Challenges and performance metrics for security operations center analysts: a systematic review

被引:30
作者
Agyepong, Enoch [1 ]
Cherdantseva, Yulia [1 ]
Reinecke, Philipp [1 ]
Burnap, Pete [1 ]
机构
[1] School of Computer Science and Informatics, Cardiff University, Cardiff
来源
Agyepong, Enoch (agyeponge@cardiff.ac.uk) | 1600年 / Taylor and Francis Ltd.卷 / 04期
关键词
cyber security; performance metrics; security analysts; Security operations center; systematic literature review;
D O I
10.1080/23742917.2019.1698178
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
The increasing use of Security Operations Centers (SOCs) by organisations as a part of their cyber security strategy has led to several studies aiming to understand and improve SOC operations. However, to the best of our knowledge, there is no systematic literature review on the challenges faced by SOC analysts or on metrics for measuring analysts performance. To this end, we conducted a Systematic Literature Review (SLR) in accordance with the guidelines for undertaking SLR and analyzed papers published on SOCs between 2008 and 2018. We provide a comprehensive overview of the challenges faced by SOC analysts and of the metrics suggested in the literature for measuring analysts performance. In addition, we present a mapping between the challenges and existing performance metrics showing how the effectiveness of an analyst in addressing a particular challenge could be measured. We also discuss the drawbacks of the existing metrics and suggest directions for improvement. Our findings will enable SOC analysts and managers, as well as the academic community to gain a better understanding of the challenges impeding the performance of SOC analysts, and how analysts performance could be measured and improved. © 2019 Informa UK Limited, trading as Taylor & Francis Group.
引用
收藏
页码:125 / 152
页数:27
相关论文
共 59 条
[21]  
Silva R.L.S., Neiva F.W., Systematic literature review in computer science-a practical guide, Relatórios Técnicos Do DCC/UFJF, (2016)
[22]  
Which are the best databases for computer Science? - Library help, (2018)
[23]  
Kitchenham B., Brereton P., A systematic review of systematic review process research in software engineering, Inf Software Technol, 55, 12, pp. 2049-2075, (2013)
[24]  
Cherry G., Dickson R., Defining my review question and identifying inclusion and exclusion criteria, Doing a systematic review: a student’s guide, pp. 43-50, (2017)
[25]  
Dyba T., Dingsoyr T., Empirical studies of agile software development: A systematic review, Inf Software Technol, 50, 9-10, pp. 833-859, (2008)
[26]  
Moher D., Preferred reporting items for systematic reviews and meta-analyses: the PRISMA statement, Ann Intern Med, 151, 4, (2009)
[27]  
Usman M., Effort estimation in agile software development : A systematic literature review, Proceedings of the 10th international conference on predictive models in software engineering, (2014)
[28]  
Lee C.J., Sugimoto C.R., Zhang G., Bias in peer review’, J Am Soc Inf Sci Technol, 64, 1, pp. 2-17, (2013)
[29]  
Maynard C., Personal Bias in Peer Review, Med Care, 56, 7, (2018)
[30]  
CASP Checklist: 10 questions to help you make sense of a systematic review, (2018)
123456