Abstract
The increasing number of interfaces between IT assets leads to a broader area prone to attacks. To address the raising security challenges, enterprises are building up Security Operations Centers (SOC) to detect and defend against cyber-attacks. In this paper, we present an empirical study based on expert interviews to investigate the differences between the roles and skills needed within a SOC in academic research and practice. Our results indicate that there is a consensus. The roles and necessary skills of the SOC analyst emerge from the investigation as a particularly critical success factor. In addition we were able to present and validate a minimum configuration for SOC roles. We also elaborate the importance of SOC interfaces into the organization to facilitate an efficient SOC operation.
Supported by the research project INSIST.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
- 2.
The transcripts of the interviews can be provided upon request for data protection reasons.
References
Agyepong, E., Cherdantseva, Y., Burnap, P., Reinecke, P.: Towards a framework for measuring the performance of a security operations center analyst (2020)
AlSabbagh, B., Kowalski, S.: A framework and prototype for a socio-technical security information and event management system (ST-SIEM). In: 2016 European Intelligence and Security Informatics Conference (EISIC), pp. 192–195. IEEE (2016)
Caminiti, S.: CNBC technology executive council: Cyber threats, ongoing war for talent, biggest concerns for tech leaders (2021). https://www.cnbc.com/2021/03/25/cyber-threats-war-for-talent-are-biggest-concerns-for-tech-leaders-.html
Cassetto, O.: Security operations center roles and responsibilities (2019). https://www.exabeam.com/security-operations-center/security-operations-center-roles-and-responsibilities/. Accessed 16 Nov 2020
DeCusatis, C., Cannistra, R., Labouseur, A., Johnson, M.: Design and implementation of a research and education cybersecurity operations center. In: Hassanien, A.E., Elhoseny, M. (eds.) Cybersecurity and Secure Information Systems. ASTSA, pp. 287–310. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-16837-7_13
Ganesan, R., Shah, A., Jajodia, S., Cam, H.: Optimizing alert data management processes at a cyber security operations center. In: Jajodia, S., Cybenko, G., Liu, P., Wang, C., Wellman, M. (eds.) Adversarial and Uncertain Reasoning for Adaptive Cyber Defense. LNCS, vol. 11830, pp. 206–231. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-30719-6_9
Hussy, W., Schreier, M., Echterhoff, G.: Forschungsmethoden in Psychologie und Sozialwissenschaften für Bachelor. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-34362-9
Hámornik, B.P., Krasznay, C.: Prerequisites of virtual teamwork in security operations centers: knowledge, skills, abilities and other characteristics (2017)
Hámornik, B.P., Krasznay, C.: A team-level perspective of human factors in cyber security: security operations centers. In: Nicholson, D. (ed.) AHFE 2017. AISC, vol. 593, pp. 224–236. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-60585-2_21
Kokulu, F.B., et al.: Matched and mismatched SOCs: a qualitative study on security operations center issues. In: Proceedings of the ACM Conference on Computer and Communications Security, pp. 1955–1970. Association for Computing Machinery (2019). https://doi.org/10.1145/3319535.3354239
Muniz, J., McIntyre, G., AlFardan, N.: Security Operations Center Building, Operating, and Maintaining your SOC, vol. 1. Cisco Press, Indianapolis (2015)
Mutemwa, M., Mtsweni, J., Zimba, L.: Integrating a security operations centre with an organization’s existing procedures, policies and information technology systems. In: 2018 International Conference on Intelligent and Innovative Computing Applications, ICONIC 2018, pp. 1–6 (2019). https://doi.org/10.1109/ICONIC.2018.8601251
Nugraha, I.P.E.D.: A review on the role of modern SOC in cybersecurity operations. Int. J. Current Sci. Res. Rev. 4(5), 408–414 (2021)
Olt, C.: Establishing security operation centers for connected cars. ATZ Electron. Worldwide 14(5), 40–43 (2019)
Raithel, J.: Quantitative Forschung: Ein Praxiskurs (2008)
Sayegh, E.: Forbes magazine: predicting what 2022 holds for cybersecurity (2021). https://www.forbes.com/sites/emilsayegh/2022/01/06/predicting-what-2022-holds-for-cybersecurity/?sh=7f58a5972b72
Shahjee, D., Ware, N.: Integrated network and security operation center: a systematic analysis. IEEE Access 10, 27881–27898 (2022)
Sundaramurthy, S.C.: An anthropological study of security operations centers to improve operational efficiency (2017). http://scholarcommons.usf.edu/etdscholarcommons.usf.edu/etd/6958
Sundaramurthy, S.C., Case, J., Truong, T., Zomlot, L., Hoffmann, M.: A tale of three security operation centers. In: Proceedings of the 2014 ACM Workshop on Security Information Workers, pp. 43–50 (2014)
Vielberth, M., Bohm, F., Fichtinger, I., Pernul, G.: Security operations center: a systematic study and open challenges. IEEE Access 8, 227756–227779 (2020)
Zimmerman, C.: Ten Strategies of a World-Class Cybersecurity Operations Center (2014). https://www.mitre.org/sites/default/files/publications/pr-13-1028-mitre-10-strategies-cyber-ops-center.pdf
Acknowledgement
This work is partly performed under the INSIST project, which is supported under contract by the Bavarian Ministry of Economic Affairs, Regional Development and Energy (DIK0338/01). In addition, we would like to thank Krones AG Department of Information Management, Krones India Pvt. Ltd. Global SOC and all the involved companies for their support.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 IFIP International Federation for Information Processing
About this paper
Cite this paper
Reisser, A., Vielberth, M., Fohringer, S., Pernul, G. (2022). Security Operations Center Roles and Skills: A Comparison of Theory and Practice. In: Sural, S., Lu, H. (eds) Data and Applications Security and Privacy XXXVI. DBSec 2022. Lecture Notes in Computer Science, vol 13383. Springer, Cham. https://doi.org/10.1007/978-3-031-10684-2_18
Download citation
DOI: https://doi.org/10.1007/978-3-031-10684-2_18
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-10683-5
Online ISBN: 978-3-031-10684-2
eBook Packages: Computer ScienceComputer Science (R0)