Skip to main content
SpringerLink
Log in

Security Operations Center Roles and Skills: A Comparison of Theory and Practice

  • Conference paper
  • First Online:
Data and Applications Security and Privacy XXXVI (DBSec 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13383))

Included in the following conference series:

Abstract

The increasing number of interfaces between IT assets leads to a broader area prone to attacks. To address the raising security challenges, enterprises are building up Security Operations Centers (SOC) to detect and defend against cyber-attacks. In this paper, we present an empirical study based on expert interviews to investigate the differences between the roles and skills needed within a SOC in academic research and practice. Our results indicate that there is a consensus. The roles and necessary skills of the SOC analyst emerge from the investigation as a particularly critical success factor. In addition we were able to present and validate a minimum configuration for SOC roles. We also elaborate the importance of SOC interfaces into the organization to facilitate an efficient SOC operation.

Supported by the research project INSIST.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://go.ur.de/socroles.

  2. 2.

    The transcripts of the interviews can be provided upon request for data protection reasons.

References

  1. Agyepong, E., Cherdantseva, Y., Burnap, P., Reinecke, P.: Towards a framework for measuring the performance of a security operations center analyst (2020)

    Google Scholar 

  2. AlSabbagh, B., Kowalski, S.: A framework and prototype for a socio-technical security information and event management system (ST-SIEM). In: 2016 European Intelligence and Security Informatics Conference (EISIC), pp. 192–195. IEEE (2016)

    Google Scholar 

  3. Caminiti, S.: CNBC technology executive council: Cyber threats, ongoing war for talent, biggest concerns for tech leaders (2021). https://www.cnbc.com/2021/03/25/cyber-threats-war-for-talent-are-biggest-concerns-for-tech-leaders-.html

  4. Cassetto, O.: Security operations center roles and responsibilities (2019). https://www.exabeam.com/security-operations-center/security-operations-center-roles-and-responsibilities/. Accessed 16 Nov 2020

  5. DeCusatis, C., Cannistra, R., Labouseur, A., Johnson, M.: Design and implementation of a research and education cybersecurity operations center. In: Hassanien, A.E., Elhoseny, M. (eds.) Cybersecurity and Secure Information Systems. ASTSA, pp. 287–310. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-16837-7_13

    Chapter  Google Scholar 

  6. Ganesan, R., Shah, A., Jajodia, S., Cam, H.: Optimizing alert data management processes at a cyber security operations center. In: Jajodia, S., Cybenko, G., Liu, P., Wang, C., Wellman, M. (eds.) Adversarial and Uncertain Reasoning for Adaptive Cyber Defense. LNCS, vol. 11830, pp. 206–231. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-30719-6_9

    Chapter  Google Scholar 

  7. Hussy, W., Schreier, M., Echterhoff, G.: Forschungsmethoden in Psychologie und Sozialwissenschaften für Bachelor. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-34362-9

    Book  Google Scholar 

  8. Hámornik, B.P., Krasznay, C.: Prerequisites of virtual teamwork in security operations centers: knowledge, skills, abilities and other characteristics (2017)

    Google Scholar 

  9. Hámornik, B.P., Krasznay, C.: A team-level perspective of human factors in cyber security: security operations centers. In: Nicholson, D. (ed.) AHFE 2017. AISC, vol. 593, pp. 224–236. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-60585-2_21

    Chapter  Google Scholar 

  10. Kokulu, F.B., et al.: Matched and mismatched SOCs: a qualitative study on security operations center issues. In: Proceedings of the ACM Conference on Computer and Communications Security, pp. 1955–1970. Association for Computing Machinery (2019). https://doi.org/10.1145/3319535.3354239

  11. Muniz, J., McIntyre, G., AlFardan, N.: Security Operations Center Building, Operating, and Maintaining your SOC, vol. 1. Cisco Press, Indianapolis (2015)

