Agyepong, Enoch, Cherdantseva, Yulia ORCID: https://orcid.org/0000-0002-3527-1121, Reinecke, Philipp ORCID: https://orcid.org/0000-0002-2411-0891 and Burnap, Pete ORCID: https://orcid.org/0000-0003-0396-633X 2023. A systematic method for measuring the performance of a cyber security operations centre analyst. Computers and Security 124 , 102959. 10.1016/j.cose.2022.102959 |
Preview |
PDF
- Published Version
Available under License Creative Commons Attribution. Download (2MB) | Preview |
Abstract
Analysts who work in a Security Operations Centre (SOC) play an essential role in supporting businesses to protect their computer networks against cyber attacks. To manage analysts efficiently and effectively, SOC managers and stakeholders use Key Performance Indicators (KPIs) to evaluate their performance. However, existing literature suggests a lack of a systematic approach for assessing analysts’ performance. Even though cyber security researchers advocate for research into this area, little effort has been made by researchers to address this gap. Drawing on the results of a Delphi panel with industry experts and the principles of the Analytic Hierarchy Process (AHP), this paper interrogates the problem and proposes a systematic weighted approach for measuring the performance of an analyst in a SOC. The proposed method, referred to as a SOC Analyst Assessment Method (SOC-AAM), was evaluated in two SOCs as a part of an experimental case study. The results of the empirical evaluation show that the SOC-AAM enables SOC managers and stakeholders to quantify and assess analysts’ performance in a systematic manner. The SOC-AAM also provides a novel guideline for assessing the quality of incident analysis and the quality of incident reports. This study will be of interest to practitioners and cyber security researchers seeking to understand the operations of a SOC analyst.
Item Type: | Article |
---|---|
Date Type: | Publication |
Status: | Published |
Schools: | Computer Science & Informatics |
Publisher: | Elsevier |
ISSN: | 0167-4048 |
Date of First Compliant Deposit: | 24 October 2022 |
Date of Acceptance: | 14 October 2022 |
Last Modified: | 03 May 2023 06:58 |
URI: | https://orca.cardiff.ac.uk/id/eprint/153625 |
Actions (repository staff only)
Edit Item |