{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,31]],"date-time":"2025-10-31T07:40:56Z","timestamp":1761896456173,"version":"build-2065373602"},"reference-count":48,"publisher":"MDPI AG","issue":"1","license":[{"start":{"date-parts":[[2017,1,17]],"date-time":"2017-01-17T00:00:00Z","timestamp":1484611200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Future Internet"],"abstract":"<jats:p>The fifth generation mobile network, or 5G, moves towards bringing solutions to deploying faster networks, with hundreds of thousands of simultaneous connections and massive data transfer. For this purpose, several emerging technologies are implemented, resulting in virtualization and self-organization of most of their components, which raises important challenges related to safety. In order to contribute to their resolution, this paper proposes a novel architecture for incident management on 5G. The approach combines the conventional risk management schemes with the Endsley Situational Awareness model, thus improving effectiveness in different aspects, among them the ability to adapt to complex and dynamical monitoring environments, and countermeasure tracking or the role of context when decision-making. The proposal takes into account all layers for information processing in 5G mobile networks, ranging from infrastructure to the actuators responsible for deploying corrective measures.<\/jats:p>","DOI":"10.3390\/fi9010003","type":"journal-article","created":{"date-parts":[[2017,1,18]],"date-time":"2017-01-18T10:00:47Z","timestamp":1484733647000},"page":"3","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":14,"title":["Towards Incidence Management in 5G Based on Situational Awareness"],"prefix":"10.3390","volume":"9","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-5184-3759","authenticated-orcid":false,"given":"Lorena","family":"Barona L\u00f3pez","sequence":"first","affiliation":[{"name":"Group of Analysis, Security and Systems (GASS), Department of Software Engineering and Artificial Intelligence (DISIA), Faculty of Computer Science and Engineering, Office 431, Universidad Complutense de Madrid (UCM), Calle Profesor Jos\u00e9 Garc\u00eda Santesmases, 9, Ciudad Universitaria, 28040 Madrid, Spain"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3502-020X","authenticated-orcid":false,"given":"\u00c1ngel","family":"Valdivieso Caraguay","sequence":"additional","affiliation":[{"name":"Group of Analysis, Security and Systems (GASS), Department of Software Engineering and Artificial Intelligence (DISIA), Faculty of Computer Science and Engineering, Office 431, Universidad Complutense de Madrid (UCM), Calle Profesor Jos\u00e9 Garc\u00eda Santesmases, 9, Ciudad Universitaria, 28040 Madrid, Spain"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4131-5100","authenticated-orcid":false,"given":"Jorge","family":"Maestre Vidal","sequence":"additional","affiliation":[{"name":"Group of Analysis, Security and Systems (GASS), Department of Software Engineering and Artificial Intelligence (DISIA), Faculty of Computer Science and Engineering, Office 431, Universidad Complutense de Madrid (UCM), Calle Profesor Jos\u00e9 Garc\u00eda Santesmases, 9, Ciudad Universitaria, 28040 Madrid, Spain"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6392-0216","authenticated-orcid":false,"given":"Marco","family":"Sotelo Monge","sequence":"additional","affiliation":[{"name":"Group of Analysis, Security and Systems (GASS), Department of Software Engineering and Artificial Intelligence (DISIA), Faculty of Computer Science and Engineering, Office 431, Universidad Complutense de Madrid (UCM), Calle Profesor Jos\u00e9 Garc\u00eda Santesmases, 9, Ciudad Universitaria, 28040 Madrid, Spain"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7573-6272","authenticated-orcid":false,"given":"Luis","family":"Garc\u00eda Villalba","sequence":"additional","affiliation":[{"name":"Group of Analysis, Security and Systems (GASS), Department of Software Engineering and Artificial Intelligence (DISIA), Faculty of Computer Science and Engineering, Office 431, Universidad Complutense de Madrid (UCM), Calle Profesor Jos\u00e9 Garc\u00eda Santesmases, 9, Ciudad Universitaria, 28040 Madrid, Spain"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2017,1,17]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"1065","DOI":"10.1109\/JSAC.2014.2328098","article-title":"What Will 5G Be?","volume":"32","author":"Andrews","year":"2014","journal-title":"IEEE J. Sel. Areas Commun."