2020
DOI: 10.1109/access.2020.3045514
|View full text |Cite
|
Sign up to set email alerts
|

Security Operations Center: A Systematic Study and Open Challenges

Help me understand this report
View preprint versions

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
68
0
1

Year Published

2021
2021
2024
2024

Publication Types

Select...
4
4
1

Relationship

1
8

Authors

Journals

citations
Cited by 103 publications
(69 citation statements)
references
References 165 publications
(352 reference statements)
0
68
0
1
Order By: Relevance
“…Although processes and technology are integral to a SOC's function, people are the most critical element as it is extremely difficult to technologically emulate human thought processes for analyzing and remediating threats [1], [3]. Vielberth, Böhm, Fichtinger, and Pernul state that, although automation technologies are necessary for SOC operations, automation is difficult to implement and only works under the correct conditions which leads to the conclusion that "Determining whether an alert is real requires further investigation by the analysts based on tacit knowledge" [8].…”
Section: Soc Foundational Elementsmentioning
confidence: 99%
“…Although processes and technology are integral to a SOC's function, people are the most critical element as it is extremely difficult to technologically emulate human thought processes for analyzing and remediating threats [1], [3]. Vielberth, Böhm, Fichtinger, and Pernul state that, although automation technologies are necessary for SOC operations, automation is difficult to implement and only works under the correct conditions which leads to the conclusion that "Determining whether an alert is real requires further investigation by the analysts based on tacit knowledge" [8].…”
Section: Soc Foundational Elementsmentioning
confidence: 99%
“…Many studies have been conducted regarding cyber security threats, attacks, incident response, mitigation procedures and how to defend cyber-attacks. Security Operation Centre (SOC) teams represent the first line of defence as they are anticipated to detect threats and escalate them to Incident response (IR) teams [8] . Although many researches highlighted SOC, many of them had lacked a thorough overview of the challenges that might face SOC teams as observed from [9,10] .…”
Section: Literature Reviewmentioning
confidence: 99%
“…Key Performance Indicator (KPI), Key Risk Indicator (KRI) used to indicate how risky an activity is, Key Change Indicator (KCI) used to understand the effectiveness of risk controls and actions taken to mitigate the impacts emerging from risks [8] . These metrics acknowledge strategic and operational improvements by providing analytical basis for decision making.…”
Section: Missing Kpi and Sla Measurementsmentioning
confidence: 99%
“…In cybersecurity, the Security Operations Center (SOC) personnel faces vast amounts of data coming from a variety of sources, accumulated at rapid speeds. The constant flow of information often overwhelms the analysts, making timely and adequate response and mitigation unsustainable [ 4 , 5 , 6 ]. The so-called data triage automation is a well-known problem of SOCs [ 7 ], with the intensity of the domain and the characteristics of incident detection signals strongly degrading human performance [ 8 ].…”
Section: Introductionmentioning
confidence: 99%