Assessing a Decision Support Tool for SOC Analysts
| العنوان: | Assessing a Decision Support Tool for SOC Analysts |
|---|---|
| المؤلفون: | Michael Goldsmith, Martin Helmhout, Sadie Creese, Thomas Bashford-Rogers, Ioannis Agrafiotis, Jassim Happa |
| المصدر: | Digital Threats: Research and Practice. 2:1-35 |
| بيانات النشر: | Association for Computing Machinery (ACM), 2021. |
| سنة النشر: | 2021 |
| مصطلحات موضوعية: | 021110 strategic, defence & security studies, Decision support system, Situation awareness, Computer Networks and Communications, Business process, business.industry, Computer science, 0211 other engineering and technologies, Usability, 02 engineering and technology, Intrusion detection system, Asset (computer security), Data science, Computer Science Applications, Visualization, Hardware and Architecture, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Eye tracking, business, Safety Research, Software, Information Systems |
| الوصف: | It is difficult to discern real-world consequences of attacks on an enterprise when investigating network-centric data alone. In recent years, many tools have been developed to help understand attacks using visualisation, but few aim to predict real-world consequences. We have developed a visualisation tool that aims to improve decision support during attacks in Security Operation Centres (SOCs). Our tool visualises propagation of risks from sensor alert data to Business Process (BP) tasks. This is an important capability gap present in many SOCs today, as most threat detection tools are technology-centric. In this article, we present a user study that assesses our tool’s usability and ability to support the analyst. Ten analysts from seven SOCs performed carefully designed tasks related to understanding risks and recovery decision-making. The study was conducted in laboratory conditions with simulated attacks and used a mixed-method approach to collect data from questionnaires, eye tracking, and semi-structured interviews. Our findings suggest that relating business tasks to network asset in visualisations can help analysts prioritise response strategies. Finally, our article also provides an in-depth discussion on user studies conducted with SOC analysts more generally, including lessons learned, recommendations and a critique of our own study. |
| تدمد: | 2576-5337 2692-1626 |
| URL الوصول: | https://explore.openaire.eu/search/publication?articleId=doi_________::d0bdfb9c4fa601afea9ff4f6a4d510f6 https://doi.org/10.1145/3430753 |
| حقوق: | OPEN |
| رقم الأكسشن: | edsair.doi...........d0bdfb9c4fa601afea9ff4f6a4d510f6 |
| قاعدة البيانات: | OpenAIRE |
| تدمد: | 25765337 26921626 |
|---|