The Role of Situation Awareness in Detecting Criminal Intrusions: A Different Perspective on Information Security Awareness

Competent security administrators are needed for effective detection of incessant criminal intrusion attempts we witness nowadays. The required competence includes the ability to analyze a suspicious attempt with a high degree of awareness of the situation surrounding the attempt. However, the extant literature on information security awareness focuses on end-user education and overlooks the type that is critical for security administrators to perform their tasks. This paper presents a model about factors influencing detection of criminal intrusions, based on the military concept of situation awareness (SA). We argue that in using intrusion detection systems (IDSs) to deflect criminal intrusions, SA is critical because of the highly dynamic nature of the task at hand and the information processing capability it requires. We support our argument by explicating the roles of two foundational antecedents to SA - experience (as evidenced in the administrator's usage pattern of memory) and interface design (graphical versus command-line).