Slow Incident Response in Cyber Security: The Impact of Task Disengagement in Security Operations Centers
Abstract
Over recent decades, we have moved our workflows, record management, and communications into digital formats driven by computational algorithms that run on the global Internet infrastructure. This has been successful because of improved efficiency and convenience to both organizations and general humanity. These developments, however, have created opportunities for hacktivists, cyber-criminals and nation-state inspired cyber-attacks that have resulted in high-profile data breaches in government and commercial organizations, leading to huge financial losses, eroding or loss of reputations, and business closures. Cyber-attacks and breaches continue to rise even though cyber-security practitioners have continued to improve on Incidence Response, by investing heavily in prevention technologies. These investments have unfortunately not created a significant impact at stopping or slowing down data breaches. Response to cyber-attacks are still slow and high-profile breaches continue to rise and take center stage in global media coverage. This research therefore examined the slow response to cyber-breaches and identified the incidence of task disengagement within the usually stressful operating environments of Security Operations Center (SOC) as a novel and contributory factor to slow incidence response. Task disengagement sets in, resulting in the decrement of mental and physical alertness and overall vigilance after the initial 30 or 40 minutes of consistently staring at and monitoring the banks of monitors displaying streams of traffic and log data. Replacing human analysts with Artificial Intelligence, known as autonomous cyber-defenses, does not have the critical human intuition necessary for the identification of certain exploits that may appear benign at the early stages of an attack. However, applying AI to augment human efforts appears to hold greater promise. In the course of this research, a survey of surveillance operators was conducted which lead to the development of a unique framework, Dynamic SOC Monitoring Framework, to assist in extending the level of engagement and alertness of a typical SOC analyst. Task disengagement is a neurological state that requires further collaborative research in order to effectively address its impact in stressful work environments that require constant alertness and vigilance.
Subject Area
Computer science|Information Technology
Recommended Citation
Mirilla, Davis Fonya, "Slow Incident Response in Cyber Security: The Impact of Task Disengagement in Security Operations Centers" (2018). ETD Collection for Pace University. AAI28094770.
https://digitalcommons.pace.edu/dissertations/AAI28094770
Remote User: Click Here to Login (must have Pace University remote login ID and password. Once logged in, click on the View More link above)