Agyepong, Enoch, Cherdantseva, Yulia  ORCID: https://orcid.org/0000-0002-3527-1121, Reinecke, Philipp ORCID: https://orcid.org/0000-0002-2411-0891 and Burnap, Peter ORCID: https://orcid.org/0000-0003-0396-633X
2020.
Towards a framework for measuring the performance of a security operations center analyst.
Presented at: IEEE International Conference on Cyber Security and Protection of Digital Services (Cyber Security 2020),
Dublin, Ireland,
15-17 June 2020.
|
Preview |
PDF
- Accepted Post-Print Version
Download (456kB) | Preview |
Abstract
The past few years have seen several studies reporting on the role of a Security Operations Center (SOC) analyst and metrics for assessing the performance of analysts. However, research suggests that analysts are dissatisfied with existing metrics as they fail to take into consideration several aspects of their tasks. Existing works advocate for research into this area. A major challenge to devising adequate metrics is that the real work of analysts that needs to be taken into consideration to assess their holistic performance has not been fully discussed. Furthermore, at present, there is no agreement on what constitutes core analysts’ functions. Analysts’ overall performance in a SOC could be obtained if there is a common agreement on the core functions upon which their performance can be evaluated. In this paper, we propose a framework depicting the core functions of analysts and KPIs that can be used to measure the performance of analysts. To do this, we conducted a thorough analysis of the functions of a SOC described in multiple sources of literature and engaged with several analysts and SOC managers from different industries using qualitative semi-structured interviews. Our research results identify the following: quality of analysts’ analysis, quality of analysts’ report, time-based measures and the absolute numbers derived from an analyst’s tasks as the key performance indicators (KPIs) for assessing analysts’ performance. We hope that our findings will stimulate more interest among cybersecurity researchers on assessment methods for analysts.
| Item Type: | Conference or Workshop Item (Paper) |
|---|---|
| Status: | In Press |
| Schools: | Computer Science & Informatics |
| Date of First Compliant Deposit: | 16 July 2020 |
| Date of Acceptance: | 16 April 2020 |
| Last Modified: | 26 Jun 2023 06:36 |
| URI: | https://orca.cardiff.ac.uk/id/eprint/133458 |
Citation Data
Cited 6 times in Scopus. View in Scopus. Powered By Scopus® Data
Actions (repository staff only)
 |
Edit Item |
Download Statistics
Download Statistics
Cardiff University Information Services