Computer Science Research Assignment

1

11

Annotated Bibliography: Information Security Analyst

Micah Armstrong

CSIS110-D03

Annotated Bibliography: Information Security Analyst

Article 1

Jarocki, S., & Kettani, H. (2019). Examining the efficacy of commercial cyber security certifications for information security analysts. In 2019 4th International Conference on Information Systems Engineering (ICISE) (pp. 1-5). IEEE. Retrieved from https://www.researchgate.net/publication/338506367

Article summary

The article by Jarocki and Kettani (2019) examines the effectiveness of commercial cybersecurity certifications for information security analysts. The authors analyze whether current commercial certifications, notably in incident response, are useful in identifying potential candidates. They investigate hiring procedures and evaluate the effectiveness of these credentials in predicting job success using statistical data. While companies highly prize commercial certifications and may provide some indication of a candidate's talents, the study reveals that they are not accurate indicators of work performance. According to the authors, certification programs should be modified to reflect better the abilities required for successful incident response and information security analysis.

Article evaluation

The source is credible and reliable, published in the proceedings of a reputable international conference on information systems engineering. The authors back their assertions with statistical data and analysis, which increases the study's external validity. The paper delves into the difficulties of identifying eligible applicants for information security analyst positions and the limits of current certification schemes.

Article Reflection

The source has deepened my awareness of commercial certifications' limitations in assessing information security analysts' skills. The study's findings imply that certification programs should be revised and reformed to reflect the shifting nature of information security risks and the skills required for effective incident response. The paper also emphasizes the need for companies to use numerous criteria, such as experience and job performance when evaluating candidates for information security analyst roles.

Article Relevance

The source is highly valuable to information security analyst research, providing insights into the challenges in identifying suitable candidates and the limitations of current certification procedures. The facts and arguments in this article can inform discussions about the training and development of information security analysts and the criteria used to assess their skills and qualifications. The source's emphasis on the necessity for constant updates and enhancements to certification programs is consistent with current industry trends, emphasizing the importance of continuous learning and professional growth for information security analysts.

Article 2

Bridges, R. A., Iannacone, M. D., Goodall, J. R., & Beaver, J. M. (2018). How do information security workers use host data? a summary of interviews with security analysts.  arXiv preprint arXiv:1812.02867. Retrieved from https://www.researchgate.net/publication/329525816

Article Summary

The article by Bridges et al. (2018) presents the results of semi-structured interviews with 13 security analysts from five security operations centers (SOCs), including large academic, research, and government organizations. The study seeks to understand SOC operators' current practices and future objectives regarding host-based data-gathering capabilities, analysis tools, and how these tools are evaluated. The interviews indicate common issues analysts confront, such as data size, correlation of diverse but related data sources, data signal-to-noise ratio, and time constraints.

Article evaluation

The authors of the article are reputable academics in the field of information security. The approach and analysis in the article appear to be sound, providing significant insights into security analysts' issues. The article is useful for research since it discusses the methods and issues that security analysts confront when examining host-based data.

Article Reflection

The study emphasizes the need to establish tools and procedures for assessing host-based data with security analysts in mind. The article demonstrates that analysts confront considerable challenges when interpreting massive volumes of data from disparate sources, emphasizing the need for more effective tools and methodologies to aid them in this effort.

Article Relevance

The article is relevant to my research, providing insight into security analysts’ challenges while reviewing host-based data. This information can be utilized to create more effective tools and strategies to aid analysts. The paper is useful for my project because it provides precise insights into current SOC practices and issues.

Article 3

Guo, L., Li, F. W., & Wei, K. J. (2020). Security analysts and capital market anomalies.  Journal of Financial Economics,  137(1), 204-230. Retrieved from https://ideas.repec.org/a/eee/jfinec/v137y2020i1p204-230.html

Article Summary

Guo, Li, and Wei (2020) examine the value and efficiency of security analysts' recommendations by looking at how they utilize information from capital market anomalies. Despite market anomalies, the authors discover that analysts favorably recommend high-priced stocks. These costly stocks then have particularly bad anomalous returns. Furthermore, the authors discover that analysts who deliver better-aligned recommendations with anomaly signals are more skilled and generate higher recommendation announcement returns. According to the study, analysts' biased recommendations might cause market friction, limiting the efficient correction of mispricing.

