Home / Research Paper / How Burnout Impact the Number of Missed Alerts in a Security Operations Center, Research Paper Example

How Burnout Impact the Number of Missed Alerts in a Security Operations Center, Research Paper Example

Pages: 11

Words: 2920

Research Paper

Abstract

Security analysts need good rest and cozy environments to work. Job overloads are risky and lead to poor performance. Burnout negatively affects the performance in SOC, causing many missed alerts due to fatigue. The burnout condition transcends and interferes with the performance of various cyber analysts attached to different institutions. Therefore, organizations must take precautionary measures to avoid unnecessary security issues emanating from burnout conditions. The security operation center (SOC) is concerned with organizational defense by responding to security threats. It leads to the evolution of the following security maturity level within organizations by identifying threats and vulnerabilities, including the detection and response to security incidents. Moreover, it provides an environment supporting the defense of the company’s enterprise system and efficient response to active threats and potential incidents. Organizations need to teach stringent measures that help reduce the security threats for the adequate performance of the industries. Lastly, the SOC can provide a comprehensive turnkey threat detection and response service for the organizations’ customers despite the available infrastructure.

Keywords: Operation, Organizations, Security, Threats, Alert, Management, Enterprise

Introduction

Cybersecurity analysis is incredibly a challenging task and needs good health and availability. SOC is under 24 hours a day, seven days a week, 365 days a year operation. However, constant stressors related to the work can lead to overloading of the security analysis and burnout, affecting the analysts’ performances. The burnout condition transcends and interferes with the performance of various security analysts in different organizations or industries. Therefore, there is a need to educate employees about the health risks of burnouts globally in the security operation centers. The security operation center (SOC) is a branch of information technology (IT) focusing on organizational defense by responding to security threats. It leads to the evolution of the next security maturity levels such as basic, standards, essential, vigilant and resilient within organizations by identifying possible security threats and vulnerabilities, including the detection and response to security incidents. The security alerts help SOC in the detection and limitation of the security threats. However, burnout is emerging as the greatest threat to corporate security through alert overload, long hours, and lack of visibility into the Information Technology structure. The problem contributes to extensive Cybersecurity skills shortages that create imminent threats to the organization’s cyber security internationally. Therefore, burnout has a significant influence on the number of missed alerts in the security operation center.

Literature Review

Background

The experiment focuses on the two shifts involving flexible working with 2-12 hours and the 3-8 hours of cyber analysis. However, the sift patterns are highly controversial concerning the burnout problems such as less performance, stress, fatigue, and workers’ safety. The workers’ performance depends on the shift length as shorter shifts amass an excellent performance index among the security analysts.

Research question

How does burnout affect the number of missed alerts in the security operation center?

Aim

This study aims to identify how burnout affects the number of missed alerts in a Security Operation Center (SOC). It reflects the shift length on the quality of work while attending the alerts in a SOC.

Approach

In this case, the three data sources, such as the independent variable, correlate to the working shift patterns of the security analyst who monitor the alerts from various systems and how the burnout impact their performance. For example, the dependent variable (missed alerts), independent variable (presence and amount of burnout), and the outcome reflecting the performance level. The experiment is based on two shifts with overworking through 2-12 hours versus a shift of 3-8hours. The work duration directly affects the security analyst performance.

Graphical Presentation of The Burnout Verses Performance or Outcome

Shift	Burnout	Outcome/Perfomance
2-12 hours	35	20
3-8 hours	15	55

How burnouts impact missed alerts in SOC

A strategic approach to address the problems emerging from burnout existence is necessary. Burnouts influence the number of missed security alerts by understaffing the employees (Acohido and Sager 2015, p.65). For example, during more security attacks and incident response, the security team is understaffed through burnout, leading to effective SOC responses. Understaffing causes the inability of the managers to attend to high volumes of security alerts. In addition, switching off the alerts because of burnout or walking away from the computer affects the SOC conditions of the alert incidents. The false positives also increase missed alerts by creating unnecessary noise for events not concerned about security threats such as failed logging attempts (Blanken et al., 2018, p.225). The false alarms received by the security team are about 40 %, which encourages the poor habit of ignoring security alerts that might be a threat to SOC.

