Abstract
Alert data management is one of the top functions performed by a Cyber Security Operation Centers (CSOC). This chapter is focused on the development of an integrated framework of several tasks for alert data management. The tasks and their execution are sequenced as follows: (1) determining the regular analyst staffing of different expertise level for a given alert arrival/service rate, and scheduling of analysts to minimize risk, (2) sensor clustering and dynamic reallocation of analysts-to-sensors, and (3) measuring, monitoring, and controlling the level of operational effectiveness (LOE) with the capability to bring additional analysts as needed. The chapter presents several metrics for measuring the performance of the CSOC, which in turn drives the development of various optimization strategies that optimize the execution of the above tasks for alert analysis. It is shown that the tasks are highly inter-dependent, and must be integrated and sequenced in a framework for alert data management. For each task, results from simulation studies validate the optimization model and show the effectiveness of the modeling and algorithmic strategy for efficient alert data management, which in turn contributes to optimal overall management of the CSOCs.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
