Building a Human-Centric SOC: A New Framework for Success

Conference paper

Mwangi, J., Wall, J., Ismail, U. and Al-Nemrat, A. 2025. Building a Human-Centric SOC: A New Framework for Success. 16th International Conference on Global Security, Safety & Sustainability, ICGS3-24. Online 25 - 27 Nov 2024 Springer.

Publication dates
Authors	Mwangi, J., Wall, J., Ismail, U. and Al-Nemrat, A.
Type	Conference paper
Abstract	The Security Operation Centre is a hub where the Information Security Team monitors, detects, analyses, and prioritizes events from critical digital as- sets on an ongoing basis. The objective is to ensure that any malicious activities, indicators of attack are stopped and contained before having a major impact to an organization. Early detection is very important when trying to combat cyber threats. The Security Operation Centre is equipped with intelligent tools and skilled analysts that help detect such events. With a focus to constantly improve Security Operation Centre effectiveness, a thorough understanding of human factors and human errors that may lead to potential security breaches need to be investigated. Incorporating artificial intelligence and machine learning technologies has gone a long way to compensate for human error in the Security Operation Centre, through automation of routine tasks and incorporation within Security, Orchestration, Automation and Response. This has led to better rapid threat anomaly detection, incident response and a reduction of Security Analysts’ cognitive load. That said, the existing literature suggests a lack of a systematic approach, for example in assessing Security Analysts’ performance. There is a gap in the research regarding human factors and the limitations of human error within the Security Operation Centre, particularly given that it operates as a socio-technical environment where social interactions and technological systems are closely integrated. Effective collaboration, communication, and teamwork are essential in such a setting, and this research looks to further bridge that gap. Through a case study, current practices within the Security Operation Centre will be explored from the personnel perspective. In addition, investigating transferable skills from other domains such as medical, aviation, and other sectors that manage complex environments under high stress are reviewed to determine if they offer valuable in- formation. This paper utilizes Secure Tropos to produce the Security Operation Centre meta model. This novel approach forms the basis of a new proposed framework that looks to identify relationships and security requirements within the Security Operation Centre entity. Human centric design that accounts for human factors and human errors within the Security Operation Centre is crucial for maintaining a robust cybersecurity posture. By better understanding current practices within the Security Operation Centre, this research intends to contribute to- wards a more human centric approach.
Year	2025
Conference	16th International Conference on Global Security, Safety & Sustainability, ICGS3-24
Publisher	Springer
Accepted author manuscript	License Springer Nature Terms of Use for accepted manuscripts of subscription articles, books and chapters File Access Level Repository staff only
Online	18 Mar 2025
Publication process dates
Accepted	18 Oct 2024
Deposited	02 Dec 2024
Journal citation	p. In Press
ISSN	1613-5113
Book title	Cybersecurity and Human Capabilities Through Symbiotic Artificial Intelligence: Proceedings of the 16th International Conference on Global Security, Safety and Sustainability, London, November 2024
Book editor	Jahankhani, H.
	Isaac, B.
ISBN	978-3-031-82030-4
	978-3-031-82031-1
Web address (URL)	https://link.springer.com/book/9783031820304
Copyright holder	© The Author(s), under exclusive license to Springer Nature Switzerland AG 2025

Permalink -

https://repository.uel.ac.uk/item/8yq1z

38
total views
1
total downloads
38
views this month
1
downloads this month

Export as

Related outputs

Modelling language for cyber security incident handling for critical infrastructures

Mouratidis, H., Islam, S., Santos-Olmo, A., Sanchez, L. E. and Ismail, U. M. 2023. Modelling language for cyber security incident handling for critical infrastructures. Computers & Security. 128 (Art. 103139). https://doi.org/10.1016/j.cose.2023.103139

Vulnerability prediction for secure healthcare supply chain service delivery

Islam, S., Abba, A., Ismail, U., Mouratidis, H. and Papastergiou, S. 2022. Vulnerability prediction for secure healthcare supply chain service delivery. Integrated Computer-Aided Engineering. 29 (4), pp. 389-409. https://doi.org/10.3233/ICA-220689

The Impact of CISO Appointment Announcements on the Market Value of Firms

Ford, A., Al-Nemrat, A., Ghorashi, S. and Davidson, J. 2022. The Impact of CISO Appointment Announcements on the Market Value of Firms. 17th International Conference on Cyber Warfare and Security (ICCWS 2022). Albany, New York, USA 17 - 18 Mar 2022 Academic Conferences International (ACI).