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"65","DOI":"10.1109\/MCOM.2014.6957145","article-title":"Design Considerations for a 5G Network Architecture","volume":"52","author":"Agyapong","year":"2014","journal-title":"IEEE Commun. Mag."},{"key":"ref_3","unstructured":"NGMN Alliance NMGN 5G White Paper. Available online: https:\/\/www.ngmn.org\/uploads\/media\/NGMN_5G_White_Paper_V1_0.pdf."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"64","DOI":"10.1016\/j.phycom.2015.10.006","article-title":"A Survey on 5G: The Next Generation of Mobile Communication","volume":"18","author":"Panwar","year":"2016","journal-title":"Phys. Commun."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"74","DOI":"10.1109\/MCOM.2014.6736746","article-title":"Five Disruptive Technology Directions for 5G","volume":"52","author":"Boccardi","year":"2014","journal-title":"IEEE Commun. Mag."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"27","DOI":"10.1109\/MNET.2014.6963801","article-title":"Challenges in 5G: How to Empower SON with Big Data for Enabling 5G","volume":"28","author":"Imran","year":"2014","journal-title":"IEEE Netw."},{"key":"ref_7","unstructured":"International Organization for Standardization and the International Electrotechnical Commission ISO\/IEC 27002: Information Technology, Security Techniques, Code of Practice for Information Security Management. Available online: http:\/\/www.iso.org\/iso\/catalogue_detail?csnumber=54533."},{"key":"ref_8","unstructured":"National Institute of Standards and Technology NIST-SP800 Series Special Publications on Computer Security, Available online: http:\/\/csrc.nist.gov\/publications\/PubsSPs.html#SP800."},{"key":"ref_9","unstructured":"Forum of Incident Response and Security Teams CVSS: Common Vulnerability Scoring System. Available online: https:\/\/www.first.org\/cvss\/specification-document."},{"key":"ref_10","unstructured":"MAGERIT: Risk Analysis and Management Methodology for Information Systems. Available online: http:\/\/administracionelectronica.gob.es\/pae_Home\/pae_Documentacion\/pae_Metodolog\/."},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Parvizi, R., Oghbaei, F., and Khayami, S.R. (2013, January 28\u201330). Using COBIT and ITIL Frameworks to Establish the Alignment of Business and IT Organizations as One of the Critical Success Factors in ERP Implementation. Proceedings of the 5th IEEE Conference on Information and Knowledge Technology (IKT), Shiraz, Iran.","DOI":"10.1109\/IKT.2013.6620078"},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.cose.2014.04.005","article-title":"A Situation Awareness Model for Information Security Risk Management","volume":"44","author":"Webb","year":"2014","journal-title":"Comput. Secur."},{"key":"ref_13","unstructured":"Endsley, N.R. (1988, January 24\u201328). Design and Evaluation for Situation Awareness Enhancement. Proceedings of the Human Factors and Ergonomics Society Annual Meeting, Anaheim, CA, USA."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Leau, Y.B., Ahmad, A., and Manickam, S. (2015, January 11\u201314). Network Security Situation Prediction: A Review and Discussion. Proceedings of the 4th International Conference on Soft Computing, Intelligent Systems, and Information Technology (ICSIIT), Bali, Indonesia.","DOI":"10.1007\/978-3-662-46742-8_39"},{"key":"ref_15","unstructured":"Marquezan, C.C., Mahmood, K., Zafeiropoulos, A., Krishna, R., Huang, X., An, X., Corujo, D., Leit\u00e3o, F., Rosas, M.L., and Einsiedler, H. (arXiv, 2016). Context Awareness in Next Generation of Mobile Core Networks, arXiv."},{"key":"ref_16","unstructured":"Belmonte Martin, A., Marinos, L., Rekleitis, E., Spanoudakis, G., and Petroulakis, N.E. Available online: http:\/\/openaccess.city.ac.uk\/15504\/7\/SDN%20Threat%20Landscape.pdf."},{"key":"ref_17","unstructured":"5G-Ensure Project Enablers for Network and System Security and Resilience. Project Reference: 671562. Funded under: H2020-ICT-2014-2. Available online: http:\/\/www.5gensure.eu\/."},{"key":"ref_18","unstructured":"5G Ensure Deliverable D 2.3, Risk Assessment, Mitigation and Requirements (Draft). Available online: http:\/\/www.5gensure.eu\/deliverables."