A systematic method for measuring the performance of a cyber security operations centre analyst. Issue 124 (January 2023)
- Record Type:
- Journal Article
- Title:
- A systematic method for measuring the performance of a cyber security operations centre analyst. Issue 124 (January 2023)
- Main Title:
- A systematic method for measuring the performance of a cyber security operations centre analyst
- Authors:
- Agyepong, Enoch
Cherdantseva, Yulia
Reinecke, Philipp
Burnap, Pete - Abstract:
- Abstract: Analysts who work in a Security Operations Centre (SOC) play an essential role in supporting businesses to protect their computer networks against cyber attacks. To manage analysts efficiently and effectively, SOC managers and stakeholders use Key Performance Indicators (KPIs) to evaluate their performance. However, existing literature suggests a lack of a systematic approach for assessing analysts' performance. Even though cyber security researchers advocate for research into this area, little effort has been made by researchers to address this gap. Drawing on the results of a Delphi panel with industry experts and the principles of the Analytic Hierarchy Process (AHP), this paper interrogates the problem and proposes a systematic weighted approach for measuring the performance of an analyst in a SOC. The proposed method, referred to as a SOC Analyst Assessment Method (SOC-AAM), was evaluated in two SOCs as a part of an experimental case study. The results of the empirical evaluation show that the SOC-AAM enables SOC managers and stakeholders to quantify and assess analysts' performance in a systematic manner. The SOC-AAM also provides a novel guideline for assessing the quality of incident analysis and the quality of incident reports. This study will be of interest to practitioners and cyber security researchers seeking to understand the operations of a SOC analyst.
- Is Part Of:
- Computers & security. Issue 124(2023)
- Journal:
- Computers & security
- Issue:
- Issue 124(2023)
- Issue Display:
- Volume 124, Issue 124 (2023)
- Year:
- 2023
- Volume:
- 124
- Issue:
- 124
- Issue Sort Value:
- 2023-0124-0124-0000
- Page Start:
- Page End:
- Publication Date:
- 2023-01
- Subjects:
- Security operations centre -- Analysts' metrics -- Performance metrics -- Analysts' evaluation -- Key performance indicators -- Analytic hierarchy process
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2022.102959 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 24445.xml