Article Evaluation

The Journal of Financial Economics, where the study is published, is a well-known publication in finance and economics. The authors of this study have extensive experience in the sector. The study examines the relationship between anomaly signals and analyst recommendations using a large sample size of security analysts and their ideas. The authors use elaborate statistical analysis to investigate the relationship between the anomaly signals and analysts' recommendations.

Article Reflection

This study sheds light on the potential biases of security analysts in their recommendations, notably those related to capital market anomalies. It emphasizes the necessity of recognizing the sources of market friction that can hamper efficient price correction. This source has informed my thinking about the necessity of examining the incentives and biases of security analysts and other financial actors when assessing market pricing accuracy and efficiency.

Article Relevance

This source examines the role of security analysts in market efficiency and price, which is relevant to my topic. It provides useful insights into the potential biases of security analysts in their recommendations and emphasizes the relevance of knowing these biases in evaluating market pricing accuracy and efficiency. The source is useful to my project because it provides an empirical basis for investigating the role of security analysts in the context of market anomalies and the broader issue of market efficiency.

Article 4

Farooq, M. U., Xiaoli, H., & Rauf, S. A. (2020). Big data security analysis in network intrusion detection system.  International Journal of Computer Applications,  975, 8887. Retrieved from https://www.researchgate.net/publication/338632368

Article Summary

Farooq Xiaoli and Rauf (2020) discuss the application of big data security analysis in network intrusion detection systems. The article provides an overview of several intrusion detection approaches, such as intrusion detection and prevention systems (IDPS), signature-based detection (SD), and anomaly-based detection (AD). The paper also discusses the challenges that intrusion detection systems face and how machine learning and data mining approaches can be utilized to increase intrusion detection system accuracy. The paper examines the usage of NS-3.0, a network simulator, to address the limits of intrusion detection systems and offers recommendations for increasing their performance. The research concludes with the findings achieved utilizing an NS-3-based SVM classifier with the KDD Cup 99 Dataset, demonstrating a 99 percent accuracy.

Article Evaluation

The article is published in the International Journal of Computer Applications, a peer-reviewed journal. The authors have cited numerous sources to back up their assertions, indicating that they have done extensive research. Using NS-3.0 for network simulation is a novel strategy that can benefit network security researchers and practitioners.

Article Reflection

The article explores the challenges that intrusion detection systems face and the usage of big data security analysis to overcome these challenges. The application of machine learning and data mining techniques to intrusion detection systems is a promising field of research that has the potential to improve system accuracy. Using NS-3.0 for network simulation is a novel strategy that can benefit network security researchers and practitioners.

Article Relevance

The article relates to my research topic as it discusses the challenges intrusion detection systems face and the usage of big data security analysis to increase their accuracy. The application of machine learning and data mining techniques to intrusion detection systems is a promising field of research that has the potential to improve system accuracy. Using NS-3.0 for network simulation is a novel strategy that can benefit network security researchers and practitioners. The article benefits my study because it provides an overview of current research on this topic and can help guide my future research.

Article 5

Whitman, M. E., & Mattord, H. J. (2021).  Principles of information security. Cengage learning. Retrieved from https://books.google.co.ke/books/about/Principles_of_Information_Security.html?id=Hwk1EAAAQBAJ&redir_esc=y

Article Summary

Whitman and Mattord's (2021) book covers the fundamentals of information security, such as its history, evolution, importance, and numerous threats, weaknesses, and risks. It also provides an overview of the different types of attacks, hacking strategies, and the tools and technology used to defend against them. The book delves into the legal, ethical, and societal implications of information security and the concepts and best practices of information security management. Risk management, access control, cryptography, network security, and security management are also covered. Generally, the book comprehensively introduces information security principles important to students and professionals in the field.

