Challenges and performance metrics for security operations center analysts: a systematic review

摘要

The increasing use of Security Operations Centers (SOCs) by organisations as a part of their cyber security strategy has led to several studies aiming to understand and improve SOC operations. However, to the best of our knowledge, there is no systematic literature review on the challenges faced by SOC analysts or on metrics for measuring analysts performance. To this end, we conducted a Systematic Literature Review (SLR) in accordance with the guidelines for undertaking SLR and analyzed papers published on SOCs between 2008 and 2018. We provide a comprehensive overview of the challenges faced by SOC analysts and of the metrics suggested in the literature for measuring analysts performance. In addition, we present a mapping between the challenges and existing performance metrics showing how the effectiveness of an analyst in addressing a particular challenge could be measured. We also discuss the drawbacks of the existing metrics and suggest directions for improvement. Our findings will enable SOC analysts and managers, as well as the academic community to gain a better understanding of the challenges impeding the performance of SOC analysts, and how analysts performance could be measured and improved.