978-3-642-33161-9_42"},{"issue":"1","key":"613_CR18","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1186\/s42400-020-00048-4","volume":"3","author":"F Skopik","year":"2020","unstructured":"Skopik, F., Pahi, T.: Under false flag: using technical artifacts for cyber attack attribution. Cybersecurity 3(1), 1\u201320 (2020)","journal-title":"Cybersecurity"},{"key":"613_CR19","unstructured":"Maxwell Air\u00a0Force Base, A.: Three Levels of War; USAF College of Aerospace Doctrine, Research and Education (CADRE). In: Air and Space Power Mentoring Guide. Air University Press (1997)"},{"issue":"1","key":"613_CR20","doi-asserted-by":"publisher","first-page":"25","DOI":"10.1080\/15256480802557259","volume":"10","author":"RJ Harrington","year":"2009","unstructured":"Harrington, R.J., Ottenbacher, M.C.: Decision-making tactics and contextual features: strategic, tactical and operational implications. Int. J. Hosp. Tour. Adm. 10(1), 25\u201343 (2009). https:\/\/doi.org\/10.1080\/15256480802557259","journal-title":"Int. J. Hosp. Tour. Adm."},{"issue":"7","key":"613_CR21","first-page":"275","volume":"14","author":"C Ardil","year":"2021","unstructured":"Ardil, C.: A comparative analysis of multiple criteria decision making analysis methods for strategic, tactical, and operational decisions in military fighter aircraft selection. Int. J. Aeros. Mech. Eng. 14(7), 275\u2013288 (2021)","journal-title":"Int. J. Aeros. Mech. Eng."},{"issue":"3","key":"613_CR22","doi-asserted-by":"publisher","first-page":"71","DOI":"10.1080\/08874417.2009.11645326","volume":"49","author":"G White","year":"2009","unstructured":"White, G.: Strategic, tactical, & operational management security model. J. Comput. Inf. Syst. 49(3), 71\u201375 (2009). https:\/\/doi.org\/10.1080\/08874417.2009.11645326","journal-title":"J. Comput. Inf. Syst."},{"key":"613_CR23","unstructured":"OASIS: Open and cyber threat intelligence technical committee and others: Introduction to stix (2019)"},{"key":"613_CR24","unstructured":"Booth, H., Turner, C.: Vulnerability description ontology (vdo): a framework for characterizing vulnerabilities (2016)"},{"key":"613_CR25","unstructured":"Mell, P., Scarfone, K., Romanosky, S.: A complete guide to the common vulnerability scoring system version 2.0 (2007). https:\/\/tsapps.nist.gov\/publication\/get_pdf.cfm?pub_id=51198"},{"key":"613_CR26","unstructured":"Office of the DoD Chief\u00a0Information Officer: DoD instruction 8531.01: DoD vulnerability management (2020)"},{"key":"613_CR27","unstructured":"Stone, M., Irrechukwu, C., Perper, H., Wynne, D., Kauffman, L.: NIST special publication 1800-5: IT asset management"},{"key":"613_CR28","unstructured":"Schmitt, S., Kopriva, J., Lepik, T., et\u00a0al.: Reference incident classification taxonomy. (2018)"},{"key":"613_CR29","unstructured":"United States Department of the Army Headquarters: FM 2-22.3 Human Intelligence Collector Operations. https:\/\/armypubs.army.mil\/epubs\/DR_pubs\/DR_a\/pdf\/web\/fm2_22x3.pdf"},{"key":"613_CR30","doi-asserted-by":"crossref","unstructured":"Skopik, F.: Collaborative cyber threat intelligence: detecting and responding to advanced cyber attacks at the national level. CRC Press (2017)","DOI":"10.4324\/9781315397900"},{"key":"613_CR31","doi-asserted-by":"crossref","unstructured":"Zhao, Y., Lang, B., Liu, M.: Ontology-based unified model for heterogeneous threat intelligence integration and sharing. In: 2017 11th IEEE International Conference on Anti-counterfeiting, Security, and Identification (ASID), pp. 11\u201315. IEEE (2017)","DOI":"10.1109\/ICASID.2017.8285734"},{"key":"613_CR32","doi-asserted-by":"publisher","first-page":"18","DOI":"10.1016\/j.cose.2014.06.008","volume":"46","author":"U Franke","year":"2014","unstructured":"Franke, U., Brynielsson, J.: Cyber situational awareness-a systematic review of the literature. Comput. Secur. 46, 18\u201331 (2014)","journal-title":"Comput. Secur."},{"key":"613_CR33","doi-asserted-by":"publisher","first-page":"10796","DOI":"10.1016\/j.eswa.2012.03.014","volume":"39","author":"MGC Cimino","year":"2012","unstructured":"Cimino, M.G.C., Lazzerini, B., Marcelloni, F., Ciaramella, A.: An adaptive rule-based approach for managing situation-awareness. Expert Syst. Appl. 39, 10796\u201310811 (2012). https:\/\/doi.org\/10.1016\/j.eswa.2012.03.014","journal-title":"Expert Syst. Appl."