The Impact of Data Breach Announcements on Company Value in European Markets

Ford, A., Al-Nemrat, A., Ghorashi, S. and Davidson, J. 2021. The Impact of Data Breach Announcements on Company Value in European Markets. WEIS 2021: The 20th Annual Workshop on the Economics of Information Security. 28 - 29 Jun 2021

The Impact of GDPR Infringement Fines on the Market Value of Firms

Ford, A., Al-Nemrat, A., Ghorashi, S. and Davidson, J. 2021. The Impact of GDPR Infringement Fines on the Market Value of Firms. ECCWS 2021- Proceeding of the 20th European Conference on Cyber Warfare and Security. 24 - 25 Jun 2021 Academic Conferences International (ACI). https://doi.org/10.34190/EWS.21.088

Variance Ranking for Multi-Classed Imbalanced Datasets: A Case Study of One-Versus-All

Ebenuwa, S., Sharif, S., Al-Nemrat, A., Al-Bayatti, A. H., Alalwan, N., Alzahrani, A. I. and Alfarraj, O. 2019. Variance Ranking for Multi-Classed Imbalanced Datasets: A Case Study of One-Versus-All. Symmetry. 11 (Art. 1504). https://doi.org/10.3390/sym11121504

A Dynamic Access Control Model Using Authorising Workflow and Task-Role-Based Access Control

Uddin, M., Islam, S. and Al-Nemrat, A. 2019. A Dynamic Access Control Model Using Authorising Workflow and Task-Role-Based Access Control. IEEE Access. 7 (Art. 166676). https://doi.org/10.1109/ACCESS.2019.2947377

Variance Ranking Attributes Selection Techniques for Binary Classification Problem in Imbalance Data

Ebenuwa, S., Sharif, M., Alazab, Mamoun and Al-Nemrat, A. 2019. Variance Ranking Attributes Selection Techniques for Binary Classification Problem in Imbalance Data. IEEE Access. 7, pp. 24649-24666. https://doi.org/10.1109/ACCESS.2019.2899578

Deep Learning Approach for Intelligent Intrusion Detection System

Vinayakumar, R., Alazab, Mamoun, Soman, K. P., Poornachandran, Prabaharan, Al-Nemrat, A. and Venkatraman, Sitalakshmi 2019. Deep Learning Approach for Intelligent Intrusion Detection System. IEEE Access. 7, pp. 41525-41550. https://doi.org/10.1109/ACCESS.2019.2895334

Content Discovery Advertisements: An Explorative Analysis

Jadhav Balaji, R., Baravalle, Andres, Al-Nemrat, A. and Falcarin, P. 2017. Content Discovery Advertisements: An Explorative Analysis. in: Jahankhani, Hamid, Carlile, Alex, Emmett, David, Hosseinian-Far, Amin, Brown, Guy, Sexton, Graham and Jamal, Arshad (ed.) Global Security, Safety and Sustainability - The Security Challenges of the Connected World Springer Verlag.

