• Corpus ID: 18511819

A Human Capital Model for Mitigating Security Analyst Burnout

@inproceedings{Sundaramurthy2015AHC,
  title={A Human Capital Model for Mitigating Security Analyst Burnout},
  author={Sathya Chandran Sundaramurthy and Alexandru G. Bardas and Jacob Case and Xinming Ou and Michael Wesch and John McHugh and Siva Raj Rajagopalan},
  booktitle={SOUPS},
  year={2015}
}
Security Operation Centers (SOCs) are being operated by universities, government agencies, and corporations to defend their enterprise networks in general and in particular to identify malicious behaviors in both networks and hosts. The success of a SOC depends on having the right tools, processes and, most importantly, efficient and effective analysts. One of the worrying issues in recent times has been the consistently high burnout rates of security analysts in SOCs. Burnout results in… 

Figures and Tables from this paper

Matched and Mismatched SOCs: A Qualitative Study on Security Operations Center Issues
TLDR
This study conducted 18 semi-structured interviews with SOC analysts and managers and found inherent disagreements between SOC managers and their analysts that, if not addressed, could entail a risk to SOC efficiency and effectiveness.
How integration of security management and incident response enables organizational learning
TLDR
Using organizational learning theory to develop a conceptual framework that explains how the ISM and IR functions can be better integrated and create learning opportunities that lead to organizational security benefits.
Humans Are Dynamic - Our Tools Should Be Too
TLDR
Research indicates conflict resolution is a prerequisite for continuous improvement of SOCs in both human and technological aspects and can lead to adverse effects, such as analyst burnout and reduction in overall effectiveness.
Turning Contradictions into Innovations or: How We Learned to Stop Whining and Improve Security Operations
TLDR
This analysis provides evidence of the importance of conflict resolution as a prerequisite for operations improvement and helps to see a potentially successful and repeatable mechanism for introducing new technologies to future SOCs.
How integration of cyber security management and incident response enables organizational learning
TLDR
Using organizational learning theory to develop a conceptual framework that explains how the ISM and IR functions can be better integrated and create learning opportunities that lead to organizational security benefits.
Towards a Framework for Measuring the Performance of a Security Operations Center Analyst
TLDR
A framework depicting the core functions of analysts and KPIs that can be used to measure the performance of analysts is proposed and identified as the key performance indicators (KPIs) for assessing analysts’ performance.
Security Operations Center: A Systematic Study and Open Challenges
TLDR
A comprehensive literature survey is conducted to determine the current state of the art of SOCs and derive primary building blocks and current challenges within a SOC are identified and summarized.
Challenges and performance metrics for security operations center analysts: a systematic review
TLDR
A comprehensive overview of the challenges faced by SOC analysts and of the metrics suggested in the literature for measuring analysts performance is provided and a mapping between the challenges and existing performance metrics showing how the effectiveness of an analyst in addressing a particular challenge could be measured.
Cyber Security Operations Centre Concepts and Implementation
TLDR
The goal of this chapter is to present the basics one needs to know about SOCs, as well as introducing readers and IT professionals who are not familiar with SOCs to SOC concepts, types of SOC implementation, the functions and services offered by SOC's, along with some of the challenges faced by an SOC.
Sonification in security operations centres: what do security practitioners think?
TLDR
Insight is clarified into the potential benefits and challenges of introducing sonification to support work in this vital security-monitoring environment and critical requirements for the design of sonification systems and their integration into the SOC setting are analyzed.
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 20 REFERENCES
I'm Leaving the IT Field: the Impact of Stress, Job Insecurity, and Burnout on IT Professionals
The information technology field has highly fluid, rapidly-evolving workforce requirements. The nature of the profession creates unique challenges and strains for IT workers. As a result, many IT
An integrated view of human, organizational, and technological challenges of IT security management
TLDR
The main challenges that IT security practitioners face in their organizations are determined, including the interplay among human, organizational, and technological factors, to build an integrated framework of security challenges.
Towards understanding IT security professionals and their tools
TLDR
The results suggest that the job of IT security management is distributed across multiple employees, often affiliated with different organizational units or groups within a unit and responsible for different aspects of it.
Toward understanding distributed cognition in IT security management: the role of cues and norms
TLDR
It is shown how ITSM challenges foster under-use of cues and norms, which comprises a type of risk that may result in outcomes that are adverse to the organization’s interests.
Job burnout.
TLDR
The focus on engagement, the positive antithesis of burnout, promises to yield new perspectives on interventions to alleviate burnout.
Preparation, detection, and analysis: the diagnostic work of IT security incident response
TLDR
The analysis shows that security incident response is a highly collaborative activity, which may involve practitioners developing their own tools to perform specific tasks and is complicated by practitioners' need to rely on tacit knowledge, as well as usability issues with security tools.
An Organizational Psychology Perspective to Examining Computer Security Incident Response Teams
TLDR
The field of organizational psychology can contribute to an understanding of the full range of CSIRT job requirements, which include working as a team and within a larger multiteam system.
Guidelines for designing IT security management tools
TLDR
A survey of design guidelines for IT security management tools is presented and a framework of guidelines can be used by those developing IT security tools, as well as by practitioners and managers evaluating tools.
An Inquiry into the Nature and Causes of the Wealth of Nations
It was the publication in 1776 of Adam Smith’s Inquiry into the Nature and Causes of the Wealth of Nations that marked the beginning of the ideological revolution explored in this article. Political
Work practices of system administrators: implications for tool design
TLDR
A model of user satisfaction that provides actionable guidance and an integration of information and system quality attributes that appear to be important to system administrators is presented.
...
1
2
...