2019
DOI: 10.1109/tifs.2018.2871744
|View full text |Cite
|
Sign up to set email alerts
|

Understanding Tradeoffs Between Throughput, Quality, and Cost of Alert Analysis in a CSOC

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
17
0

Year Published

2019
2019
2023
2023

Publication Types

Select...
6
2

Relationship

0
8

Authors

Journals

citations
Cited by 18 publications
(17 citation statements)
references
References 22 publications
0
17
0
Order By: Relevance
“…Given that it is the analyst that makes most of the final decisions during operations [6], it comes as no surprise that their performance is of interest to stakeholders and SOC managers [14]. In fact, Shah et al [20] explain that effective performance, such as the timely analysis of alert by the analysts is an essential characteristic of an efficient SOC. SOC managers and stakeholders, therefore, maintain a range of metrics and measures for the analysts.…”
Section: A the Role Of The Analystmentioning
confidence: 99%
“…Given that it is the analyst that makes most of the final decisions during operations [6], it comes as no surprise that their performance is of interest to stakeholders and SOC managers [14]. In fact, Shah et al [20] explain that effective performance, such as the timely analysis of alert by the analysts is an essential characteristic of an efficient SOC. SOC managers and stakeholders, therefore, maintain a range of metrics and measures for the analysts.…”
Section: A the Role Of The Analystmentioning
confidence: 99%
“…However, measuring how SOC operations respond to changes in the SOC configuration (e.g., a refined use-case, a different alert investigation process, new rulesets, etc.) remains an open and critical challenge [16], in terms of analyst competences as well as for metric definition and measurement [11,29,30,38].…”
Section: Security Monitoring Operationsmentioning
confidence: 99%
“…Research gap. Whereas current research has focused mostly on the identification of metrics [30] and procedures [15,29,30] to evaluate SOC performance, an empirical method capable of capturing the complexity of a SOC operation (including alert configuration, analyst capabilities, etc.) has yet to be proposed and validated [16].…”
Section: Soc Performance Evaluationmentioning
confidence: 99%
See 1 more Smart Citation
“…Over the years, the emerging technologies such as the social networks, Internet of Things (IoT), the fifth generation of communication (5G), the decentralized blockchain technologies, etc. have become an indispensable part of modern life [1], [2], [3], [4]. New technologies make our lives easier, faster, and more fun by creating amazing tools, devices, resources, and putting the most useful information at fingertips.…”
Section: Introductionmentioning
confidence: 99%