Abstract
A typical Cybersecurity Operations Center (CSOC) is a service organization. It hires and trains analysts, whose task is to perform analysis of alerts that were generated while monitoring the client’s networks. Due to ever-increasing financial and infrastructure burden on a CSOC driven by the rapidly growing demand for security services, it would become prohibitively expensive to continually expand the size of a CSOC to meet the demands in the future. An alternative solution is to outsource the alert analysis process to on-demand analysts, to provide scalable CSOC service to its clients with features, such as (1) higher throughput, (2) higher quality, and (3) more economical service than the current in-house service. The current outsourcing model is not cost effective and an exact optimization model is computationally inefficient. This article presents a novel two-step sequential mixed integer programming optimization method that is used in the development of a new decision-support business model for outsourcing the alert analysis process. It is demonstrated that through this model, a CSOC can effectively deliver its alert management services with the above-mentioned features. Results indicate that the model is scalable, computationally viable, real-time implementable, and can deliver CSOC services that meet the service-level agreement (SLA) between the CSOC and its client. In addition, the article provides valuable insights into the cost of operating the new business process outsourcing model for cybersecurity services.
- Fahad F. Alruwaili and T. A. Gulliver. 2014. SOCaaS: Security operations center as a service for cloud computing environments. Int. J. Cloud Comput. Serv. Sci. 3, 2 (2014), 87--96.Google Scholar
- Douglas S. Altner, Anthony C. Rojas, and Leslie D. Servi. 2018. A two-stage stochastic program for multi-shift, multi-analyst, workforce optimization with multiple on-call options. J. Schedul. 21, 5 (2018), 517--531. DOI:https://doi.org/10.1007/s10951-017-0554-9Google Scholar
Digital Library
- Daniel Barbará and Sushil Jajodia (Eds.). 2002. Application of Data Mining in Computer Security. Advances in Information Security, Vol. 6. Springer.Google Scholar
Digital Library
- Massoud Bazargan. 2016. Airline maintenance strategies—in-house vs. outsourced—an optimization approach. J. Qual. Maint. Eng. 22, 2 (2016), 114--129.Google Scholar
Cross Ref
- Richard Bejtlich. 2005. The Tao of Network Security Monitoring: Beyond Intrusion Detection. Pearson Education Inc.Google Scholar
- Sivadon Chaisiri, Ryan K. L. Ko, and Dusit Niyato. 2015. A joint optimization approach to security-as-a-service allocation and cyber insurance management. In Proceedings of the IEEE Trustcom/BigDataSE/ISPA, Vol. 1. 426--433. DOI:https://doi.org/10.1109/Trustcom.2015.403Google Scholar
Digital Library
- Der-San Chen, Robert Batson, and Yu Dang. 2010. Applied Integer Programming. Wiley, New York, NY.Google Scholar
- CIO. 2008. DON Cyber Crime Handbook. Dept. of Navy, Washington, DC.Google Scholar
- Tim Crothers. 2002. Implementing Intrusion Detection Systems. Wiley Publishing Inc.Google Scholar
- Anita D’Amico and Kirsten Whitley. 2008. In Proceedings of the Workshop on Visualization for Computer Security (VizSEC’07). Springer, Berlin.Google Scholar
- Rajesh Ganesan, Sushil Jajodia, and Hasan Cam. 2017. Optimal scheduling of cybersecurity analyst for minimizing risk. ACM Trans. Intell. Syst. Technol. 8, 4 (Feb. 2017).Google Scholar
Digital Library
- Rajesh Ganesan, Sushil Jajodia, Ankit Shah, and Hasan Cam. 2016. Dynamic scheduling of cybersecurity analysts for minimizing risk using reinforcement learning. ACM Trans. Intell. Syst. Technol. 8, 1, (July 2016). DOI:https://doi.org/10.1145/2882969Google Scholar
Digital Library
- Wenbin Hu, Cunlian Fan, Jiajia Luo, Chao Peng, and Bo Du. 2015. An on-demand data broadcasting scheduling algorithm based on dynamic index strategy. Wireless Commun. Mobile Comput. 15, 5 (2015), 947--965.Google Scholar
Digital Library
- Yaşar Levent Koçağa, Mor Armony, and Amy R. Ward. 2015. Staffing call centers with uncertain arrival rates and co-sourcing. Product. Oper. Manage. 24, 7 (2015), 1101--1117.Google Scholar
Cross Ref
- Yihua Li, Xiubin Wang, and Teresa M. Adams. 2009. Ride service outsourcing for profit maximization. Transport. Res. Part E: Logist. Transport. Rev. 45, 1 (2009), 138--148. DOI:https://doi.org/10.1016/j.tre.2008.02.006Google Scholar
Cross Ref
