SOC Analyst Performance Metrics: Towards an optimal performance model

Abstract

Security Operation Center represents nowadays an indispensable component of the socio-technical system by supporting businesses to protect their security and ensure the confidentiality, integrity, and availability against cyberthreats and security attacks.The Security Operation Center provides various service levels and capabilities that need to be continuously assessed and tracked to ensure improvement of the main success factor of the SOC, which include technologies, processes, and SOC analysts. SOC analysts’ performance evaluation remains problematic due to the choice of the performance metrics and their inadequacy with the SOC socio-technical system. While we have some quantitative and qualitative measures to assess the performance of a SOC analyst, SOC capabilities, and SOC maturity levels, this evaluation is based on root cause analysis and independent evaluation of SOC elements, which is unrealistic, given the complex and evolving nature of SOC systems. However, the baselines of the performance metrics are the SOC challenges announced by the SOC analysts and their ability to face, reduce, and overcome them to provide and maintain a high detection rate of malicious and abnormal behaviors. We provide a comprehensive overview of the challenges faced by SOC analysts based on our previous study, and we provide a deep analysis of the challenges and the interconnexion of those challenges. Furthermore, we present the quantitative performance metrics and their weaknesses to assess the performance of the SOC analysts due to the SOC socio-technical system nature. Our study will enable SOC managers, analysts, and decision-makers to have clear visibility and details on the quantitative performance metrics and will provide a baseline for a new performance metrics model.

DISCLOSURE STATEMENT

No potential conflict of interest was reported by the author(s).

Additional information

Notes on contributors

Samir Achraf Chamkar

Samir Achraf Chamkar is now a Ph.D. student at Sultan Moulay Slimane University. He has worked in the cybersecurity industry for many years. Passionate about protecting information systems and facing cyber-attacks. He worked for many well-known Cybersecurity companies in Morocco, such as Dataprotect and Omnidata. His goals include the continuous improvement of the Security Operation Centers’ performances and capabilities.

Yassine Maleh

Yassine Maleh, is an associate professor of cybersecurity and IT governance at Sultan Moulay Slimane University, Morocco. He is the founding chair of IEEE Consultant Network Morocco and founding president of the African Research Center of Information Technology & Cybersecurity. He is a senior member of IEEE and a member of the International Association of Engineers IAENG and The Machine Intelligence Research Labs. Dr Maleh has made contributions in the fields of information security and privacy, Internet of things security, wireless and constrained networks security. His research interests include information security and privacy, Internet of things, net-works security, information system, and IT governance. He has published over 80 papers (book chapters, international journals, and conferences/work-shops), 14 edited books, and 3 authored books. He is the editor-in-chief of the International Journal of Information Security and Privacy, and the International Journal of Smart Security Technologies (IJSST). He serves as an associate editor for IEEE Access (2019 Impact Factor 4.098), the International Journal of Digital Crime and Forensics (IJDCF), and the International Journal of Information Security and Privacy (IJISP). He is a series editor of Advances in Cybersecurity Management, by CRC Taylor & Francis. He was also a guest editor of a special issue on Recent Advances on Cyber Security and Privacy for Cloud-of-Things of the International Journal of Digital Crime and Forensics (IJDCF), Volume 10, Issue 3, July–September 2019. He has served and continues to serve on executive and technical program committees and as a reviewer of numerous international conferences and journals such as Elsevier Ad Hoc Networks, IEEE Network Magazine, IEEE Sensor Journal, ICT Express, and Springer Cluster Computing. He was the Publicity chair of BCCA 2019 and the General Chair of the MLBDACP 19 symposium and ICI2C’21 Conference.

Noreddine Gherabi

Noreddine Gherabiis a professor of computer science with industrial andacademic experience. He holds a doctorate degree in computer science From Hassan 1st University, Morocco, In 2013. He worked as a professor of computer science at Mohamed BenAbdellah University and since 2015 has worked as a research professor at Sultan Moulay Slimane University, Morocco.