2019
DOI: 10.1007/978-3-030-22351-9_22
|View full text |Cite
|
Sign up to set email alerts
|

Informing Hybrid System Design in Cyber Security Incident Response

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
4
0

Year Published

2021
2021
2024
2024

Publication Types

Select...
3
2
1

Relationship

1
5

Authors

Journals

citations
Cited by 6 publications
(5 citation statements)
references
References 19 publications
0
4
0
Order By: Relevance
“…There have been several studies focusing on the analyst in a SOC. Yu [25] targets human interaction aspects to elicit functional requirements for automating tasks performed by a digital teammate Feng et al [9] developed a ML framework by generating labels from SOC notes in order to correlate IPaddresses, hosts and end-users. Akinrolabu et al [2] discovered valuable features (for ML models) by interviewing SOC analysts.…”
Section: B User-centric Soc Studiesmentioning
confidence: 99%
See 1 more Smart Citation
“…There have been several studies focusing on the analyst in a SOC. Yu [25] targets human interaction aspects to elicit functional requirements for automating tasks performed by a digital teammate Feng et al [9] developed a ML framework by generating labels from SOC notes in order to correlate IPaddresses, hosts and end-users. Akinrolabu et al [2] discovered valuable features (for ML models) by interviewing SOC analysts.…”
Section: B User-centric Soc Studiesmentioning
confidence: 99%
“…Several studies of SOC environments, including the use of AI in the SOC, have pointed towards adapting and using XAI techniques to support analysts [25], [7], [21], [9], [32], [2], [16], [26]. There have also been several attempts applying XAI to explain ML-generated alerts [39], [38], [28], [15], [20], [27], [34].…”
Section: Introductionmentioning
confidence: 99%
“…However, the findings also highlight that some dimensions, such as communication expertise, selfawareness, and expert identification, might also be addressed through other methods, such as training and team development. Research to further explore this angle could better inform training, development, and retention strategies for incident responders [37].…”
Section: Dimensional Expertise In Lower Tier Irmentioning
confidence: 99%
“…However, this strategy is based on improving current operational stability. While the added SOAR capability offers some level of solution to immediate problems, the next steps of the field should progress towards long-term development of cyber security professionals [37,50], recognizing that the traditional path to becoming an expert in security has fundamentally changed due to the introduction of automation. Furthermore, system developers should consider the role of menial (but fundamental) tasks in analyst development, and the potential effects of system failure coupled with incomplete system understanding.…”
Section: Implications For Technology Developmentmentioning
confidence: 99%
“…These overhead tasks can be characterized and mitigated or removed to increase process efficiency. Knowledge and information are critical to reasoning and code comprehension in RE tasks, but the act of searching for and retrieving that information is not adding value; as in other investigation-based cybersecurity settings [22], this makes knowledge & information gathering a good candidate for automation.…”
Section: Rq3: Automatable Tasksmentioning
confidence: 99%