Automation Bias and Complacency in Security Operation Centers-Reference-Cited by-同舟云学术

Automation Bias and Complacency in Security Operation Centers

Published:2024-07-03 Issue:7 Volume:13 Page:165
ISSN:2073-431X
Container-title:Computers
language:en
Short-container-title:Computers

Author:

Tilbury Jack¹,Flowerday Stephen¹^ORCID

Affiliation:

1. School of Cyber Studies, The University of Tulsa, Tulsa, OK 74104, USA

Abstract

The volume and complexity of alerts that security operation center (SOC) analysts must manage necessitate automation. Increased automation in SOCs amplifies the risk of automation bias and complacency whereby security analysts become over-reliant on automation, failing to seek confirmatory or contradictory information. To identify automation characteristics that assist in the mitigation of automation bias and complacency, we investigated the current and proposed application areas of automation in SOCs and discussed its implications for security analysts. A scoping review of 599 articles from four databases was conducted. The final 48 articles were reviewed by two researchers for quality control and were imported into NVivo14. Thematic analysis was performed, and the use of automation throughout the incident response lifecycle was recognized, predominantly in the detection and response phases. Artificial intelligence and machine learning solutions are increasingly prominent in SOCs, yet support for the human-in-the-loop component is evident. The research culminates by contributing the SOC Automation Implementation Guidelines (SAIG), comprising functional and non-functional requirements for SOC automation tools that, if implemented, permit a mutually beneficial relationship between security analysts and intelligent machines. This is of practical value to human automation researchers and SOCs striving to optimize processes. Theoretically, a continued understanding of automation bias and its components is achieved.

Publisher

MDPI AG

Link

https://www.mdpi.com/2073-431X/13/7/165/pdf

Reference75 articles.

1. Basyurt, A.S., Fromm, J., Kuehn, P., Kaufhold, M.-A., and Mirbabaie, M. (2022, January 21–23). Help Wanted—Challenges in Data Collection, Analysis and Communication of Cyber Threats in Security Operation Centers. Proceedings of the 17th International Conference on Wirtschaftsinformatik, WI, Nuremberg, Germany. Available online: https://www.scopus.com/inward/record.uri?eid=2-s2.0-85171997510&partnerID=40&md5=30a02b455898c7c2c9d2421d82606470.

2. Testing SOAR Tools in Use;Bridges;Comput. Secur.,2023

3. Dietrich, C., Krombholz, K., Borgolte, K., and Fiebig, T. (2018, January 15–19). Investigating System Operators’ Perspective on Security Misconfigurations. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, Toronto, ON, Canada.

4. Hughes, K., McLaughlin, K., and Sezer, S. (2020, January 11–12). Dynamic Countermeasure Knowledge for Intrusion Response Systems. Proceedings of the 2020 31st Irish Signals and Systems Conference, ISSC, Letterkenny, Ireland.

5. (2023). Vectra AI 2023 State of Threat Detection—The Defenders’ Dilemma, Vectra AI. Available online: https://www.vectra.ai/resources/2023-state-of-threat-detection.

Cited by 1 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Humans and Automation: Augmenting Security Operation Centers;Journal of Cybersecurity and Privacy;2024-07-01