**6. Conclusions**

The literature review found that much attention has been paid to proactive cybersecurity solutions, acceptable cybersecurity practices, and cybersecurity hygiene strategies for mitigating cyberattacks. In this context, the use of cognitive science techniques has grown significantly. Answers in this area are being proposed, and they mainly look for the improvement of the response time of cyberattacks' countermeasures that work in real-time.

In general, cognitive science is being used to understand the behavior of adversaries to minimize the impact of cyberattacks. In this context, machine learning and deep learning are the techniques that are used the most. The model we propose tries to fill the gap that exists in automatizing cognitive science without considering the users learning processes. Our opinion is that incorporating game theory represents a significant contribution to bringing cognitive sciences to decision-making processes. A set of heuristic, Bias, and quantitative perception measures was defined as part of the cognitive cybersecurity model we have proposed. These measures make it possible to integrate machine learning and deep learning techniques with game theory. We conclude that social and psychological analysis in cybersecurity may improve the process of obtaining information that helps in the decision-making processes.

The present work, investigating the period 2019–2021, understands the evolution of cybersecurity under an atypical context such as a pandemic. Work carried out during the year 2022 has not been considered because it is a period still in progress and has had a change based on the progressive return of activities. Therefore, we believe that future complementary work would be to analyze how this new change has affected cybersecurity processes.

This work was based on the literature review of scientific bases. It would be interesting to extend it with a study of different organizations and their perspective on the inclusion or managemen<sup>t</sup> of cognitive techniques applied to cybersecurity, including understanding how these techniques can provide security in the requirements analysis, and by performing security configurations in the context of DevOps [109] and Digital transformation [110], in addition to how cognitive techniques tie in with Open-source tools, which are widely used to maintain network security, endpoint security, and system security [111]. Although our literature review does not show them explicitly, these are very relevant topics in cybersecurity today. This leads us in future work to propose new search strings that allow us to expand our study to these topics.

**Author Contributions:** Conceptualization, R.O.A. and W.F.; methodology, R.O.A.; validation, W.F.; formal analysis, R.O.A.; investigation, M.C.; data curation, I.O.-G.; writing—review and editing, I.O.-G. and G.N.; funding acquisition, I.O.-G. and G.N. All authors have read and agreed to the published version of the manuscript.

**Funding:** This research received no external funding. **Acknowledgments:** The authors would like to thank the Universidad de las Fuerzas Armadas ESPE of Sangolquí, Ecuador, for the resources granted for the development of the research project entitled: "Detection and Mitigation of Social Engineering attacks applying Cognitive Security, Code: PIC-ESPE-2020-SE". The author also acknowledges the Universidad de Las Américas of Ecuador and his Engineer degree in Information Technology for support in this work. Additionality, we want to thank the members of the group IDEIAGEOCA for all their support in the research.

**Conflicts of Interest:** The authors declare no conflict of interest.