Fatigue’s Influence on SOC Performance

Alerts fatigue also leads to the influence of SOC as they produce less analytic security value by focusing on the investigation of menial, repetitive alerts that are giving wrong signals (Yadav and Mishra 2017, p.120). Furthermore, the security alert fatigue makes the cyber security personnel revive many alerts from security tools. Some are innocuous and irrelevant, making them ignore the alerts that matter. On the other hand, burnout contributes to stressful work making the security personnel within the SOC report poor work-life and styles leading to disaster if combined with the triaging hundreds of alerts without eminent end. For instance, a burned-out and stressed security analyst with different tasks becomes an automatic flight risk and a threat to the SOC operations (Hamburg and Grosch 2017, p.123). The costly nature of the organization spending on the alert detection in the employees’ burnout condition is also a factor influencing the SOC functions since it takes resources away from most high-value tasks when the security analysts spend more time investigating and triaging alerts. According to the recent statistics by Enterprise Management Associates (EMA), an average analyst spends about 25-30 minutes investigating a single incident. Therefore, organizations need to employ the right personnel, deploy the right resources, and control preventing and mitigating the attacks and SOC stress. Security issues have gained a lot of publicity in the recent decade. The world has experienced data breaches in the recent past, prompting a review of law principles and ethical responsibility to users and data companies. An example of a Cybersecurity issue that needs this attention is the massive data breach reported on Facebook. There are rampant leakages of the various users’ personal information was leaked to parties who mined data to develop custom advertisements without the user’s content (Burstein 2008, p.75). The procedure used to mine data exposed users to third-party providers and data analytics companies. In that sense, the law does not allow for such activities, and ethically it is not acceptable to expose user information to third parties. Companies need to educate their employees and set codes of conduct for guidance (Mohamed et al., 2019, p.4). Therefore, companies should be responsible for Cybersecurity violations that violate their users’ privacy.

Excess Burnouts Influence on Missed Alert

Although excess burnout influences the number of missed alerts in a security operations Center, the organization can mitigate its security, alert problems related to burnouts in several ways. Organizations need to apply technical and social solutions to achieve data privacy. However, technical solutions compromise loss and access to information, while social solutions develop acceptability and awareness regarding people’s data transparently and confidentially (LEE et al., 2016, p.134). Secondly, organizational data privacy requires conforming to data protection laws and guidelines. Therefore, the slowness of legal processes, organizations need to use technological means and use soft law. Soft law involves creating self-binding regulations in a company, including all employees (McRee 2021, p.78). For example, the IT professional can prevent burnout by implementing policies that limit burnout situations on the workers, such as the increased paid time off, including the flexible work-from-home policies. The workplace’s wellness schedules or programs promote healthy eating, meditation, and automation. Besides, the employees can implement technologies facilitating the automation to limit workloads by effective tracking. Automating the alerts helps in sorting and correlating threats with significant data, leading to less time managing and analyzing the signals (Morrison, 2021, p.56). The application of the workflow and playbooks makes it easier to analyze the alerts and give suggestions to the next, reducing complications and time-consuming. Lastly, prioritizing the alerts is another milestone in the SOC management and alert detection and analysis that the organization must consider to limit the security threats related to alerts.

How Changes That Increase Organizational Attacks

There are double significant changes, which exist in the business environment and increase organizational cyberattacks. Firstly, the companies rely on the recent information technologies adopted by cyber, and their users and workers are diversely mobile and efficient (Kruse 2021, p.47). Therefore, the idea of leveraging the traditional defence-in-depth structures is more security privy and secure the information within the networks but is not enough for sufficient security needs. Secondly, the rivals are increasing and increasingly more complex in their initiation of cyber-attacks. Despite more motivation, the potential remains similar, and the advanced persistence threats (APTs) are more productive than in previous days. The increased human resources, technology, and tradecraft are required to support the superb security functions that limit and prevent common cyber-attacks. Therefore, these products are more successful and remain a significant part of the Security Operations Center (SOC) mission that defend and protect the organizations (Nadeem et al., 2021.p.17). There are many advantages of having SOC, including its necessity and benefits. (Nagahawatta et al., 2019, p. 6). Amazon requires a suitable SOC system to help deal with the organizational risk of access gain, which can compromise its network frameworks. For example, the organization has valuable customer data and information and essential products that hackers are interested in laying their hands on or stealing. Amazon’s targets are vulnerable to being hacked at any time. Cyber security threat artists (hackers) can illegally access the Amazon server by bypassing their system security threats alerts and exploiting data (González-López et al., 2021, p.1000). Hackers can quickly access valuable information and assets within the organization because of insufficient or inadequate security policies, processes, procedures, training, and cyber awareness. In case of an attack, SOC helps handle incidents immediately and will assist Amazon by removing vulnerabilities.

