{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,12]],"date-time":"2026-06-12T09:07:35Z","timestamp":1781255255262,"version":"3.54.1"},"reference-count":28,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2021,11,22]],"date-time":"2021-11-22T00:00:00Z","timestamp":1637539200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,11,22]],"date-time":"2021-11-22T00:00:00Z","timestamp":1637539200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"funder":[{"DOI":"10.13039\/100006754","name":"Army Research Laboratory","doi-asserted-by":"publisher","award":["W911NF-13-1-0421"],"award-info":[{"award-number":["W911NF-13-1-0421"]}],"id":[{"id":"10.13039\/100006754","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000006","name":"Office of Naval Research","doi-asserted-by":"crossref","award":["N00014-15-1-2007"],"award-info":[{"award-number":["N00014-15-1-2007"]}],"id":[{"id":"10.13039\/100000006","id-type":"DOI","asserted-by":"crossref"}]},{"DOI":"10.13039\/100000006","name":"Office of Naval Research","doi-asserted-by":"crossref","award":["N00014-18-1-2670"],"award-info":[{"award-number":["N00014-18-1-2670"]}],"id":[{"id":"10.13039\/100000006","id-type":"DOI","asserted-by":"crossref"}]},{"name":"National Science Foundation","award":["CNS-1822094"],"award-info":[{"award-number":["CNS-1822094"]}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2022,6]]},"DOI":"10.1007\/s10207-021-00573-4","type":"journal-article","created":{"date-parts":[[2021,11,22]],"date-time":"2021-11-22T15:02:53Z","timestamp":1637593373000},"page":"637-651","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["Maintaining the level of operational effectiveness of a CSOC under adverse conditions"],"prefix":"10.1007","volume":"21","author":[{"given":"Ankit","family":"Shah","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Rajesh","family":"Ganesan","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3210-558X","authenticated-orcid":false,"given":"Sushil","family":"Jajodia","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Hasan","family":"Cam","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2021,11,22]]},"reference":[{"issue":"2","key":"573_CR1","doi-asserted-by":"publisher","first-page":"169","DOI":"10.1016\/S0921-8890(00)00087-7","volume":"33","author":"ME Aydin","year":"2000","unstructured":"Aydin, M.E., Oztemel, E.: Dynamic job-shop scheduling using reinforcement learning agents. Robot. Auton. Syst. 33(2), 169\u2013178 (2000)","journal-title":"Robot. Auton. Syst."},{"key":"573_CR2","volume-title":"The Tao of Network Security Monitoring: Beyond Intrusion Detection","author":"R Bejtlich","year":"2005","unstructured":"Bejtlich, R.: The Tao of Network Security Monitoring: Beyond Intrusion Detection. Pearson Education Inc., London (2005)"},{"issue":"5","key":"573_CR3","doi-asserted-by":"publisher","first-page":"35","DOI":"10.1109\/MSP.2014.103","volume":"12","author":"S Bhatt","year":"2014","unstructured":"Bhatt, S., Manadhata, P.K., Zomlot, L.: The operational role of security information and event management systems. IEEE Secur. Privacy 12(5), 35\u201341 (2014)","journal-title":"IEEE Secur. Privacy"},{"key":"573_CR4","unstructured":"CIO: DON cyber crime handbook. Dept. of Navy, Washington, DC (2008)"},{"key":"573_CR5","volume-title":"Implementing Intrusion Detection Systems","author":"T Crothers","year":"2002","unstructured":"Crothers, T.: Implementing Intrusion Detection Systems. Wiley Publishing Inc., New York (2002)"},{"key":"573_CR6","doi-asserted-by":"crossref","unstructured":"D\u2019Amico, A., Whitley, K.: The real work of computer network defense analysts. In: VizSEC 2007: Proceedings of the Workshop on Visualization for Computer Security (2008)","DOI":"10.1007\/978-3-540-78243-8_2"},{"key":"573_CR7","doi-asserted-by":"crossref","unstructured":"D\u2019Amico, A., Whitley, K.: The real work of computer network defense analysts: The analysis roles and processes that transform network data into security situation awareness. In: Proceedings of the Workshop on Visualization for Computer Security, pp. 19\u201337 (2008)","DOI":"10.1007\/978-3-540-78243-8_2"},{"issue":"1","key":"573_CR8","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1093\/cybsec\/tyw003","volume":"2","author":"B Edwards","year":"2016","unstructured":"Edwards, B., Hofmeyr, S., Forrest, S.: Hype and heavy tails: a closer look at data breaches. J. Cybersecur. 