Continuous improvement on maturity and capability of Security Operation Centres

Acartürk, Cengiz
Erdur, Efe
This study addresses maturity and capability assessment of Security Operation Centres (SOC). It aims to contribute to continuous improvement for SOCs by proposing a complementary methodology that provides SOCs a self-assessment capability. The method basically involves an assessment of the gaps between the current and the desired states of the organization and facilitates determining critical aspects that have priority. The proposed methodology is based on the define, measure, analyze, improve, and control methodology of the Six Sigma approach and offers a service-oriented improvement process for SOCs. The applicability of the methodology is demonstrated by a case study. We evaluated subject matter experts' reviews using simplified conversation analysis as a qualitative, content-analysis approach.


Continuous improvement on maturity and capability of security operation centers
Erdur, Efe Suat; Acartürk, Cengiz; Department of Cyber Security (2019)
This thesis has been studied to define the importance of maturity and capability assessment, and continuous improvement for Security Operation Centers (SOC). Additionally, it aims contribute to the academic literature to fill the research gap in this specific domain as well. The main focus of this thesis is to combine those two important concepts under same study and define a methodology to provide Security Operation Centers' a self-assessment capability which also evaluates the gaps between current and des...
Privacy-preserving data sharing and adaptable service compositions in mission-critical clouds
Bhargava, Bharat; Angın, Pelin; Ranchal, Rohit (2021-01-01)
Existing cloud systems lack robust mechanisms to monitor compliance of services with security and performance policies under changing contexts, and to ensure uninterrupted operation in case of failures. On the other hand, microservices-based cloud system architectures that have become indispensable for defense applications require systematic monitoring of service operations to satisfy their resiliency and antifragility goals. In this work we propose a unified model for enforcing security and performance req...
Empirical investigation of internet banking usage: The case of Turkey
Daneshgadeh, Salva; Özkan Yıldırım, Sevgi (2014-10-17)
This study empirically investigates the factors impacting internet banking (IB) usage by Turkish bank customers. A unique internet banking usage model (IBUM) was developed and validated. The initial proposed model incorporated 10 factors named usefulness, ease of use, control, social influence, compatibility, risk, website features, alliance service, awareness of service and personalization that affect internet banking usage. The initial model was tested against both measurement and structural models. The r...
On provable security of some public key encryption schemes
Hanoymak, Turgut; Akyıldız, Ersan; Selçuk, Ali Aydın; Department of Cryptography (2012)
In this thesis, we analyse the security criteria of some public key encryption schemes. In this respect, we present the notion of adversarial goals and adversarial capabilities. We give the definition of provably security by means of several games between the challenger and the adversary in some security models, namely the standard model and the random oracle model. We state the main differences between these two models and observe the advantage of the success probability of the adversary in breaking the cr...
Comparison of Intelligent Classification Techniques by Practicing a Specific Technology Audit
Berkol, A.; Kara, G.; Turk, A. (2016-09-08)
Technology audit activities arc carried out for assessment of firms' technological requirements, capacity or management capability. The aim of these assessments is to define the weaknesses of firms and develop actions in order to improve firms' technological capacity and/or technology management capability. Generally these activities are implemented with survey questionnaires. These questionnaires can be filled by managers of firms or can be implemented as an interview by independent experts. However, evalu...
Citation Formats
C. Acartürk and E. Erdur, “Continuous improvement on maturity and capability of Security Operation Centres,” IET INFORMATION SECURITY, pp. 0–0, 2020, Accessed: 00, 2021. [Online]. Available: