Optimal CyberSecurity Analyst Staffing Plan

Slides:

Advertisements

Similar presentations

Project management.

Advertisements

IEOR 4004: Introduction to Operations Research Deterministic Models January 22, 2014.

Software Quality Assurance Plan

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

Operations Management Linear Programming Module B - Part 2

B-1 Operations Management Linear Programming Module B - New Formulations.

Presenter: David Fleeman { D. Juedes, F. Drews, L. Welch and D. Fleeman Center for Intelligent, Distributed & Dependable.

Optimizing CATI Call Scheduling International Total Survey Error Workshop Hidiroglou, M.A., with Choudhry, G.H., Laflamme, F. Statistics Canada 1 Statistics.

Project Management Technique By: Penny Leahy Jackie Holohan.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 5 Slide 1 Project management.

Creator: ACSession No: 10 Slide No: 1Reviewer: SS CSE300Advanced Software EngineeringDecember 2005 Project Management CSE300 Advanced Software Engineering.

1 SOFTWARE PRODUCTION. 2 DEVELOPMENT Product Creation Means: Methods & Heuristics Measure of Success: Quality f(Fitness of Use) MANAGEMENT Efficient &

4. 2Object-Oriented Analysis and Design with the Unified Process Objectives  Explain the elements of project management and the responsibilities of a.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Project Management Hoang Huu Hanh, Hue University hanh-at-hueuni.edu.vn.

1 Software Engineering Muhammad Fahad Khan Software Engineering Muhammad Fahad Khan University Of Engineering.

Staff Scheduling at USPS Mail Processing & Distribution Centers A Case Study Using Integer Programming.

Alert Aggregation in Mobile Ad-Hoc Networks By Bo Sun, Kui Wu, Udo W. Pooch.

FCS - AAO - DM COMPE/SE/ISE 492 Senior Project 2 System/Software Test Documentation (STD) System/Software Test Documentation (STD)

An Autonomic Framework in Cloud Environment Jiedan Zhu Advisor: Prof. Gagan Agrawal.

Chapter 3: Project Management Omar Meqdadi SE 2730 Lecture 3 Department of Computer Science and Software Engineering University of Wisconsin-Platteville.

1 Chapter 5 Project management. 2 Project management : Is Organizing, planning and scheduling software projects.

Software Engineering Saeed Akhtar The University of Lahore Lecture 8 Originally shared for: mashhoood.webs.com.

ISM 5316 Week 3 Learning Objectives You should be able to: u Define and list issues and steps in Project Integration u List and describe the components.

Operational Research & ManagementOperations Scheduling Workforce Scheduling 1.Days-Off Scheduling 2.Shift Scheduling 3. Cyclic Staffing Problem (& extensions)

Chapter 3 Project Management Chapter 3 Project Management Organising, planning and scheduling software projects.

© J. Christopher Beck Lecture 24: Workforce Scheduling.

7.5 Intrusion Detection Systems Network Security / G.Steffen1.

Presented By Dr. Mohsen Alardhi College of Technological Studies, Kuwait April 19 th,2009.

Lecture 1 – Operations Research

A Simulation Model for Bioterrorism Preparedness in An Emergency Room Lisa Patvivatsiri Department of Industrial Engineering Texas Tech University Presented.

NC-BSI: TASK 3.5: Reduction of False Alarm Rates from Fused Data Problem Statement/Objectives Research Objectives Intelligent fusing of data from hybrid.

Develop Schedule is the Process of analyzing activity sequences, durations, resource requirements, and schedule constraints to create the project schedule.

Develop Schedule is the Process of analyzing activity sequences, durations, resource requirements, and schedule constraints to create the project schedule.

Welcome Information Security Office Services Available to Counties Security Operations Center Questions.

Systems Analysis Lecture 5 Requirements Investigation and Analysis 1 BTEC HNC Systems Support Castle College 2007/8.

1 Project management Organising, planning and scheduling software projects.

COMP201 Project Management.

A Brief intro to Project Management What can it do for you

SIEM Rotem Mesika System security engineering

Scheduling for Trinity School at Meadow View

BruinTech Vendor Meet & Greet December 3, 2015

Schedule Margin July 2013 NAVY CEVM

T-Share: A Large-Scale Dynamic Taxi Ridesharing Service

Disabled Adult Transit Service:

Assistant Professor of Computer Science Washington State University

Software Project Management

Security Methods and Practice CET4884

Hyper-V Cloud Proof of Concept Kickoff Meeting <Customer Name>

Staff Scheduling at USPS Mail Processing & Distribution Centers

IS4550 Security Policies and Implementation

ISP and Egress Path Selection for Multihomed Networks

CMMI – Staged Representation

Mining Dynamics of Data Streams in Multi-Dimensional Space

Software Project Management

By: Dr. Visavnath, Lecturer Comp. Engg. Deptt.

On the Efficacy of Anomaly Detection in Process Control Networks

Using Baseline Data in Quality Problem Solving

Chap 11 Learning Objectives

Practical Software Engineering

Schedule Margin July 2013 NAVY CEVM

Project management Learning Unit 5.

