Capturing Tacit Knowledge in Security Operation Centres. / Cho, Selina; Happa, Jassim; Creese, Sadie.

In: IEEE Access, Vol. 8, 24.02.2020, p. 42021 - 42041.

Research output: Contribution to journalArticlepeer-review

Published

Standard

Capturing Tacit Knowledge in Security Operation Centres. / Cho, Selina; Happa, Jassim; Creese, Sadie.

In: IEEE Access, Vol. 8, 24.02.2020, p. 42021 - 42041.

Research output: Contribution to journalArticlepeer-review

Harvard

APA

Vancouver

Author

Cho, Selina ; Happa, Jassim ; Creese, Sadie. / Capturing Tacit Knowledge in Security Operation Centres. In: IEEE Access. 2020 ; Vol. 8. pp. 42021 - 42041.

BibTeX

@article{805fc2df85af4178a27eb30c8f361a25,
title = "Capturing Tacit Knowledge in Security Operation Centres",
abstract = "The use of tacit knowledge has previously been shown to help expedite problem-solving procedures in the setting of medical emergency responses, as individuals can use past experiences in present and future challenges. However, there is a lack of understanding in its application in IT and socio-technical management. This paper examines the thought processes observed in Security Operational Centre (SOC) analysts facing threat events to lay the groundwork for tacit knowledge management in SOCs. Based on Sternberg's fieldwork in tacit knowledge, we conducted semi-structured interviews with ten analysts to explore the key artefacts and individual traits that aid their approach to communication, and to examine the thought processes under hypothetical incident handling scenarios. The results highlight a unanimous pursuit of Root Cause Analysis (RCA) upon the outbreak of an incident and stages of decision-making when escalating to third party support providers. Using Business Process Modelling and Notation (BPMN), we show the procedural elements of tacit knowledge from several scenarios. The results also suggest that simulation environments and physical proximity with analysts and vendors can facilitate the transfer of tacit knowledge more effectively in SOCs.",
author = "Selina Cho and Jassim Happa and Sadie Creese",
year = "2020",
month = feb,
day = "24",
doi = "10.1109/ACCESS.2020.2976076",
language = "English",
volume = "8",
pages = "42021 -- 42041",
journal = "IEEE Access",
issn = "2169-3536",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

RIS

TY - JOUR

T1 - Capturing Tacit Knowledge in Security Operation Centres

AU - Cho, Selina

AU - Happa, Jassim

AU - Creese, Sadie

PY - 2020/2/24

Y1 - 2020/2/24

N2 - The use of tacit knowledge has previously been shown to help expedite problem-solving procedures in the setting of medical emergency responses, as individuals can use past experiences in present and future challenges. However, there is a lack of understanding in its application in IT and socio-technical management. This paper examines the thought processes observed in Security Operational Centre (SOC) analysts facing threat events to lay the groundwork for tacit knowledge management in SOCs. Based on Sternberg's fieldwork in tacit knowledge, we conducted semi-structured interviews with ten analysts to explore the key artefacts and individual traits that aid their approach to communication, and to examine the thought processes under hypothetical incident handling scenarios. The results highlight a unanimous pursuit of Root Cause Analysis (RCA) upon the outbreak of an incident and stages of decision-making when escalating to third party support providers. Using Business Process Modelling and Notation (BPMN), we show the procedural elements of tacit knowledge from several scenarios. The results also suggest that simulation environments and physical proximity with analysts and vendors can facilitate the transfer of tacit knowledge more effectively in SOCs.

AB - The use of tacit knowledge has previously been shown to help expedite problem-solving procedures in the setting of medical emergency responses, as individuals can use past experiences in present and future challenges. However, there is a lack of understanding in its application in IT and socio-technical management. This paper examines the thought processes observed in Security Operational Centre (SOC) analysts facing threat events to lay the groundwork for tacit knowledge management in SOCs. Based on Sternberg's fieldwork in tacit knowledge, we conducted semi-structured interviews with ten analysts to explore the key artefacts and individual traits that aid their approach to communication, and to examine the thought processes under hypothetical incident handling scenarios. The results highlight a unanimous pursuit of Root Cause Analysis (RCA) upon the outbreak of an incident and stages of decision-making when escalating to third party support providers. Using Business Process Modelling and Notation (BPMN), we show the procedural elements of tacit knowledge from several scenarios. The results also suggest that simulation environments and physical proximity with analysts and vendors can facilitate the transfer of tacit knowledge more effectively in SOCs.

U2 - 10.1109/ACCESS.2020.2976076

DO - 10.1109/ACCESS.2020.2976076

M3 - Article

VL - 8

SP - 42021

EP - 42041

JO - IEEE Access

JF - IEEE Access

SN - 2169-3536

ER -