Journal of Information Security

Volume 11, Issue 4 (October 2020)

ISSN Print: 2153-1234   ISSN Online: 2153-1242

Google-based Impact Factor: 3.25  Citations  

Security Operations Center: A Framework for Automated Triage, Containment and Escalation

HTML  XML Download Download as PDF (Size: 2844KB)  PP. 225-240  
DOI: 10.4236/jis.2020.114015    1,310 Downloads   5,905 Views  Citations
Author(s)

ABSTRACT

There have been a lot of research exertions and studies to improve the safety of critical infrastructures using the Security Operations Center (SOC). As part of efforts, the purpose of this research is to propose a framework to automate the SOC’s performance of triage, containment and escalation. The research leveraged on qualitative desk review to collect data for analysis, deduced strengths and weaknesses for the current SOC implementations and used that as a basis for proposing the framework. In view of the constant evolution of SOC operations and capabilities coupled with the huge volumes of data collected for analysis, an efficient framework for SOC operations is proposed. The qualitative analysis is used to deduce strengths and weaknesses for the current SOC implementations as a premise for proposing the framework. It consists of eight interactive stages that further leverage on a proposed algorithm for baselining, remediation and escalation. The result of this research is a proposed framework that serves as a unique contribution to enhancing the SOC’s ability to automatically perform triage, containment and escalation. Supplementary to similar and earlier work reviewed, the framework is proposed as the way forward to automatically enable SOC setups with the capacity to efficiently perform triage of security threats, vulnerabilities and incidents, effectively contain identified breaches and appropriately escalate for prompt and accurate solutions.

Share and Cite:

Danquah, P. (2020) Security Operations Center: A Framework for Automated Triage, Containment and Escalation. Journal of Information Security, 11, 225-240. doi: 10.4236/jis.2020.114015.

Cited by

[1] Ulkoistetun tietoturvavalvomopalvelun tavoitteet, vaatimusmäärittely ja käyttöönoton vaiheistus
2024
[2] Cyber threats classifications and countermeasures in banking and financial sector
IEEE …, 2023
[3] Facial Emotion Recognition for Photo and Video Surveillance Based on Machine Learning and Visual Analytics
Applied Sciences, 2023
[4] Red Teaming vs. Blue Teaming: A Comparative Analysis of Cyber Security Strategies in the Digital Battlefield
2023
[5] Building A Barrier: A Security Operations Center Framework For A Sustainable Smart Campus Network
2022 6th International Conference …, 2022
[6] Integrated network and security operation center: A systematic analysis
IEEE Access, 2022
[7] Advanced security testing using a cyber‐attack forecasting model: A case study of financial institutions
Journal of Software …, 2022
[8] Security-driven prioritization for tactical mobile networks
Journal of Information …, 2022
[9] Internet fraud: The influence of Identity Flexibility and Dissociative Anonymity
East African Journal of Information …, 2022
[10] A Framework for Improving Intrusion Detection Systems by Combining Artificial Intelligence and Situational Awareness
2022
[11] Model for successful development and implementation of Cyber Security Operations Centre (SOC)
Plos one, 2021
[12] Security Operations Center: A Systematic Study and Open Challenges
2020
[13] An Integrated Checklist for Architecture Design of Critical Software Systems

Journals Menu
Follow SCIRP
Contact us
customer@scirp.org
WhatsApp +86 18163351462(WhatsApp)
Click here to send a message to me 1655362766
Paper Publishing WeChat

Copyright © 2025 by authors and Scientific Research Publishing Inc.

Creative Commons License

This work and the related PDF file are licensed under a Creative Commons Attribution 4.0 International License.