    Google Scholar 

  12. Mutemwa, M., Mtsweni, J., Zimba, L.: Integrating a security operations centre with an organization’s existing procedures, policies and information technology systems. In: 2018 International Conference on Intelligent and Innovative Computing Applications, ICONIC 2018, pp. 1–6 (2019). https://doi.org/10.1109/ICONIC.2018.8601251

  13. Nugraha, I.P.E.D.: A review on the role of modern SOC in cybersecurity operations. Int. J. Current Sci. Res. Rev. 4(5), 408–414 (2021)

    Article  Google Scholar 

  14. Olt, C.: Establishing security operation centers for connected cars. ATZ Electron. Worldwide 14(5), 40–43 (2019)

    Article  Google Scholar 

  15. Raithel, J.: Quantitative Forschung: Ein Praxiskurs (2008)

    Google Scholar 

  16. Sayegh, E.: Forbes magazine: predicting what 2022 holds for cybersecurity (2021). https://www.forbes.com/sites/emilsayegh/2022/01/06/predicting-what-2022-holds-for-cybersecurity/?sh=7f58a5972b72

  17. Shahjee, D., Ware, N.: Integrated network and security operation center: a systematic analysis. IEEE Access 10, 27881–27898 (2022)

    Article  Google Scholar 

  18. Sundaramurthy, S.C.: An anthropological study of security operations centers to improve operational efficiency (2017). http://scholarcommons.usf.edu/etdscholarcommons.usf.edu/etd/6958

  19. Sundaramurthy, S.C., Case, J., Truong, T., Zomlot, L., Hoffmann, M.: A tale of three security operation centers. In: Proceedings of the 2014 ACM Workshop on Security Information Workers, pp. 43–50 (2014)

    Google Scholar 

  20. Vielberth, M., Bohm, F., Fichtinger, I., Pernul, G.: Security operations center: a systematic study and open challenges. IEEE Access 8, 227756–227779 (2020)

    Article  Google Scholar 

  21. Zimmerman, C.: Ten Strategies of a World-Class Cybersecurity Operations Center (2014). https://www.mitre.org/sites/default/files/publications/pr-13-1028-mitre-10-strategies-cyber-ops-center.pdf

Download references

Acknowledgement

This work is partly performed under the INSIST project, which is supported under contract by the Bavarian Ministry of Economic Affairs, Regional Development and Energy (DIK0338/01). In addition, we would like to thank Krones AG Department of Information Management, Krones India Pvt. Ltd. Global SOC and all the involved companies for their support.

Author information

Authors and Affiliations

  1. Lehrstuhl für Wirtschaftsinformatik I, Universität Regensburg, Universitätsstr. 31, 93053, Regensburg, Germany

    Andreas Reisser, Manfred Vielberth & Günther Pernul

  2. Krones AG, Böhmerwaldstraße 5, 93073, Neutraubling, Germany

    Andreas Reisser & Sofia Fohringer

Authors
  1. Andreas Reisser
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Manfred Vielberth
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sofia Fohringer
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Günther Pernul
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Andreas Reisser .

Editor information

Editors and Affiliations

  1. Department of Computer Science and Engineering, Indian Institute of Technology Kharagpur, Kharagpur, West Bengal, India

    Shamik Sural

  2. Department of Information Systems and Analytics, Santa Clara University, Santa Clara, CA, USA

    Haibing Lu

Rights and permissions

Reprints and permissions

Copyright information

© 2022 IFIP International Federation for Information Processing

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Reisser, A., Vielberth, M., Fohringer, S., Pernul, G. (2022). Security Operations Center Roles and Skills: A Comparison of Theory and Practice. In: Sural, S., Lu, H. (eds) Data and Applications Security and Privacy XXXVI. DBSec 2022. Lecture Notes in Computer Science, vol 13383. Springer, Cham. https://doi.org/10.1007/978-3-031-10684-2_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-10684-2_18

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-10683-5

  • Online ISBN: 978-3-031-10684-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation