Mwangi, J., Wall, Julie ORCID: https://orcid.org/0000-0001-6714-4867, Ismail, U. and Al-Nemrat, A. (2025) Building a Human-Centric SOC: A New Framework for Success. In: 16th International Conference on Global Security, Safety & Sustainability, ICGS3-24, 15-27 Nov 2024, Newcastle, UK. (In Press)

PDF Paper 36- ICGS3_24_with_affiliation.pdf - Accepted Version Restricted to Registered users only until 18 March 2025. Download (488kB)

Abstract

The Security Operation Centre is a hub where the Information Security Team monitors, detects, analyses, and prioritizes events from critical digital assets on an ongoing basis. The objective is to ensure that any malicious activities, indicators of attack are stopped and contained before having a major impact to an organization. Early detection is very important when trying to combat cyber threats. The Security Operation Centre is equipped with intelligent tools and skilled analysts that help detect such events. With a focus to constantly improve Security Operation Centre effectiveness, a thorough understanding of human factors and human errors that may lead to potential security breaches need to be investigated. Incorporating artificial intelligence and machine learning technologies has gone a long way to compensate for human error in the Security Operation Centre, through automation of routine tasks and incorporation within Security, Orchestration, Automation and Response. This has led to better rapid threat anomaly detection, incident response and a reduction of Security Analysts’ cognitive load. That said, the existing literature suggests a lack of a systematic approach, for example in assessing Security Analysts’ performance. There is a gap in the research regarding human factors and the limitations of human error within the Security Operation Centre, particularly given that it operates as a socio-technical environment where social interactions and technological systems are closely integrated. Effective collaboration, communication, and teamwork are essential in such a setting, and this research looks to further bridge that gap.
Through a case study, current practices within the Security Operation Centre will be explored from the personnel perspective. In addition, investigating transferable skills from other domains such as medical, aviation, and other sectors that manage complex environments under high stress are reviewed to determine if they offer valuable in- formation. This paper utilizes Secure Tropos to produce the Security Operation Centre meta model. This novel approach forms the basis of a new proposed framework that looks to identify relationships and security requirements within the Security Operation Centre entity. Human centric design that accounts for human factors and human errors within the Security Operation Centre is crucial for maintaining a robust cybersecurity posture. By better understanding current practices within the Security Operation Centre, this research intends to contribute to- wards a more human centric approach.

Item Type:	Conference or Workshop Item (Paper)
ISSN:	1613-5113
ISBN:	9783031820304
Additional Information:	Springer - Accepted manuscript terms of use https://www.springernature.com/gp/open-science/policies/accepted-manuscript-terms
Subjects:	Computing > Intelligent systems
Related URLs:	Publisher
Depositing User:	Julie Wall
Date Deposited:	20 Jan 2025 12:40
Last Modified:	20 Jan 2025 12:45
URI:	https://repository.uwl.ac.uk/id/eprint/13107

Actions (login required)

View Item