Abstract
Intrusion detection (ID) systems have become increasingly accepted as an essential layer in the information security infrastructure. However, there has been little research into understanding the human component of ID work. Currently, security analysts face an increasing workload as their environments expand and attacks become more frequent. We conducted contextual interviews with security analysts to gain an understanding of the people and work of ID. Our findings reveal that organizational changes must be combined with improved technical tools for effective, long-term solutions to the difficulties of scaling ID work. We propose a three-phase task model in which tasks could be decoupled according to requisite expertise. In particular, monitoring tasks can be separated and staffed by less experienced ID analysts with corresponding tool support. Thus, security analysts will be better able to cope with increasing security threats in their expanding networks. Additionally, organizations will be afforded more flexibility in hiring and training new analysts.
Original language | English |
---|---|
Pages | 1421-1427 |
Number of pages | 7 |
State | Published - 2004 |
Externally published | Yes |
Event | 10th Americas Conference on Information Systems, AMCIS 2004 - New York, United States Duration: Aug 6 2004 → Aug 8 2004 |
Conference
Conference | 10th Americas Conference on Information Systems, AMCIS 2004 |
---|---|
Country/Territory | United States |
City | New York |
Period | 08/6/04 → 08/8/04 |
Funding
This project has benefited from the intellectual contributions of Nick Marangoni, Chris Liang, Andrew Sears, Penny Rheingans, Enrique Stanziola, and Utkarsh Ayachit. It was funded in part by NSF-REU (EIA-0244131) and the Department of Defense.
Funders | Funder number |
---|---|
Utkarsh Ayachit | |
National Science Foundation | EIA-0244131 |
U.S. Department of Defense |
Keywords
- Information security
- expertise
- field study
- intrusion detection
- socio-technical systems