Abstract
In a (Cyber) Security Operation Center (SOC), organizations try to monitor theirdigital infrastructure for potential attacks in (near) real-time. Both, literature and
experience about SOC operation and performance is rather sparse. In this work we
designed an experimental methodology that aims to capture the performance impact
that modifications in SOC configurations can have. An experiment was conducted to
show that the methodology can be used to measure selected qualities of a SOC. It was
run with seven groups (14 participants). Report quality and timeliness was measured
throughout seven separate experiment sessions.
We showed that our methodology is able to capture differences between SOC
configurations, leading to qualitatively measurable differences in report quality.
By contributing such a methodology, we lay the foundation of further research
related to effectiveness and efficiency of SOC configurations.
Date of Award | 2019 |
---|---|
Original language | English |
Awarding Institution |
|
Supervisor | Luca Allodi (Supervisor 1), Veelasha Moonsamy (Supervisor 1) & Erik Poll (Supervisor 2) |