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.ejor.2015.12.023","article-title":"Risk Assessment and Risk Management: Review of Recent Advances on their Foundation","volume":"256","author":"Aven","year":"2016","journal-title":"Eur. J. Oper. Res."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"14","DOI":"10.1016\/j.cose.2015.11.001","article-title":"Taxonomy of Information Security Risk Assessment (ISRA)","volume":"57","author":"Cheriet","year":"2016","journal-title":"Comput. Secur."},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"1173","DOI":"10.1111\/risa.12230","article-title":"Is Risk Analysis Scientific?","volume":"34","author":"Hansson","year":"2014","journal-title":"Risk Anal."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"342","DOI":"10.1016\/j.giq.2015.04.008","article-title":"US Homeland Security and Risk Assessment","volume":"32","author":"Doty","year":"2015","journal-title":"Gov. Inf. Q."},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"102","DOI":"10.1016\/j.psep.2015.07.004","article-title":"Risk Assessment of Rare Events","volume":"98","author":"Yang","year":"2015","journal-title":"Process Saf. Environ. Prot."},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"45","DOI":"10.1016\/j.cose.2014.11.006","article-title":"A Survey of Information Security Incident Handling in the Cloud","volume":"49","author":"Choo","year":"2015","journal-title":"Comput. Secur."},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"52","DOI":"10.1016\/j.ijcip.2015.02.002","article-title":"A Survey of Cyber Security Management in Industrial Control Systems","volume":"9","author":"Knowles","year":"2015","journal-title":"Int. J. Crit. Infrastruct. Prot."},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"199","DOI":"10.1016\/j.cose.2016.01.005","article-title":"A Formal Model and Risk Assessment Method for Security-critical Real-time Embedded Systems","volume":"58","author":"Ni","year":"2016","journal-title":"Comput. Secur."},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.cose.2015.09.009","article-title":"A Review of Cyber Security Risk Assessment Methods for SCADA Systems","volume":"56","author":"Cherdantseva","year":"2016","journal-title":"Comput. Secur."},{"key":"ref_28","unstructured":"Quick, D., Martini, B., and Choo, K.K.R. (2013). Syngress, Elsevier. Available online: http:\/\/www.sciencedirect.com\/science\/book\/9780124199705."},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"50","DOI":"10.1109\/MCC.2016.5","article-title":"Forensic-by-Design Framework for Cyber-Physical Cloud Systems","volume":"3","author":"Glisson","year":"2016","journal-title":"IEEE Cloud Comput."},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Ab Rahman, N.H., Cahyani, N.D.W., and Choo, K.K.R. (2016). Cloud incident handling and Forensic-by-Design: Cloud Storage as a Case Study. Concurr. Comput. Pract. Exp., 1\u201316.","DOI":"10.1002\/cpe.3868"},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Endsley, M.R., Selcon, S.J., Hardiman, T.D., and Croft, D.G. (1998, January 5\u20139). A Comparative Analysis of SAGAT and SART for Evaluations of Situation Awareness. Proceedings of the Human Factors and Ergonomics Society Annual Meeting, Chicago, IL, USA.","DOI":"10.1177\/154193129804200119"},{"key":"ref_32","unstructured":"Adam, E.C. (1993, January 25\u201328). Fighter Cockpits of the Future. Proceedings of the 12th IEEE Digital Avionics Systems Conference (DASC), Fort Worth, TX, USA."},{"key":"ref_33","doi-asserted-by":"crossref","first-page":"6853","DOI":"10.1016\/j.eswa.2015.05.003","article-title":"Event Stream Processing for Improved Situational Awareness in the Smart Grid","volume":"42","author":"Dahal","year":"2015","journal-title":"Expert Syst. Appl."},{"key":"ref_34","doi-asserted-by":"crossref","first-page":"13","DOI":"10.1016\/j.psep.2015.06.002","article-title":"The Role of Situation Awareness in Accidents of Large-scale Technological Systems","volume":"97","author":"Naderpour","year":"2015","journal-title":"Process Saf. Environ. Prot."},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"169","DOI":"10.1109\/JSYST.2014.2312172","article-title":"A Hybrid Systems Approach to Modeling Real-time Situation-Awareness Component of Networked Crash Avoidance Systems","volume":"10","author":"Fallah","year":"2016","journal-title":"IEEE Syst. J."