Andrew Morin (University of Tulsa)

As the cost and frequency of cybersecurity incidents continue to rise, so too has the pressure on security operation centers (SOC) to perform efficiently. This has forced cybersecurity leadership, such as chief information security officers (CISOs), into an arduous balancing act of maintaining a costeffective cybersecurity posture while simultaneously retaining an efficient cybersecurity workforce. To meet both of these goals, SOC leadership will often track key performance indicators (KPIs) related to the daily tasks performed by SOC analysts. While these quantitative metrics allow SOC leadership to monitor certain analyst performance patterns, the evaluation of analysts based on these imperfect measurements may lead to undesirable operant conditioning. As such, it is not immediately obvious how, or even if, these KPIs improve upon the larger goals envisioned by organizational leadership. In this paper, we perform a mixedmethods case study of an academic SOC to determine how well KPIs translate the organizational goals from cybersecurity leadership to SOC analysts. Specifically, we use qualitative surveys and interviews, as well as quantitative KPI measurements from analysts to determine the congruency of CISO and SOC analyst goals. We find that analysts who perform well across KPIs are not necessarily the best at furthering SOC goals, and vice versa. We find that within this specific SOC, analysts appear to be incentivized to deviate from organizational cybersecurity goals in pursuit of better KPI scores.

View More Papers

Evaluating the Strength and Availability of Multilingual Passphrase Authentication

Chi-en Amy Tai (University of Waterloo), Urs Hengartner (University of Waterloo), Alexander Wong (University of Waterloo)

Read More

SecuWear: Secure Data Sharing Between Wearable Devices

Sujin Han (KAIST) Diana A. Vasile (Nokia Bell Labs), Fahim Kawsar (Nokia Bell Labs, University of Glasgow), Chulhong Min (Nokia Bell Labs)

Read More

Work-in-Progress: Uncovering Dark Patterns: A Longitudinal Study of Cookie...

Zihan Qu (Johns Hopkins University), Xinyi Qu (University College London), Xin Shen, Zhen Liang, and Jianjia Yu (Johns Hopkins University)

Read More