Benefits of SOC operations

The Security operations centers provide significant benefits to the companies. It includes improved visibility and situational awareness, reducing long-term security costs and less operational security (Christen 2020, p.384). Nevertheless, despite the numerous benefits, SOC adoption is not general. Besides, there are some clear challenges in developing the operating a SOC. For instance, the initial paid capital cost is prohibitive or rather not ideal for cash-strapped companies. It also involves the long-term financial investment payment with less incidence of security downfalls in line. Furthermore, the internal and external programs and rules introduce the sophistication of the SOC development process (Bidou 2005, p.1). Therefore, the challenges do not terminate the moment SOC is functional because it gathers and consolidates the security functions. The SOC personnel deploy various technology strategies with almost twenty operational security and management technologies that provide diverse and a more consolidated feature set. However, there is surmounting of those common challenges SOC with the proper practices (Pawlicka et al., 2021, p.10). For beginners, companies need not promote a security strategy from their SOCs, the standard operational subsets. Nevertheless, a SOC’s mission needs compatibility with the corporate universal physical security strategies. For instance, that strategy exhibits the firm’s baseline risks tolerance level. In addition, the progressive SOCs continue to stick to their company’s organizational structure alterations in compliance with the security concerns.

The context-awareness security alerts threat intelligence is essential here. In addition, according to the assessment, a SOC that is not working as a front-end platform is more suitable and functional than the existing one that is not. These types of assessment would assist the staff in discovering the physical security problems and gaps that require prominent focus (and cover), such as perfect knowledge of the structure and how workers act within their physical environment (Timmers, 2019, p.695). The assessment also elucidates the influence of potential security threat events plus their potential challenges and interferences on security personnel, all of which helps in determining physical security requirements compatible with the company’s existing security measures. These needs fall within the firm’s more prominent incidents and response structure, in which the SOC plays significant duties (Wilk 2016, p.45). Therefore, the implementation of the SOC involves the physical security incident response by providing the companies with a common element to steadily and consistently triage the threats detected within the SOC (Yang et al., 2021.p145). Initiating rigorous processes governs the best SOCs as their employees engage in continuous training that goes at par with establishing new threats within the companies.

Overview Finding

According to the analysis of the table, I found that cyber analysts who preferred working longer daily hours with lesser shifts had poor outcomes and performances. Even though working for longer hours provide them with higher flexibility and more days away from work, it facilitates burnout and poor outcomes. Conversely, some preferred working in shorter shift patterns and had high performances with quality and regular duty schedules. An analyst who worked 12 hours longer was significantly more likely to report poor performances and work quality due to excessive burnout than those working eight hours shifts. There were also high reports of missed alerts for the 2-12 hours shift pattern workers than the 3-8 shift pattern employees due to less fatigue leading to high performance.

Summary

This literature review aimed to explore the evidence concerning different shift patterns and burnout levels on a SOC system’s security analysis. The research worked while exploring the association between the 2-12 hours and 3-8 hours shifts and the reports of the outcome on their work performances according to their workloads that depend on the shift patterns. The longer the shifts, the lesser was, the higher the increased number of missed alerts leading to performance outcomes due to excess burnout. In contrast, the shorter the transition was the outstanding performance because of lesser burnout conditions and fatigue on the analysts. There is a subdivision of the study’s findings into positive outcomes and conflicting evidence, including those with the risk of errors. The study does not involve any economic analysis but is limited concerning methodology and experimental design.