Integration operators for generating RDF/OWL-based user defined mediator views in a grid environment

Tawil, Abdel-Rahman H., Taweel, Adel, Naeem, U., Montebello, Matthew, Bashroush, R. and Al-Nemrat, A. 2014. Integration operators for generating RDF/OWL-based user defined mediator views in a grid environment. Journal of Intelligent Information Systems. 43 (1), pp. 1-32. https://doi.org/10.1007/s10844-013-0300-5

Security countermeasures in the cyber-world

Bendovschi, Andreea and Al-Nemrat, A. 2016. Security countermeasures in the cyber-world. in: 2016 IEEE International Conference on Cybercrime and Computer Forensic (ICCCF) IEEE. pp. 1-7

Measuring sustainability for an effective Information System audit from public organization perspective

Lope Abdul Rahman, Alifah Aida, Islam, S. and Al-Nemrat, A. 2015. Measuring sustainability for an effective Information System audit from public organization perspective. in: Research Challenges in Information Science (RCIS), 2015 IEEE 9th International Conference on IEEE. pp. 42-51

ARP cache poisoning mitigation and forensics investigation

Mangut, Heman Awang, Al-Nemrat, A., Benzaid, Chafika and Tawil, Abdel-Rahman H. 2015. ARP cache poisoning mitigation and forensics investigation. in: 2015 IEEE Trustcom/BigDataSE/ISPA IEEE. pp. 1392-1397

Cybercrime Profiling: Decision-Tree Induction, Examining Perceptions of Internet Risk and Cybercrime Victimisation

Al-Nemrat, A. and Benzaid, Chafika 2015. Cybercrime Profiling: Decision-Tree Induction, Examining Perceptions of Internet Risk and Cybercrime Victimisation. in: 2015 IEEE Trustcom/BigDataSE/ISPA IEEE. pp. 1380-1385

Intelligent Detection of MAC Spoofing Attack in 802.11 Network

Benzaid, Chafika, Boulgheraif, Abderrahman, Dahmane, Fatma Zohra, Al-Nemrat, A. and Zeraoulia, Khaled 2016. Intelligent Detection of MAC Spoofing Attack in 802.11 Network. in: Proceedings of the 17th International Conference on Distributed Computing and Networking Association for Computing Machinery (ACM).

Forensic Malware Analysis: The Value of Fuzzy Hashing Algorithms in Identifying Similarities

Sarantinos, Nikolaos, Benzaid, Chafika, Arabiat, Omar and Al-Nemrat, A. 2017. Forensic Malware Analysis: The Value of Fuzzy Hashing Algorithms in Identifying Similarities. in: 2016 IEEE Trustcom/BigDataSE/ISPA IEEE. pp. 1782-1787

A Scalable Malware Classification based on Integrated Static and Dynamic Features

Bounouh, Tewfik, Brahimi, Zakaria, Al-Nemrat, A. and Benzaid, Chafika 2017. A Scalable Malware Classification based on Integrated Static and Dynamic Features. 11th International Conference on Global Security, Safety, and Sustainability (ICGS3) 2017. London, UK 18 - 20 Jan 2017 Springer International Publishing. https://doi.org/10.1007/978-3-319-51064-4_10

Fast authentication in wireless sensor networks

Benzaid, Chafika, Lounis, Karim, Al-Nemrat, A., Badache, Nadjib and Alazab, Mamoun 2014. Fast authentication in wireless sensor networks. Future Generation Computer Systems. 55, pp. 362-375.

An Analysis of Honeypot Programs and the Attack Data Collected

Moore, C. and Al-Nemrat, A. 2015. An Analysis of Honeypot Programs and the Attack Data Collected. in: Jahankhani, Hamid, Carlile, Alex, Akhgar, Babak, Taal, Amie, Hessami, Ali G. and Hosseinian-Far, Amin (ed.) Global Security, Safety and Sustainability: Tomorrow's Challenges of Cyber Security Springer International Publishing.

Statistical Sampling Approach to Investigate Child Pornography Cases

Sarantinos, N., Al-Nemrat, A. and Naeem, U. 2013. Statistical Sampling Approach to Investigate Child Pornography Cases. 2013 Fourth Cybercrime and Trustworthy Computing Workshop (CTC). Sydney NSW, Australia 21 - 22 Nov 2013 IEEE. https://doi.org/10.1109/CTC.2013.14