SYSTEM AND METHOD FOR SECURITY ANALYST MODELING AND MANAGEMENT

摘要

Systems and methods for managing incoming cybersecurity events. Incoming security events are first classified based on stored event profiles from previous events. Multiple analysts with relevant experience and background are determined based on the analysts' stored profiles. The incoming event is assigned and dispatched as necessary to one of these analysts. Analyst stress levels and mood is assessed, and the assessments are stored in the analyst profiles. Analyst resolution steps and performance against those steps in resolving the events are also stored in the relevant analyst profiles and in an event record database. QA reviews of resolved events are conducted when norm deviant circumstances arise. AI and process mining techniques are used in classifying the incoming events, assigning the incoming events to the relevant analyst, and determining lessons to be learned from previous events. The analyst profiles models specific analyst behaviour and are used for assigning incoming events.