Conclusion

In summary, burnout is dangerous to information society protection as some of the employees within the company fail to meet the requirement in understanding the alerts signaling security threats. Proper analysis of security alerts is essential in protecting businesses from Cybersecurity risks. Although most ethical issues are complex, an organization must initiate a code of ethics that all employees follow. Information security professionals need proper guidance to develop privacy protection policies and define the technology-driven environment’s functions. Developing data strategies is vital to eliminate and deal with risks that occur frequently. Several ethical issues revolve around four property elements: property, privacy, accuracy, and accessibility. However, loss of information is possible by negligence and ignorance of employees. Therefore, providing a code of behavior ensures all people comply with all security rules and value accountability in information security from an ethical perspective. Eventually, with the advancement in technology, cybercrimes have increased, and thus nations require developing consistent regulations and ethical standards to protect data in organizations. Despite installing prominent security thereat detection gargets, some organizations still undergo innumerable alerts threats through incessant signal and employee burnouts.

Bibliography

Acohido, B. and Sager, T., 2015. Improving Detection, Prevention and Response with Security Maturity Modeling. Sans Inst.

Bidou, R., 2005. Security operation center concepts & implementation. Available at http://www. Iv2-technologies. Com.

Blanken-Webb, J., Palmer, I., Deshaies, S.E., Burbules, N.C., Campbell, R.H. and Bashir, M., 2018. A case study-based Cybersecurity ethics curriculum. In 2018 {USENIX} Workshop on Advances in Security Education ({ASE} 18).

Burstein, A.J., 2008. Conducting Cybersecurity Research Legally and Ethically. LEET, 8, pp.1-8.

Christen, M., Gordijn, B. and Loi, M., 2020. The ethics of Cybersecurity (p. 384). Springer Nature.

González-López, Ó., Buenadicha-Mateos, M. and Sánchez-Hernández, M.I., 2021. Overwhelmed by Techno stress? Sensitive Archetypes and Effects in Times of Forced Digitalization. International Journal of Environmental Research and Public Health, 18(8), p.4216.

Hamburg, I. and Grosch, K.R., 2017. Ethical aspects in cyber security. Archives of Business Research, 5(10).

Kruse, H., 2021. A Wide Range of Systems and Devices are needed to manage a Network. In the Network Manager’s Handbook (pp. 47-61). Auer Bach Publications.

LEE, Wanbil W., Wolfgang ZANKL, and Henry CHANG. “An ethical approach to data privacy protection.” Isaca Journal (2016).

McRee, R., 2021. Improved Security Detection & Response Via Optimized Alert Output: a Usability Study (Doctoral dissertation, Capitol Technology University).

Mohamed Mizan, N.S., Ma’arif, D., Yusnorizam, M., Mohd Satar, N.S. and Shahar, S.M., 2019. Cnds-cybersecurity: Issues and challenges in ASEAN countries. International Journal of Advanced Trends in Computer Science and Engineering, 8(1.4).

Morrison, S.F., 2021. Navigating the Fog of More: A Practical Guide to Achieving Cybersecurity Gains in the Maritime Industry (Doctoral dissertation, San Diego State University).

Nadeem, A., Verwer, S., Moskal, S. and Yang, S.J., 2021. Alert-driven Attack Graph Generation using S-PDFA. IEEE Transactions on Dependable and Secure Computing.

Nagahawatta, Ruwan Thushara Sampath, Matthew Warren, and William Yeoh. “Ethical Issues Relating to Cyber Security in Australian SMEs.” In AICE 2019: Proceedings of the 8th Australian Institute Of Computer Ethics Conference, pp. 1-6. Deakin University, 2019.

Pawlicka, A., Chora?, M., Kozik, R. and Pawlicki, M., 2021. First broad and systematic horizon scanning campaign and study to detect societal and ethical dilemmas and emerging issues spanning over cybersecurity solutions. Personal and Ubiquitous Computing, pp.1-10.

Timmers, P., 2019. Ethics of AI and Cybersecurity when sovereignty is at stake. Minds and Machines, 29(4), pp.635-645.

Wilk, A., 2016, June. Cyber security education and law. In 2016 IEEE International Conference on Software Science, Technology and Engineering (SWSTE) (pp. 94-103). IEEE.

Yadav, M. and Mishra, D.S., (2017) Study of challenges faced by Enterprises using Security Information and Event Management (SIEM).

Yang, S.J., Okutan, A., Werner, G., Su, S.H., Goel, A. and Cahill, N.D., 2021. Near Real-time Learning and Extraction of Attack Models from Intrusion Alerts. arXiv preprint arXiv:2103.13902.