CERIAS - Center for Education and Research in Information Assurance and Security

Skip Navigation
CERIAS Logo
Purdue University - Discovery Park
Center for Education and Research in Information Assurance and Security

Improving Analyst Team Performance and Capability in NOC / SOC Operations Centers

Barrett Caldwell and Omar Eldardiry - Purdue University

Nov 05, 2014

Size: 145.2MB

Download: Video Icon MP4 Video  
Watch in your Browser   Watch on Youtube Watch on YouTube

Abstract

Network Operations Center and Security Operations Center (NOC / SOC) teams have complex and challenging cognitive tasks that are crucial to the IT health of the organization, but existing tools and metrics do not support this range of tasks. To enhance their key tasks, namely situation awareness, incident response, prevention and knowledge sharing, it is critical to understand how people, tools and information sharing co-function in a NOC environment, and what limits their performance--from low-level analysts to their managers and team leads responsible for translating this NOC/SOC value to others in the organization. Beginning at RSA 2014, our research team began to explore how to improve the information available and displayed to NOC / SOC analysts, team leads, and managers. Our interviews and information display usability efforts are focused on recognizing and reducing the gaps that limit NOC/SOC effectiveness and integration with the rest of the organization.

The two recurring themes that address the needs of lower- and higher-level analysts, and their managers were: 1) Analysts need to effectively turn data visualizations into usable presentations to increase network situation awareness, and 2) SOC leads and managers need tools and metrics to effectively communicate the status of the organization’s network assets, team operations and company’s incident response preparedness to the rest of the organization. Besides standard training, analysts are required to engage in the development of expertise and acquiring skills necessary to perform required tasks. Transfer of organizational knowledge to novice analysts efficiently is a vital process to maximize the organization’s capabilities at all times. In preliminary interviews, network managers and team leads stated that they are unaware of tools that will allow them to document work procedures and cases to be used as a resource for novice analysts. They express frustration from the need of their continuous involvement in operational level tasks that interrupt their managerial tasks.

About the Speaker

Barrett S. Caldwell, PhD is a Professor in Industrial Engineering (and Aeronautics & Astronautics) at Purdue. His PhD (Univ. of California, Davis, 1990) is in Social Psychology; his two BS degrees are from MIT (1985). His research program is known as the Group Performance Environments Research (GROUPER) Laboratory. GROUPER research highlights human factors engineering approaches to design, evaluation, and innovation for how people get, share, and use information well. Prof. Caldwell has published over 150 scientific publications and has been recently funded by sources including CERIAS, FAA, and NASA. He is a Fellow of the Human Factors and Ergonomics Society (HFES), a Purdue University Faculty Scholar, and Immediate Past Secretary-Treasurer of the Human Factors and Ergonomics Society.

Omar Eldardiry is a PhD student in the Purdue GROUPER Laboratory, advised by Prof. Barrett Caldwell. His BS and MS degrees are from Alexandria University. Omar studies how information availability affects the decision making process as well as operations efficiency. The goal of his research is to develop strategies to tame the effect of information delays/inaccuracy, and improve team collaboration. He has research and operations experience in manufacturing engineering and information security, and has completed projects and internships in the US, Egypt, and Taiwan. In addition to research and industry experience, Omar has had course responsibility as an instructor in Engineering Economics.

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52, West Lafayette Campus. More information...

Disclaimer

The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.