The Work of Intrusion Detection: Rethinking the Role of Security Analysts

John R. Goodall, Wayne G. Lutters, Anita Komlodi

Research output: Contribution to conferencePaperpeer-review

51 Scopus citations

Abstract

Intrusion detection (ID) systems have become increasingly accepted as an essential layer in the information security infrastructure. However, there has been little research into understanding the human component of ID work. Currently, security analysts face an increasing workload as their environments expand and attacks become more frequent. We conducted contextual interviews with security analysts to gain an understanding of the people and work of ID. Our findings reveal that organizational changes must be combined with improved technical tools for effective, long-term solutions to the difficulties of scaling ID work. We propose a three-phase task model in which tasks could be decoupled according to requisite expertise. In particular, monitoring tasks can be separated and staffed by less experienced ID analysts with corresponding tool support. Thus, security analysts will be better able to cope with increasing security threats in their expanding networks. Additionally, organizations will be afforded more flexibility in hiring and training new analysts.

Original languageEnglish
Pages1421-1427
Number of pages7
StatePublished - 2004
Externally publishedYes
Event10th Americas Conference on Information Systems, AMCIS 2004 - New York, United States
Duration: Aug 6 2004Aug 8 2004

Conference

Conference10th Americas Conference on Information Systems, AMCIS 2004
Country/TerritoryUnited States
CityNew York
Period08/6/0408/8/04

Funding

This project has benefited from the intellectual contributions of Nick Marangoni, Chris Liang, Andrew Sears, Penny Rheingans, Enrique Stanziola, and Utkarsh Ayachit. It was funded in part by NSF-REU (EIA-0244131) and the Department of Defense.

FundersFunder number
Utkarsh Ayachit
National Science FoundationEIA-0244131
U.S. Department of Defense

    Keywords

    • Information security
    • expertise
    • field study
    • intrusion detection
    • socio-technical systems

    Fingerprint

    Dive into the research topics of 'The Work of Intrusion Detection: Rethinking the Role of Security Analysts'. Together they form a unique fingerprint.

    Cite this