Login | Register

Monitoring and Improving Managed Security Services inside a Security Operation Center

Title:

Monitoring and Improving Managed Security Services inside a Security Operation Center

Khalili, Mina (2015) Monitoring and Improving Managed Security Services inside a Security Operation Center. Masters thesis, Concordia University.

[img]
Preview
Text (application/pdf)
Khalili_MASc_S2016.pdf - Accepted Version
1MB

Abstract

Nowadays, small to medium sized companies, which usually cannot afford hiring dedicated security experts, are interested in benefiting from Managed Security Services (MSS) provided by third party Security Operation Centers (SOC) to tackle network-wide threats. Accordingly, the performance of the SOC is becoming more and more important to the service providers in order to optimize their resources and compete in the global market. Security specialists in a SOC, called analysts, have an important role to analyze suspicious machine-generated alerts to see whether they are real attacks. How to monitor and improve the performance of analysts inside a SOC is a critical issue that most service providers need to address. In this paper, by observing workflows of a real-world SOC, a tool consisting of three different modules is designed for monitoring analysts' activities, analysis performance measurement, and performing simulation scenarios. The tool empowers managers to evaluate the SOC's performance which helps them to conform to Service-Level Agreement (SLA) regarding required response time to security incidents, and see the need for improvement. Moreover, the designed tool is strengthened by a background service module to provide feedback about anomalies or informative issues for security analysts in the SOC. Three case studies have been conducted based on real data collected from the operational SOC, and simulation results have demonstrated the effectiveness of the different modules of the designed tool in improving the SOC performance.

Divisions:Concordia University > Gina Cody School of Engineering and Computer Science > Concordia Institute for Information Systems Engineering
Item Type:Thesis (Masters)
Authors:Khalili, Mina
Institution:Concordia University
Degree Name:M.A. Sc.
Program:Information Systems Security
Date:21 December 2015
Thesis Supervisor(s):Wang, Lingyu
Keywords:Security Operation Center,Managed Security Services, Performance Improvement
ID Code:980759
Deposited By: MINA KHALILI
Deposited On:15 Jun 2016 16:32
Last Modified:18 Jan 2018 17:51
All items in Spectrum are protected by copyright, with all rights reserved. The use of items is governed by Spectrum's terms of access.

Repository Staff Only: item control page

Downloads per month over past year

Back to top Back to top