Continuous improvement on maturity and capability of security operation centers

Download
2019
Erdur, Efe Suat
This thesis has been studied to define the importance of maturity and capability assessment, and continuous improvement for Security Operation Centers (SOC). Additionally, it aims contribute to the academic literature to fill the research gap in this specific domain as well. The main focus of this thesis is to combine those two important concepts under same study and define a methodology to provide Security Operation Centers' a self-assessment capability which also evaluates the gaps between current and desired states of the organization and determine the most critical aspects that are suggested to be improved at first. The applicability of the methodology has been supported with a use case scenario. More importantly, it is evaluated using conversational analysis methodology of qualitative analyze approach and evaluation results have been presented at the final part of the thesis report.

Suggestions

Continuous improvement on maturity and capability of Security Operation Centres
Acartürk, Cengiz; Erdur, Efe (2020-12-01)
This study addresses maturity and capability assessment of Security Operation Centres (SOC). It aims to contribute to continuous improvement for SOCs by proposing a complementary methodology that provides SOCs a self-assessment capability. The method basically involves an assessment of the gaps between the current and the desired states of the organization and facilitates determining critical aspects that have priority. The proposed methodology is based on the define, measure, analyze, improve, and control ...
A review on capability and maturity models of building ınformation modelling
Yılmaz, Gökçen; Akçamete Güngör, Aslı; Demirörs, Onur (null; 2017-07-07)
Process assessment and maturity models in software engineering are widely used for process improvement. Likewise, assessing BIM capability and maturity have important effects on increasing BIM performance and enhancing benefits of BIM usage. Thus, there are various BIM capability and maturity models in the literature which are important for users to be able to select appropriate model for their BIM assessment purposes. This study aims to identify and analyse BIM capability and maturity models in the constru...
A Decision Support System for Optimal Selection of Enterprise Information Security Preventative Actions
Sonmez, Ferda Ozdemir; Günel Kılıç, Banu (2021-09-01)
Types and complexity of information security related vulnerabilities are growing rapidly and present numerous challenges to the enterprises. One of the key challenges is to identify the optimal set of precautions with limited budget. Despite the fact that majority of enterprises have a budget constraint for installing and maintaining the protection systems, the majority of the previous work only focus on prioritization of security targets and do not consider the preventative actions and budget constraints. ...
Comparison of Intelligent Classification Techniques by Practicing a Specific Technology Audit
Berkol, A.; Kara, G.; Turk, A. (2016-09-08)
Technology audit activities arc carried out for assessment of firms' technological requirements, capacity or management capability. The aim of these assessments is to define the weaknesses of firms and develop actions in order to improve firms' technological capacity and/or technology management capability. Generally these activities are implemented with survey questionnaires. These questionnaires can be filled by managers of firms or can be implemented as an interview by independent experts. However, evalu...
Prioritization of interdependent uncertainties in projects
Qazi, Abroon; Dikmen Toker, İrem; Birgönül, Mustafa Talat (2020-08-01)
Purpose The purpose of this paper is to address the limitations of conventional risk matrix based tools such that both positive and negative connotation of uncertainty could be captured within a unified framework that is capable of modeling the direction and strength of causal relationships across uncertainties and prioritizing project uncertainties as both threats and opportunities. Design/methodology/approach Theoretically grounded in the frameworks of Bayesian belief networks (BBNs) and interpretive stru...
Citation Formats
E. S. Erdur, “Continuous improvement on maturity and capability of security operation centers,” Thesis (M.S.) -- Graduate School of Informatics. Cyber Security., Middle East Technical University, 2019.