2(1), 3\u201314 (2016)","journal-title":"J. Cybersecur."},{"issue":"4","key":"573_CR9","first-page":"16:2","volume":"21","author":"KA Farris","year":"2018","unstructured":"Farris, K.A., Shah, A., Cybenko, G., Ganesan, R., Jajodia, S.: VULCON\u2013a system for vulnerability prioritization, mitigation, and management. ACM Trans. Privacy Secur. 21(4), 16:2-16:28 (2018)","journal-title":"ACM Trans. Privacy Secur."},{"issue":"4","key":"573_CR10","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/2914795","volume":"8","author":"R Ganesan","year":"2017","unstructured":"Ganesan, R., Jajodia, S., Cam, H.: Optimal scheduling of cybersecurity analyst for minimizing risk. ACM Trans. Intell. Syst. Technol. 8(4), 1\u201332 (2017)","journal-title":"ACM Trans. Intell. Syst. Technol."},{"issue":"1","key":"573_CR11","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/2882969","volume":"8","author":"R Ganesan","year":"2016","unstructured":"Ganesan, R., Jajodia, S., Shah, A., Cam, H.: Dynamic scheduling of cybersecurity analysts for minimizing risk using reinforcement learning. ACM Trans. Intell. Syst. Technol. 8(1), 1\u201321 (2016). https:\/\/doi.org\/10.1145\/2882969","journal-title":"ACM Trans. Intell. Syst. Technol."},{"key":"573_CR12","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4757-3766-0","volume-title":"Simulation Based Optimization: Parametric Optimization Techniques and Reinforcement Learning","author":"A Gosavi","year":"2003","unstructured":"Gosavi, A.: Simulation Based Optimization: Parametric Optimization Techniques and Reinforcement Learning. Kluwer Academic, Norwell, MA (2003)"},{"key":"573_CR13","doi-asserted-by":"crossref","unstructured":"Killcrece, G., Kossakowski, K.P., Ruefle, R., Zajicek, M.: State of the practice of computer security incident response teams (csirts). Tech. Rep. CMU\/SEI-2003-TR-001, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA (2003)","DOI":"10.21236\/ADA421664"},{"key":"573_CR14","unstructured":"Mnih, V., Kavukcuoglu, K., Silver, D., Graves, A., Antonoglou, I., Wierstra, D., Riedmiller, M.: Playing atari with deep reinforcement learning. arXiv preprint arXiv:1312.5602 (2013)"},{"issue":"5","key":"573_CR15","doi-asserted-by":"publisher","first-page":"389","DOI":"10.1016\/j.simpat.2004.12.003","volume":"13","author":"CD Paternina-Arboleda","year":"2005","unstructured":"Paternina-Arboleda, C.D., Das, T.K.: A multi-agent reinforcement learning approach to obtaining dynamic control policies for stochastic lot scheduling problem. Simul. Modell. Pract. Theory 13(5), 389\u2013406 (2005)","journal-title":"Simul. Modell. Pract. Theory"},{"key":"573_CR16","doi-asserted-by":"publisher","DOI":"10.1002\/9780470182963","volume-title":"Approximate Dynamic Programming: Solving the Curses of Dimensionality","author":"WB Powell","year":"2007","unstructured":"Powell, W.B.: Approximate Dynamic Programming: Solving the Curses of Dimensionality. Wiley-Interscience, New York (2007)"},{"key":"573_CR17","doi-asserted-by":"publisher","first-page":"577","DOI":"10.1007\/978-3-540-89985-3_71","volume-title":"Advances in Computer Science and Engineering","author":"A Rasoulifard","year":"2008","unstructured":"Rasoulifard, A., Bafghi, A.G., Kahani, M.: Incremental hybrid intrusion detection using ensemble of weak classifiers. In: Advances in Computer Science and Engineering, pp. 577\u2013584. Springer, Cham (2008)"},{"key":"573_CR18","doi-asserted-by":"crossref","unstructured":"Scarfone, K., Mell, P.: Guide to intrusion detection and prevention systems (IDPS). Special Publication 800-94, NIST (2007)","DOI":"10.6028\/NIST.SP.800-94"},{"key":"573_CR19","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-018-0407-3","author":"A Shah","year":"2018","unstructured":"Shah, A., Ganesan, R., Jajodia, S.: A methodology for ensuring fair allocation of CSOC effort for alert investigation. Int. J. Inf. Secur. (2018). https:\/\/doi.org\/10.1007\/s10207-018-0407-3","journal-title":"Int. J. Inf. Secur."