8 Job Sequencing & Operations Scheduling CHAPTER Arranged by

Schedule Margin July 2013 NAVY CEVM

By: Dr. Visavnath, Lecturer Comp. Engg. Deptt.

Yining ZHAO Computer Network Information Center,

Dr. Arslan Ornek MATHEMATICAL MODELS

Anand Bhat*, Soheil Samii†, Raj Rajkumar* *Carnegie Mellon University

Deployment Optimization of IoT Devices through Attack Graph Analysis

Presentation transcript:

Optimal CyberSecurity Analyst Staffing Plan Sponsors: Dr. Rajesh Ganesan Ankit Shah Thomas Lepp Jennifer Krajic Kendrick van Doorn

Agenda Background Problem Definition Model / Approach Results Validation Way Forward Background - Kendrick Problem Definition - Kendrick Model / Approach - Jennifer (Part 1 & 2) & Thomas (Part 3) Results – Thomas Validation - Thomas Way Forward - Kendrick Old Schedule Optimized Schedule

CSOC A CyberSecurity Operations Center (CSOC) protects against emerging and dynamic cybersecurity threats. It is critical that all alerts are analyzed in a timely manner to reduce risk to the organization. Alerts are unique notifications sent to analysts after correlation of network level events. Describe a CSOC and sensors all around the world. Lead into the IDS.

Background Intrusion Detection System (IDS) Device or software application that monitors a network or systems for malicious activity of policy violations[4] Main detection methods are signature-based, anomaly-based, and stateful protocol analysis [4] Some limitations are packet noise, false-alarms, legacy software, and lag time [4] Need for analysts to constantly review and provide disposition for all IDS identified threats Describe an IDS and lead into the model on the next page.

Background Intrusion Detection System (IDS)[1] Describe the model. From the book. That is referenced. That is so great.

Problem Definition & Scope The Optimal CyberSecurity Analyst Staffing Plan Team is tasked with delivering a 14 day staffing schedule model for a CSOC that minimizes payroll costs by scheduling an adequate number of analyst (Junior, Intermediate, and Senior) for the initial investigation of varying alert generation patterns. The staffing schedules will include variable overlapping shift patterns that satisfy staffing and schedule requirements. Deliverables: Staffing Model and Schedule Sensitivity Analysis of Results Model Validation Next Steps Assessment This is the problem definition and what we are going to deliver. Evaluation needs to be described for each deliverable.

Initial Analysis Time period: 14-day vs. 1-day Increments: 1 hour vs. 4 hour Scenario Period Increment Work hour Options 1 1 hour 4-12 hours 2 4,8,12 hours 3 4 hour Time Periods 14-Day 1-Day 1 hour 2336 224 4 hours 284 26 Speak to the 3 scenarios- equaled the same shift patterns and the same costs

Model / Approach The model contains three major parts: Input: Calculate average alert arrival rates and feasible shift patterns Python Programming Optimize: Minimize payroll costs Integer Programming Assign: Minimize staff and create staff schedules First Fit Decreasing Heuristic Input Optimize Assign

Model Part 1: Input Input Optimize Assign Demand: Alerts follow a Poisson Distribution with a varying alert arrival rate Alert arrival/ hour/ sensor: High (12), Moderate (9), and Low (6) Average alert arrival rate + 2 standard deviations for 10 sensors Assumption: Alerts are batched into 4-hour segments. All alerts will be analyzed by the end of 4-hours. New alerts are presented at the beginning of the next 4-hour segment. Time Period Frequency of Alert 06:00 AM to 10:00 AM High (12) 10:00 AM to 02:00 PM Moderate (9) 02:00 PM to 06:00 PM 06:00 PM to 10:00 PM 10:00 PM to 02:00 AM Low (6) 02:00 AM to 06:00 AM

Model Part 1: Input Feasible Shift Patterns: Staffing Constraints: Input Optimize Assign Feasible Shift Patterns: Staffing Constraints: Cannot work less than 4 hours or greater than 12 hours in a row. Minimum break of 8 hours in between shifts Payroll Calculations: Base Rate: Junior $38/hr, Intermediate $49/hr, Senior $61/hr Base Rate increase by 10% for 4 hour shifts Base Rate increase by 10% for working between 10PM and 6AM

Model Part 1: Input Output: Input Optimize Assign Output: Generation of all possible shift patterns for 1 day and payroll calculation for each analyst/ shift pattern 1 or 0 is assigned to each 4 hour period 1 = working 4 hour period 0 = break for 4 hours Example: Shift Pattern #14 06:00 AM- 10:00 AM 10:00 AM- 02:00 PM 02:00 PM- 06:00 PM 06:00 PM- 10:00 PM 10:00 PM- 02:00 AM 02:00 AM- 06:00 AM 1 - 4 (Base Rate + 10% Base Rate) 4(Base Rate + 10% Base Rate)

Model Part 2: Optimize Input Optimize Assign

Model Part 2: Optimize Input Optimize Assign Output: required shift patterns for optimal payroll cost. Required shift pattern by analyst type: Demand versus supply of alert analysis:

