Dissertation/Thesis Abstract

Slow Incident Response in Cyber Security: The Impact of Task Disengagement in Security Operations Centers
by Mirilla, Davis Fonya, D.P.S., Pace University, 2018, 139; 28094770
Abstract (Summary)

Over recent decades, we have moved our workflows, record management, and communications into digital formats driven by computational algorithms that run on the global Internet infrastructure. This has been successful because of improved efficiency and convenience to both organizations and general humanity. These developments, however, have created opportunities for hacktivists, cyber-criminals and nation-state inspired cyber-attacks that have resulted in high-profile data breaches in government and commercial organizations, leading to huge financial losses, eroding or loss of reputations, and business closures. Cyber-attacks and breaches continue to rise even though cyber-security practitioners have continued to improve on Incidence Response, by investing heavily in prevention technologies. These investments have unfortunately not created a significant impact at stopping or slowing down data breaches. Response to cyber-attacks are still slow and high-profile breaches continue to rise and take center stage in global media coverage.

This research therefore examined the slow response to cyber-breaches and identified the incidence of task disengagement within the usually stressful operating environments of Security Operations Center (SOC) as a novel and contributory factor to slow incidence response. Task disengagement sets in, resulting in the decrement of mental and physical alertness and overall vigilance after the initial 30 or 40 minutes of consistently staring at and monitoring the banks of monitors displaying streams of traffic and log data. Replacing human analysts with Artificial Intelligence, known as autonomous cyber-defenses, does not have the critical human intuition necessary for the identification of certain exploits that may appear benign at the early stages of an attack. However, applying AI to augment human efforts appears to hold greater promise. In the course of this research, a survey of surveillance operators was conducted which lead to the development of a unique framework, Dynamic SOC Monitoring Framework, to assist in extending the level of engagement and alertness of a typical SOC analyst. Task disengagement is a neurological state that requires further collaborative research in order to effectively address its impact in stressful work environments that require constant alertness and vigilance.

Indexing (document details)
Advisor: Tappert, Charles
Commitee: Tao, Lixin, Frank, Ronald
School: Pace University
Department: Seidenberg School of Computer Science and Information Technology
School Location: United States -- New York
Source: DAI-B 82/7(E), Dissertation Abstracts International
Subjects: Computer science, Information Technology
Keywords: Cyber security, Cyber-criminals, Dynamic SOC monitoring, Incident response, Security operations center, Task disengagement
Publication Number: 28094770
ISBN: 9798557039949
Copyright © 2021 ProQuest LLC. All rights reserved. Terms and Conditions Privacy Policy Cookie Policy