},{"key":"613_CR34","doi-asserted-by":"crossref","unstructured":"Langton, J.T., Newey, B.: Evaluation of current visualization tools for cyber security. In: Cyber Security, Situation Management, and Impact Assessment II; and Visual Analytics for Homeland Defense and Security II, vol. 7709, p. 770910. International Society for Optics and Photonics (2010)","DOI":"10.1117\/12.850160"},{"key":"613_CR35","doi-asserted-by":"crossref","unstructured":"Paulsen, C., Byers, R.: NISTIR 7298 revision 3: Glossary of key information security terms. https:\/\/doi.org\/10.6028\/NIST.IR.7298r3","DOI":"10.6028\/NIST.IR.7298r3"},{"key":"613_CR36","unstructured":"Gragido, W.: Understanding indicators of compromise (IOC) Part I"},{"key":"613_CR37","unstructured":"United States Federal Cybersecurity Centers: Cyber Incident Severity Schema. https:\/\/obamawhitehouse.archives.gov\/sites\/whitehouse.gov\/ files\/documents\/Cyber+Incident+Severity+Schema.pdf"},{"key":"613_CR38","doi-asserted-by":"publisher","unstructured":"Kova\u010devi\u0107, N., , Stojiljkovi\u0107, A., Kova\u010d, M: Application of the matrix approach in risk assessment 2(3), 55\u201364. https:\/\/doi.org\/10.31181\/oresta1903055k","DOI":"10.31181\/oresta1903055k"},{"key":"613_CR39","unstructured":"Forum of incident response and security teams: source evaluation and information reliability. https:\/\/www.first.org\/global\/sigs\/cti\/curriculum\/source-evaluation"},{"key":"613_CR40","unstructured":"Canadian Centre for\u00a0Cyber Security: Cyber threat and cyber threat actors. https:\/\/cyber.gc.ca\/en\/guidance\/cyber-threat-and-cyber-threat-actors"},{"key":"613_CR41","doi-asserted-by":"crossref","unstructured":"Sailio, M., Latvala, O.M., Szanto, A.: Cyber threat actors for the factory of the future 10(12), 4334 (2020). Multidisciplinary Digital Publishing Institute","DOI":"10.3390\/app10124334"},{"key":"613_CR42","unstructured":"ISO\/IEC 27005:2018 Information technology\u2014security techniques \u2014 information security risk management"},{"key":"613_CR43","unstructured":"Blank, R.M., Gallagher, P.D.: NIST Special Publication 800-30 Revision 1: guide for conducting risk assessments. https:\/\/nvlpubs.nist.gov\/nistpubs\/Legacy\/SP\/nistspecialpublication800-30r1.pdf"},{"key":"613_CR44","doi-asserted-by":"publisher","unstructured":"Houmb, S.H., Franqueira, V.N., Engum, E.A.: Quantifying security risk level from CVSS estimates of frequency and impact. J. Syst. Softw. 83(9), 1622\u20131634. https:\/\/doi.org\/10.1016\/j.jss.2009.08.023","DOI":"10.1016\/j.jss.2009.08.023"},{"key":"613_CR45","unstructured":"Lee, J.: An enhanced risk formula for software security vulnerabilities https:\/\/www.isaca.org\/resources\/isaca-journal\/past-issues\/2014\/an-enhanced-risk-formula-for-software-security-vulnerabilities"},{"key":"613_CR46","unstructured":"Plan, F., Fraser, N., O\u2019Leary, J., Cannon, V., Read, B.: APT40: Examining a China-nexus espionage actor. https:\/\/www.fireeye.com\/blog\/threat-research\/2019\/03\/apt40-examining-a-china-nexus-espionage-actor.html"},{"key":"613_CR47","unstructured":"Johnson, C., Badger, L., Waltermire, D.: NIST Special Publication 800-150 Revision 1: Guide for Cyber Threat Information Sharing. https:\/\/nvlpubs.nist.gov\/nistpubs\/SpecialPublications\/NIST.SP.800-150.pdf"},{"key":"613_CR48","unstructured":"Bangor, A., Kortum, P., Miller, J.: Determining what individual SUS scores mean: adding an adjective rating scale. J. Usability Stud. 4(3), 114\u2013123 (2009)"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-022-00613-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-022-00613-7\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-022-00613-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,10,13]],"date-time":"2022-10-13T15:20:54Z","timestamp":1665674454000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-022-00613-7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,9,14]]},"references-count":48,"journal-issue":{"issue":"6","published-print":{"date-parts":[[2022,12]]}},"alternative-id":["613"],"URL":"https:\/\/doi.org\/10.1007\/s10207-022-00613-7","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,9,14]]},"assertion":[{"value":"14 September 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}},{"value":"This article does not contain any studies with human participants or animals performed by any of the authors.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethical approval"}}]}}