| dc.description.abstract | Analysts in Security Operation Centers (SOC) are experiencing large numbers of alerts that they must analyze. Out of all the alarms an analyst receives, between 50 and 90 % of them are false positives. Because of these numbers, they are prone to be affected by alert fatigue (AF), a condition where an individual is desensitized to alerts and suffers from cognitive overload. This issue could lead to a successful cyber-attack and cause damage to an organization. This thesis investigates how alert fatigue influences analysts
and how SOCs should protect themselves from this issue. This is done by answering the following research questions: “How does mindful organizing happen in the SOC environment?”, “How does alert fatigue influence mindful conduction in SOC?” and “What strategies are being implemented to mitigate alert fatigue”. We conducted a multiple case study interviewing 12 individuals from 5 different SOCs to answer these
questions. We also utilized a High-reliability organization (HRO) framework as a theoretical lens since a SOC can be considered a digital HRO, which is an organization that builds both services and solutions to protect an organization and utilizes a cognitive mindset of mindfulness in its operations.
The main theoretical implication is our creation of a novel theory that we call Mindful Balancing, which entails how analysts use both mindful and mindless actions when they analyze alerts and that they are doing so to maintain their cognitive power. Failure to maintain that balance can cause them to drain their mindfulness, which is an exhaustible resource, and thus return to a default state of mindlessness. For the practical implications, we identified various mitigation strategies that could be used to prevent alert fatigue. They are split into categories based on how they can improve Mindful Balancing, which is assisting mindful balancing and facilitation of mindful balancing.
This thesis offers an interesting new way to see alert fatigue and provides a novel theory about how analysts use mindful and mindless actions to maintain their cognitive power. We hope this theory will assist organizations in understanding how analysts work and that it will assist further research on the topic. | |
