USING THE ACTIVITY THEORY TO IDENTIFY THE CHALLENGES OF DESIGNING ELEARNING TOOLS BASED ON MACHINE LEARNING FOR SECURITY OPERATIONS CENTERS

Abstract

Using the Activity Theory to Identify the Challenges of Designing eLearning Tools based on Machine Learning for Security Operations Centers Mihail CAZACU Economic Informatics Doctoral School, University of Economic Studies, Romania, Romana Square 6, Bucharest, Romania mihail.cazacu@gmail.com Maria-Iuliana DASC?LU Department of Engineering in Foreign Languages, Faculty of Engineering in Foreign Languages, University Politehnica of Bucharest, Splaiul Independentei, No 313, Bucharest, Romania maria.dascalu@upb.ro Constanta-Nicoleta BODEA Department of Economic Informatics and Cybernetics, Faculty of Economic Cybernetics, Statistics and Informatics, University of Economic Studies, Romana Square 6, Bucharest, Romania bodea@ase.ro Abstract There is a fast-growing requirement for setting up Security Operation Centers (SOCs), with qualified personnel, mainly due to the increase of demands to protect ITC systems from security breaches, data disruption or unauthorized usage. The 2018 Report of Privacy Rights Clearinghouse mentions that over 8,000 data breaches were reported since 2005, with more than 10 billion records affected. And according to the 2017 study of IBM Security and Ponemon Institute, the average cost of a data breach exceed 3.6 million US dollars. SOCs have the mission to run in this "arms race" against cyber attackers (criminals, spies, terrorists, activists) and to be economically viable, as a profit or a cost center. Development of e-learning tools for continuous enhancing of the professional competences of the SOC's personnel is critical for the successful operation of SOCs. Recent studies have applied the framework of the Activity Theory in order to identify the conflicting priorities which need to be handled by different members of SOCs and have suggested ways to mitigate the risks. While automating mundane tasks is one solution, the issue of automating the automation process itself through Machine Learning, especially in the e-learning activities performed inside SOCs was not often addressed. The paper aims to present the challenges of applying the framework of the Activity Theory in designing e-learning tools based on machine learning methods for SOCs. Some well-established Open Source security tools and machine learning packages will be evaluated for their suitability for developing e-learning tools.