Article Evaluation

The book "Principles of Information Security" is well-known and utilized in universities and colleges worldwide. The authors, Whitman and Mattord, are renowned researchers in information security with a wealth of professional and academic experience. The book is thoroughly researched and packed with current data and case studies, making it useful for professionals and students. The book's publisher, Cengage Learning, a recognized and seasoned academic publisher, significantly increases the book's credibility.

Article Reflection

The book has given me a good understanding of information security concepts and ideas. The book's thorough subject coverage has helped me understand the necessity of information security in today's digital world and the difficulties in safeguarding information systems and data from numerous threats and risks. The book also assisted me in comprehending the numerous approaches and technologies used to safeguard information systems, as well as the ethical and legal considerations surrounding information security.

Article Relevance

The book is quite useful for my research on information security analysts. The complete overview of the subject provided by the book gives a firm foundation for comprehending the core concepts and principles of information security, which is required for analyzing and evaluating information security threats and risks. The book's emphasis, among other things, on risk management, access control, cryptography, and network security is very pertinent to my study subject. The book's thorough coverage of information security management also provides useful insights into the practical aspects of managing information security in organizations.

Article 6

Figueira, P. T., Bravo, C. L., & López, J. L. R. (2020). Improving information security risk analysis by including threat-occurrence predictive models.  Computers & Security,  88, 101609. Retrieved from https://www.researchgate.net/publication/335696934

Article Summary

Figueira, Bravo, and López (2020) propose a new approach to information security risk analysis that incorporates predictive models of threat occurrence to account for variations in threat frequency caused by adopting new safeguards and changes in vulnerability potential. The authors validate their technique by calculating the future probability of each risk for a Spanish SME based on Magerit using regression models. The findings suggest that the approach produces a more accurate and realistic risk estimate, which can assist firms in implementing better and more efficient measures to reduce losses and improve information security.

Article Evaluation

The article is published in the reputable journal Computers & Security, demonstrating high credibility and reliability. The authors clearly explain their methodology, and their findings are validated by statistical analysis. Utilizing a real-world case study enhances the article's relevance for practical applications.

Article Reflection

The article has influenced my thinking about information security risk analysis by highlighting the limits of standard risk analysis approaches that depend solely on historical data. The suggested approach provides a more accurate and realistic risk estimate that considers changes in the threat landscape caused by adopting new safeguards and changes in vulnerability potential. The paper also underscores the significance of implementing more robust and effective protections to mitigate losses and increase information security.

Article Relevance

The article is relevant to my research topic as an Information Security Analyst because it provides a new approach to information security risk analysis that can improve the accuracy and effectiveness of risk management strategies. The article's emphasis on the significance of adopting better and more efficient safeguards is also consistent with my research topic, which is related to identifying and implementing best practices for information security.

References

Bridges, R. A., Iannacone, M. D., Goodall, J. R., & Beaver, J. M. (2018). How do information security workers use host data? a summary of interviews with security analysts.  arXiv preprint arXiv:1812.02867.

Farooq, M. U., Xiaoli, H., & Rauf, S. A. (2020). Big data security analysis in network intrusion detection system.  International Journal of Computer Applications,  975, 8887.

Figueira, P. T., Bravo, C. L., & López, J. L. R. (2020). Improving information security risk analysis by including threat-occurrence predictive models.  Computers & Security,  88, 101609.

Guo, L., Li, F. W., & Wei, K. J. (2020). Security analysts and capital market anomalies.  Journal of Financial Economics,  137(1), 204-230.

Jarocki, S., & Kettani, H. (2019, May). Examining the efficacy of commercial cyber security certifications for information security analysts. In  2019 4th International Conference on Information Systems Engineering (ICISE) (pp. 1-5). IEEE

Whitman, M. E., & Mattord, H. J. (2021).  Principles of information security. Cengage learning.