Andrew Morin (University of Tulsa)

As the cost and frequency of cybersecurity incidents continue to rise, so too has the pressure on security operation centers (SOC) to perform efficiently. This has forced cybersecurity leadership, such as chief information security officers (CISOs), into an arduous balancing act of maintaining a costeffective cybersecurity posture while simultaneously retaining an efficient cybersecurity workforce. To meet both of these goals, SOC leadership will often track key performance indicators (KPIs) related to the daily tasks performed by SOC analysts. While these quantitative metrics allow SOC leadership to monitor certain analyst performance patterns, the evaluation of analysts based on these imperfect measurements may lead to undesirable operant conditioning. As such, it is not immediately obvious how, or even if, these KPIs improve upon the larger goals envisioned by organizational leadership. In this paper, we perform a mixedmethods case study of an academic SOC to determine how well KPIs translate the organizational goals from cybersecurity leadership to SOC analysts. Specifically, we use qualitative surveys and interviews, as well as quantitative KPI measurements from analysts to determine the congruency of CISO and SOC analyst goals. We find that analysts who perform well across KPIs are not necessarily the best at furthering SOC goals, and vice versa. We find that within this specific SOC, analysts appear to be incentivized to deviate from organizational cybersecurity goals in pursuit of better KPI scores.

View More Papers

Poster: FORESIGHT, A Unified Framework for Threat Modeling and...

ChaeYoung Kim (Seoul Women's University), Kyounggon Kim (Naif Arab University for Security Sciences)

Read More

CounterSEVeillance: Performance-Counter Attacks on AMD SEV-SNP

Stefan Gast (Graz University of Technology), Hannes Weissteiner (Graz University of Technology), Robin Leander Schröder (Fraunhofer SIT, Darmstadt, Germany and Fraunhofer Austria, Vienna, Austria), Daniel Gruss (Graz University of Technology)

Read More

Understanding Miniapp Malware: Identification, Dissection, and Characterization

Yuqing Yang (The Ohio State University), Yue Zhang (Drexel University), Zhiqiang Lin (The Ohio State University)

Read More

Panel on “Security and Privacy Issues in New 5G...

Moderator: Arupjyoti (Arup) Bhuyan, Ph.D. Director, Wireless Security Institute, Idaho National Laboratory Panelists: Ted K. Woodward, Ph.D. Technical Director for FutureG, OUSD (R&E) Phillip Porras, Program Director, Internet Security Research, SRI Donald McBride, Senior Security Researcher, Bell Laboratories, Nokia

Read More