},{"key":"573_CR20","doi-asserted-by":"publisher","DOI":"10.1007\/s11761-018-0235-3","author":"A Shah","year":"2018","unstructured":"Shah, A., Ganesan, R., Jajodia, S., Cam, H.: Adaptive reallocation of cybersecurity analysts to sensors for balancing risk between sensors. Serv. Orient. Comput. Appl. (2018). https:\/\/doi.org\/10.1007\/s11761-018-0235-3","journal-title":"Serv. Orient. Comput. Appl."},{"issue":"5","key":"573_CR21","doi-asserted-by":"publisher","first-page":"51:1","DOI":"10.1145\/3173457","volume":"9","author":"A Shah","year":"2018","unstructured":"Shah, A., Ganesan, R., Jajodia, S., Cam, H.: Dynamic optimization of the level of operational effectiveness of a CSOC under adverse conditions. ACM Trans. Intell. Syst. Technol. 9(5), 51:1-51:20 (2018). https:\/\/doi.org\/10.1145\/3173457","journal-title":"ACM Trans. Intell. Syst. Technol."},{"issue":"2","key":"573_CR22","doi-asserted-by":"publisher","first-page":"121","DOI":"10.1007\/s10207-017-0365-1","volume":"17","author":"A Shah","year":"2018","unstructured":"Shah, A., Ganesan, R., Jajodia, S., Cam, H.: A methodology to measure and monitor level of operational effectiveness of a CSOC. Int. J. Inf. Secur. 17(2), 121\u2013134 (2018). https:\/\/doi.org\/10.1007\/s10207-017-0365-1","journal-title":"Int. J. Inf. Secur."},{"key":"573_CR23","doi-asserted-by":"publisher","DOI":"10.1109\/JSYST.2018.2809506","author":"A Shah","year":"2018","unstructured":"Shah, A., Ganesan, R., Jajodia, S., Cam, H.: Optimal assignment of sensors to analysts in a cybersecurity operations center. IEEE Syst. J. (2018). https:\/\/doi.org\/10.1109\/JSYST.2018.2809506","journal-title":"IEEE Syst. J."},{"issue":"5","key":"573_CR24","doi-asserted-by":"publisher","first-page":"1155","DOI":"10.1109\/TIFS.2018.2871744","volume":"14","author":"A Shah","year":"2019","unstructured":"Shah, A., Ganesan, R., Jajodia, S., Cam, H.: Understanding tradeoffs between throughput, quality, and cost of alert analysis in a CSOC. IEEE Trans. Inf. Forens. Secur. 14(5), 1155\u20131170 (2019)","journal-title":"IEEE Trans. Inf. Forens. Secur."},{"key":"573_CR25","unstructured":"Smith, M., Pat\u00e9-Cornell, E.: Cyber risk analysis for a smart grid: How smart is smart enough? a multi-armed bandit approach. In: Proceedings of the 2nd Singapore Cyber-Security R&D Conference (SG-CRC 2017), pp. 37\u201356 (2017)"},{"key":"573_CR26","unstructured":"Sundaramurthy, S.C., Bardas, A.G., Case, J., Ou, X., Wesch, M., McHugh, J., Rajagopalan, S.R.: A human capital model for mitigating security analyst burnout. In: Eleventh Symposium on Usable Privacy and Security (SOUPS 2015), pp. 347\u2013359. USENIX Association (2015)"},{"key":"573_CR27","unstructured":"Sundaramurthy, S.C., McHugh, J., Ou, X., Wesch, M., Bardas, A.G., Rajagopalan, S.R.: Turning contradictions into innovations or: How we learned to stop whining and improve security operations. In: Twelfth Symposium on Usable Privacy and Security (SOUPS 2016), pp. 237\u2013250. USENIX Association (2016)"},{"key":"573_CR28","volume-title":"Reinforcement Learning: An Introduction","author":"RS Sutton","year":"2018","unstructured":"Sutton, R.S., Barto, A.G.: Reinforcement Learning: An Introduction. MIT press, Cambridge (2018)"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-021-00573-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-021-00573-4\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-021-00573-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,5,27]],"date-time":"2022-05-27T11:14:35Z","timestamp":1653650075000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-021-00573-4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,11,22]]},"references-count":28,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2022,6]]}},"alternative-id":["573"],"URL":"https:\/\/doi.org\/10.1007\/s10207-021-00573-4","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,11,22]]},"assertion":[{"value":"22 November 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"Authors Shah, Ganesan, Jajodia, and Cam declare that they have no conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflicts of interest"}},{"value":"This article does not contain any studies with human participants or animals performed by any of the authors.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethical approval"}}]}}