الملخص الإنجليزي
The dramatic emergence of cybersecurity incidents, to unlawfully obtain sensitive and
private information from individuals and organisations alike, has become a pressing
concern for the broader society. Incident response procedures are thus developed by
organisations using a systematic process to deal with cyber security incidents. The
Incident Response Team is the first line of defence against cyber threats and works in
critical situations where an organisation is on the verge of losing digital assets. Hence,
Situational Awareness (SA) allows organisations to understand their capabilities in
dealing with incidents and to predict the status of future events based on those
capabilities. That means a comprehensive and clear understanding of the technical
infrastructure, level of security and expected threats to enhance the ability to make
decisions in response to cyber incidents. This research study undertakes an evaluation
of situational awareness for cybersecurity incidents response of a finance company in
Oman Sultanate using a positivist case study approach. This allows the researcher to
narrow his attention within location and time to a specific finance organisation,
collecting various data types, including interviews, documents, and observations. Then
reflecting on the experience of the Omani financial sector in responding to a
cybersecurity incident to enhance its readiness to deal with it. The research findings
that situation awareness theory is applicable in Oman financial organisations and
measures the IR team's readiness to handle cybersecurity threats. Moreover, the
resources and cybersecurity capability cooperatively influence how the organisation
can follow situation awareness theory. This research contributes to promoting a grasp
of situational awareness theory and describes the implementation of a scenario for
cybersecurity incident response. In addition, clarifying how the response team
performs the situation awareness by describing the working mechanism and
procedures associated with incidents. Furthermore, an empirical case study from the
financial sector contributes to an improved understanding of this institution's
experiences in dealing with cybersecurity incidents. The practical contribution of this
research is to manage and classify the responsibilities of the cybersecurity incident
response team with the phases of situational awareness theory. Also, it highlights
practical experience in this organisation by examining the theory of situational
awareness during the response to cybersecurity incidents.
