Systematic Literature Review on Cyber Situational Awareness Visualizations

The dynamics of cyber threats are increasingly complex, making it more challenging than ever for organizations to obtain in-depth insights into their cyber security status. Therefore, organizations rely on Cyber Situational Awareness (CSA) to support them in better understanding the threats and associated impacts of cyber events. Due to the heterogeneity and complexity of cyber security data, often with multidimensional attributes, sophisticated visualization techniques are often needed to achieve CSA. However, there have been no attempts to systematically review and analyze scientific literature on CSA visualizations until now. In this paper, we have systematically selected and reviewed 54 publications that discuss visualizations to support CSA. We extracted data from these papers to identify key stakeholders, information types, data sources, and visualization techniques. Furthermore, we analyze the level of CSA supported by the visualizations, maturity of the visualizations, challenges, and practices related to CSA visualizations to prepare a full analysis of the current state of CSA in the organizational context. Our results reveal certain gaps in CSA visualizations. For instance, the most focus is on operational-level staff and there is a clear lack of visualizations targeting other types of stakeholders such as managers, higher-level decision makers, and non-expert users. Most papers focus on threat information visualization and there is a lack of papers that visualize impact information, response plans, and information shared within teams. Interestingly, only a few studies proposed visualizations to facilitate up to projection level (i.e. the highest level of CSA) whereas most studies facilitated perception level (i.e. the lowest level of CSA). Based on the results that highlight the important concerns in CSA visualizations, we recommend a list of future research directions.