Model Part 2: Optimize Required shift pattern by analyst type: Input Optimize Assign Required shift pattern by analyst type:

Model Part 3: Assign Input Optimize Assign Input – Required patterns from part 2 for each day Method - First Fit Decreasing (FFD) heuristic Worst case scenario of: 11 9 ∗𝑂𝑃𝑇+ 6 9 [2] Example[3] Families : 3, 1, 6, 4, 5, 2 Bus #1 Bus #2 Bus #3

Model Part 3: Assign Input Optimize Assign Input – Required patterns from part 2 for each day Method - First Fit Decreasing (FFD) heuristic Worst case scenario of: 11 9 ∗𝑂𝑃𝑇+ 6 9 [2] Example[3] Decreasing Families : 6, 5, 4, 3, 2, 1 Bus #1 Bus #2 Bus #3

Model Part 3: Assign Input Optimize Assign Input – Required patterns from part 2 for each day Method - First Fit Decreasing (FFD) heuristic Worst case scenario of: 11 9 ∗𝑂𝑃𝑇+ 6 9 [2] Example[3] Decreasing Families : 6, 5, 4, 3, 2, 1 Bus #1 Bus #2 Bus #3

Model Part 3: Assign Input Optimize Assign Input – Required patterns from part 2 for each day Method - First Fit Decreasing (FFD) heuristic Worst case scenario of: 11 9 ∗𝑂𝑃𝑇+ 6 9 [2] Example[3] Decreasing Families : 6, 5, 4, 3, 2, 1 Bus #1 Bus #2 Bus #3

Model Part 3: Assign Input Optimize Assign Input – Required patterns from part 2 for each day Method - First Fit Decreasing (FFD) heuristic Worst case scenario of: 11 9 ∗𝑂𝑃𝑇+ 6 9 [2] Example[3] Decreasing Families : 6, 5, 4, 3, 2, 1 Bus #1 Bus #2 Bus #3

Model Part 3: Assign Input Optimize Assign Input – Required patterns from part 2 for each day Method - First Fit Decreasing (FFD) heuristic Worst case scenario of: 11 9 ∗𝑂𝑃𝑇+ 6 9 [2] Example[3] Decreasing Families : 6, 5, 4, 3, 2, 1 Bus #1 Bus #2 Bus #3

Model Part 3: Assign Intermediate Input Optimize Assign Assigned

Results Work Schedules Junior: 33 Intermediate: 15 Senior: 39

Two Week Payroll Cost: $183,356 Results Summary Two Week Payroll Cost: $183,356

Sensitivity Analysis – Weekend Constraint Senior Analyst Example – Each Analyst cannot work more than one weekend Two Week Work Schedule: Senior Workers with Weekend Constraint

Sensitivity Analysis – Weekend Constraint Senior Analyst Example – Each Analyst cannot work more than one weekend Two Week Work Schedule: Senior Workers with Weekend Constraint

Sensitivity Analysis – Weekend Constraint Senior Analyst Example – Each Analyst cannot work more than one weekend Two Week Work Schedule: Senior Workers with Weekend Constraint Two Week Work Schedule: Senior Workers without Weekend Constraint Total Reduction of Workforce: Junior 8 (21%), Intermediate 4 (27%), Senior 14(36%)

Each line represents a simulation against the scheduled supply Model Validation Each line represents a simulation against the scheduled supply

Way Forward and Additional Work The team has delivered the current model, sensitivity analysis, and final report to the project sponsors. Additional items discussed with the project sponsor for follow on work include: Manager friendly view and manipulation of data. Real world work schedules and habits. Inclusion of alert complexity. Further development of FFD heuristic or analysis of different heuristic. Analysis of Surge and backup employees. Analysis of backlog of alerts and completion timeline.

Acknowledgements Dr. Rajesh Ganesan Ankit Shah The team would like to thank the following individuals for their support throughout the project. Dr. Rajesh Ganesan Ankit Shah Dr. Karla Hoffman Dr. Kathryn Laskey

Questions

References [1] – Ganesan, R. Jajodia, S., Shah, A. and Cam, H. 2016b. Dynamic Scheduling of Cybersecurity Analysts for Minimizing Risk Using Reinforcement Learning. ACM Trans. on Intelligent Systems and Technology, 8, 1, Article 4 (July 2016), 21 pages. DOI:http://dx.doi.org/10.1145/2882969 [2] – Chen, Bo, Mike Paterson, and Gouchuan Zhang. "ESCAPE'07 Proceedings of the First international conference on Combinatorics, Algorithms, Probabilistic and Experimental Methodologies." LNCS: Lecture Notes In Computer Science (n.d.): 1-11. Web. [3] - HEGARTYMATHS. "Packing algorithms - First-fit (decreasing) algorithms (Decision Maths 1)." YouTube. YouTube, 14 Feb. 2012. Web. 27 Apr. 2017. [4] "Intrusion detection system." Wikipedia. Wikimedia Foundation, 04 May 2017. Web. 06 May 2017.