Samenvatting
Current threat analysis processes followed by tier-1 (T1) analysts in a Security Operation Center (SOC) rely mainly on tacit knowledge, and can differ greatly across analysts. The lack of structure and clear objectives to T1 analyses makes operative inefficiencies hard to spot, SOC performance hard to measure (and therefore improve), results in overall lower security for the monitored environment(s), and contributes to analyst burnout. In this work we collaborate with a commercial SOC to devise a 4-stage (network) threat analysis process to support the collection and analysis of relevant information for threat analysis. We conduct an experiment with ten T1 analysts employed in the SOC and show that analysts following the proposed process are 2.5 times more likely to produce an accurate assessment than analysts who do not. We evaluate qualitatively the effects of the process on analysts decisions, and discuss implications for practice and research.
Originele taal-2 | Engels |
---|---|
Titel | Proceedings of the 19th Symposium on Usable Privacy and Security, SOUPS 2023 |
Plaats van productie | Anaheim |
Uitgeverij | Usenix Association |
Pagina's | 97-111 |
Aantal pagina's | 15 |
ISBN van elektronische versie | 978-1-939133-36-6 |
Status | Gepubliceerd - 7 aug. 2023 |
Evenement | 19th Symposium on Usable Privacy and Security, SOUPS 2023 - Anaheim, Verenigde Staten van Amerika Duur: 7 aug. 2023 → 8 aug. 2023 Congresnummer: 19 |
Congres
Congres | 19th Symposium on Usable Privacy and Security, SOUPS 2023 |
---|---|
Verkorte titel | SOUPS 2023 |
Land/Regio | Verenigde Staten van Amerika |
Stad | Anaheim |
Periode | 7/08/23 → 8/08/23 |
Financiering
This work is supported by the SeReNity project, Grant No. cs.010, funded by Netherlands Organisation for Scientific Research (NWO) and by the INTERSECT project, Grant No. NWA.1162.18.301, funded by NWO. The authors also thank the Eindhoven security hub SOC for its collaboration in this work.
Financiers | Financiernummer |
---|---|
Nederlandse Organisatie voor Wetenschappelijk Onderzoek |