},{"key":"ref_36","doi-asserted-by":"crossref","first-page":"112","DOI":"10.1016\/j.ssci.2015.03.018","article-title":"Shared Situational Awareness and Information Quality in Disaster Management","volume":"77","author":"Virrantaus","year":"2015","journal-title":"Saf. Sci."},{"key":"ref_37","doi-asserted-by":"crossref","first-page":"126","DOI":"10.1016\/j.ssci.2015.05.012","article-title":"The Concept of Risk Situation Awareness Provision: Towards a New Approach for Assessing the DSA about the Threats and Vulnerabilities of Complex Socio-technical Systems","volume":"79","author":"Chatzimichailidou","year":"2015","journal-title":"Saf. Sci."},{"key":"ref_38","doi-asserted-by":"crossref","first-page":"18","DOI":"10.1016\/j.cose.2014.06.008","article-title":"Cyber Situational Awareness\u2014A Systematic Review of the Literature","volume":"46","author":"Franke","year":"2014","journal-title":"Comput. Secur."},{"key":"ref_39","first-page":"10","article-title":"Performing a Security Risk Assessment","volume":"1","author":"Schmittling","year":"2010","journal-title":"ISACA J."},{"key":"ref_40","doi-asserted-by":"crossref","first-page":"173","DOI":"10.1016\/j.ssci.2013.12.005","article-title":"A Situation Risk Awareness Approach for Process Systems Safety","volume":"64","author":"Naderpour","year":"2014","journal-title":"Saf. Sci."},{"key":"ref_41","doi-asserted-by":"crossref","first-page":"317","DOI":"10.1016\/j.measurement.2016.10.026","article-title":"A multi-objective Software Defined Network Traffic Measurement","volume":"95","author":"Tahaei","year":"2016","journal-title":"Measurement"},{"key":"ref_42","doi-asserted-by":"crossref","first-page":"169","DOI":"10.1016\/j.comnet.2014.12.006","article-title":"VHub: Single-stage Virtual Network Mapping Through Hub Location","volume":"77","author":"Shanbhag","year":"2015","journal-title":"Comput. Netw."},{"key":"ref_43","doi-asserted-by":"crossref","unstructured":"Chowdhury, N.M.K., Rahman, M.R., and Boutaba, R. (2009, January 19\u201325). Virtual Network Embedding with Coordinated Node and Link Mapping. Proceedings of the 28th IEEE Conference on Computer Communications (INFOCOM), Rio de Janeiro, Brasil.","DOI":"10.1109\/INFCOM.2009.5061987"},{"key":"ref_44","doi-asserted-by":"crossref","first-page":"31","DOI":"10.1016\/j.cose.2015.11.003","article-title":"Identifying Cyber Risk Hotspots: A Framework for Measuring Temporal Variance in Computer Network Risk","volume":"57","author":"Awan","year":"2016","journal-title":"Comput. Secur."},{"key":"ref_45","doi-asserted-by":"crossref","first-page":"208","DOI":"10.1016\/j.ress.2014.10.006","article-title":"Development of a Cyber Security Risk Model Using Bayesian Networks","volume":"134","author":"Shin","year":"2015","journal-title":"Reliab. Eng. Syst. Saf."},{"key":"ref_46","unstructured":"International Organization for Standardization and the International Electrotechnical Commission ISO\/IEC 7498-2, Information Processing Systems\u2014Open Systems Interconnection\u2014Basic Reference Model Part 2: Security Architecture. Available online: http:\/\/www.iso.org\/iso\/catalogue_detail.htm?csnumber=14256."},{"key":"ref_47","doi-asserted-by":"crossref","first-page":"13","DOI":"10.1016\/j.compeleceng.2015.07.023","article-title":"Selecting Optimal Countermeasures for Attacks against Critical Systems Using the Attack Volume Model and the RORI Index","volume":"47","author":"Alvarez","year":"2015","journal-title":"Comput. Electr. Eng."},{"key":"ref_48","doi-asserted-by":"crossref","first-page":"17","DOI":"10.1016\/j.cose.2014.04.008","article-title":"Uniform DoS Traceback","volume":"45","author":"Alenezi","year":"2014","journal-title":"Comput. Secur."}],"container-title":["Future Internet"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-5903\/9\/1\/3\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T18:26:21Z","timestamp":1760207181000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-5903\/9\/1\/3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,1,17]]},"references-count":48,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2017,3]]}},"alternative-id":["fi9010003"],"URL":"https:\/\/doi.org\/10.3390\/fi9010003","relation":{},"ISSN":["1999-5903"],"issn-type":[{"type":"electronic","value":"1999-5903"}],"subject":[],"published":{"date-parts":[[2017,1,17]]}}}