Litcius/Paper detail

Training the Maritime Security Operations Centre Teams

Marco Raimondi, Giacomo Longo, Alessio Merlo, Alessandro Armando, Enrico Russo

202219 citationsDOI

Abstract

A Security Operation Centre (SOC) is a powerful and versatile infrastructure for cybersecurity due to the capabilities of monitoring and improving the security posture of an organization. While they found great diffusion in companies to defend IT/OT infrastructures, their employment in the maritime domain is still narrow but required. Nevertheless, SOC analysts working in traditional SOCs may be unprepared to operate proficiently in the maritime environment due to its context-specific features. They require specific training to fully exploit these newfound requirements. In this work, we leverage the NICE framework to outline the profile definition of a SOC operator in terms of required knowledge and skills. This profile allowed us to define the requirements of a training program tailored for maritime SOC operators. Moreover, we show how this program can be fulfilled with targeted hands-on exercises. An example exercise set in a representative scenario highlights that we are able to train the specific skills with metrics for evaluating their proficiency.

Topics & Concepts

ExploitLeverage (statistics)Computer scienceContext (archaeology)Computer securityDomain (mathematical analysis)Work (physics)Set (abstract data type)Training (meteorology)Engineering managementProcess managementKnowledge managementRisk analysis (engineering)EngineeringBusinessArtificial intelligenceMechanical engineeringPaleontologyProgramming languageMathematical analysisPhysicsMathematicsBiologyMeteorologyInformation and Cyber SecurityNetwork Security and Intrusion DetectionSoftware System Performance and Reliability