Over recent decades, we have moved our workflows, record management, and communications into digital formats driven by computational algorithms that run on the global Internet infrastructure. This has been successful because of improved efficiency and convenience to both organizations and general humanity. These developments, however, have created opportunities for hacktivists, cyber-criminals and nation-state inspired cyber-attacks that have resulted in high-profile data breaches in government and commercial organizations, leading to huge financial losses, eroding or loss of reputations, and business closures. Cyber-attacks and breaches continue to rise even though cyber-security practitioners have continued to improve on Incidence Response, by investing heavily in prevention technologies. These investments have unfortunately not created a significant impact at stopping or slowing down data breaches. Response to cyber-attacks are still slow and high-profile breaches continue to rise and take center stage in global media coverage.
This research therefore examined the slow response to cyber-breaches and identified the incidence of task disengagement within the usually stressful operating environments of Security Operations Center (SOC) as a novel and contributory factor to slow incidence response. Task disengagement sets in, resulting in the decrement of mental and physical alertness and overall vigilance after the initial 30 or 40 minutes of consistently staring at and monitoring the banks of monitors displaying streams of traffic and log data. Replacing human analysts with Artificial Intelligence, known as autonomous cyber-defenses, does not have the critical human intuition necessary for the identification of certain exploits that may appear benign at the early stages of an attack. However, applying AI to augment human efforts appears to hold greater promise. In the course of this research, a survey of surveillance operators was conducted which lead to the development of a unique framework, Dynamic SOC Monitoring Framework, to assist in extending the level of engagement and alertness of a typical SOC analyst. Task disengagement is a neurological state that requires further collaborative research in order to effectively address its impact in stressful work environments that require constant alertness and vigilance.
|Commitee:||Tao, Lixin, Frank, Ronald|
|Department:||Seidenberg School of Computer Science and Information Technology|
|School Location:||United States -- New York|
|Source:||DAI-B 82/7(E), Dissertation Abstracts International|
|Subjects:||Computer science, Information Technology|
|Keywords:||Cyber security, Cyber-criminals, Dynamic SOC monitoring, Incident response, Security operations center, Task disengagement|
Copyright in each Dissertation and Thesis is retained by the author. All Rights Reserved
The supplemental file or files you are about to download were provided to ProQuest by the author as part of a
dissertation or thesis. The supplemental files are provided "AS IS" without warranty. ProQuest is not responsible for the
content, format or impact on the supplemental file(s) on our system. in some cases, the file type may be unknown or
may be a .exe file. We recommend caution as you open such files.
Copyright of the original materials contained in the supplemental file is retained by the author and your access to the
supplemental files is subject to the ProQuest Terms and Conditions of use.
Depending on the size of the file(s) you are downloading, the system may take some time to download them. Please be