An Attack Simulation Methodology for Empirical SOC Performance Evaluation

    Student thesis: Master

    Abstract

    In a (Cyber) Security Operation Center (SOC), organizations try to monitor their
    digital infrastructure for potential attacks in (near) real-time. Both, literature and
    experience about SOC operation and performance is rather sparse. In this work we
    designed an experimental methodology that aims to capture the performance impact
    that modifications in SOC configurations can have. An experiment was conducted to
    show that the methodology can be used to measure selected qualities of a SOC. It was
    run with seven groups (14 participants). Report quality and timeliness was measured
    throughout seven separate experiment sessions.
    We showed that our methodology is able to capture differences between SOC
    configurations, leading to qualitatively measurable differences in report quality.
    By contributing such a methodology, we lay the foundation of further research
    related to effectiveness and efficiency of SOC configurations.
    Date of Award2019
    Original languageEnglish
    Awarding Institution
    • Radboud University Nijmegen
    SupervisorLuca Allodi (Supervisor 1), Veelasha Moonsamy (Supervisor 1) & Erik Poll (Supervisor 2)

    Cite this

    '