|
Network and Security Operations Centers (SOCs) are central components of modern enterprise networks. SOCs manage network operations, defend against cyber threats, and maintain regulatory compliance. Typically, management and SOC operators use monitoring software and metrics, such as open and closed tickets, to manage SOC efficiency. These metrics may fail to represent the real effectiveness of the SOC and the security posture of the network. This project will study how improved metrics could better incentivize productive routines, reveal potentially fundamental security vulnerabilities in the network, and trigger stabilizing right-sizing processes in the controlling organization. The project will afford an opportunity for students to participate in research on security operations and thereby encourage careers in security research or professions.
This project will develop a new metrics framework that measures and validates SOC performance against enterprise network security. The specific goal is to create a framework that SOCs and parent organization personnel could use to create tailored metrics for their unique security environment. The research includes a technical study of network monitoring, as well as a qualitative approach to the study of organizational environments that analyzes people and technological artifacts as interacting components in complex systems and describes stability and change in the functioning or mis-functioning of these systems. By treating networks, security components, and operations staff as part of an interdependent system, the metrics will be able to account for factors such as outstanding security vulnerabilities, strategic and long-term planning, and constituency interests, and will provide on-the-ground SOC analysts with ways to input local knowledge into higher-up decisions.
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
|
EAGER: SaTC: Early-Stage Interdisciplinary Collaboration: Collaborative: A Sociotechnical Metrics Framework for Network and Security Operations Centers