- Che-Wei Liu, Peng Huang, and Henry Lucas. 2017. IT centralization, security outsourcing, and cybersecurity breaches: Evidence from the U.S. higher education. Retrieved from https://aisel.aisnet.org/icis2017/Security/Presentations/1.Google Scholar
- Prabina Pattanayaka and Preetam Kumar. 2019. An efficient scheduling scheme for MIMO-OFDM broadcast networks. AEU Int. J. Electron. Commun. 101 (2019), 15--26.Google Scholar
Cross Ref
- Michael Pinedo. 2009. Planning and Scheduling in Manufacturing and Services. Springer, New York, NY.Google Scholar
- Zhenyu Qiu, Wenbin Hu, and Bo Du. 2018. RPPM: A request pre-processing method for real-time on-demand data broadcast scheduling. IEEE Trans. Mobile Comput. 17, 11 (2018), 2619--2631.Google Scholar
Digital Library
- Amin Rasoulifard, Abbas Ghaemi Bafghi, and Mohsen Kahani. 2008. Incremental hybrid intrusion detection using ensemble of weak classifiers. In Advances in Computer Science and Engineering. Springer, 577--584.Google Scholar
- Sancho Salcedo-Sanz, Carlos Bousoño-Calzón, and Aníbal R. Figueiras-Vidal. 2003. A mixed neural-genetic algorithm for the broadcast scheduling problem. IEEE Trans. Wireless Commun. 2, 2 (2003), 277--283.Google Scholar
Digital Library
- Karen Scarfone and Peter Mell. 2007. Guide to Intrusion Detection and Prevention Systems (IDPS). Special Publication 800-94. NIST.Google Scholar
- Ankit Shah, Rajesh Ganesan, Sushil Jajodia, and Hasan Cam. 2018. Dynamic optimization of the level of operational effectiveness of a CSOC under adverse conditions. ACM Trans. Intell. Syst. Technol. 9, 5, Article 51 (Apr. 2018), 20 pages. DOI:https://doi.org/10.1145/3173457Google Scholar
Digital Library
- Robin Sommer and Vern Paxson. 2010. Outside the closed world: On using machine learning for network intrusion detection. In Proceedings of IEEE Symposium on Security and Privacy. 305--316.Google Scholar
Digital Library
- Chi-Jiun Su, Leandros Tassiulas, and Vassilis J. Tsotras. 1999. Broadcast scheduling for information distribution. Wireless Netw. 5, 2 (1999), 137--147.Google Scholar
Digital Library
- Sathya Chandran Sundaramurthy, Alexandru G. Bardas, Jacob Case, Xinming Ou, Michael Wesch, John McHugh, and S. Raj Rajagopalan. 2015. A human capital model for mitigating security analyst burnout. In Proceedings of the 11th Symposium on Usable Privacy and Security (SOUPS’15). USENIX Association, 347--359.Google Scholar
- Nitin H. Vaidya and Sohail Hameed. 1999. Scheduling data broadcast in asymmetric communication environments. Wireless Netw. 5, 3 (1999), 171--182.Google Scholar
Digital Library
- Wang Gangsheng and Ansari Nirwan. 1997. Optimal broadcast scheduling in packet radio networks using mean field annealing. IEEE J. Select. Areas Commun. 15, 2 (1997), 250--260.Google Scholar
Digital Library
- Jaehyun Yeo, Heesoo Lee, and Sehun Kim. 2002. An efficient broadcast scheduling algorithm for TDMA ad-hoc networks. Comput. Operat. Res. 29, 13 (2002), 1793--1806.Google Scholar
Cross Ref
- Xiaowei Zhu. 2016. Managing the risks of outsourcing: Time, quality, and correlated costs. Transport. Res. Part E: Logist. Transport. Rev. 90 (2016), 121--133. DOI:https://doi.org/10.1016/j.tre.2015.06.005 Risk Management of Logistics Systems.Google Scholar
Cross Ref
- Carson Zimmerman. 2014. The Strategies of a World-class Cybersecurity Operations Center. The MITRE Corporation, McLean, VA.Google Scholar
Index Terms
An Outsourcing Model for Alert Analysis in a Cybersecurity Operations Center
Recommendations
Strategic risk analysis for information technology outsourcing in hospitals
Outsourced IT has a considerable impact on the hospital productivity.The optimal level of IT outsourcing is between 50% and 80% of overall IT spending.Hospital characteristics play an important role on hospital productivity. This study examines the ...
A US Client's learning from outsourcing IT work offshore
Based on 45 interviews and significant documentation, we explore the offshore outsourcing experiences of a US-based biotechnology company. This company offshore outsourced 21 IT projects to six suppliers in India. Senior managers and the official ...
Rural outsourcing patterns of engagement
PLoP '11: Proceedings of the 18th Conference on Pattern Languages of ProgramsIn recent times, although organizations are downsizing or tightening budgets, their workload is not getting any smaller. They are challenged to do the same amount of work or more with less human and financial resources. Skilled temporary staff provides ...






Comments