Paper Type
Complete
Abstract
Analysts in Security Operation Centers (SOCs) face numerous alerts daily, with 50% to 90% being false positives, leading to alert fatigue—a state of desensitization and cognitive overload that raises the risk of successful cyberattacks. While High Reliability Organizing (HRO) literature highlights organizational mindfulness in handling unexpected events, its application in SOCs and vulnerability to alert fatigue is less explored. Our study addressed this by exploring two questions: “How does mindful organizing manifest in SOCs at the organizational level?” and “How does alert fatigue affect analysts’ mindful behavior at the individual level?” Through qualitative interviews with 12 analysts from five SOCs, we identified core activities that establish SOCs as HROs. At the individual level, analysts employ "mindful balancing" tactics to alternate between mindfulness and mindlessness to manage their demanding work. Our study offers important theoretical and practical insights, elaborated further in the article.
Paper Number
1552
Recommended Citation
Soliman, Wael; Mikkelesen, Adrian; and Seljåsen, Terje Heum, "Security Operations Centers and the Battle between Mindfulness and Mindlessness: Toward a Model of Mindful Balancing" (2025). AMCIS 2025 Proceedings. 19.
https://aisel.aisnet.org/amcis2025/sig_sec/sig_sec/19
Security Operations Centers and the Battle between Mindfulness and Mindlessness: Toward a Model of Mindful Balancing
Analysts in Security Operation Centers (SOCs) face numerous alerts daily, with 50% to 90% being false positives, leading to alert fatigue—a state of desensitization and cognitive overload that raises the risk of successful cyberattacks. While High Reliability Organizing (HRO) literature highlights organizational mindfulness in handling unexpected events, its application in SOCs and vulnerability to alert fatigue is less explored. Our study addressed this by exploring two questions: “How does mindful organizing manifest in SOCs at the organizational level?” and “How does alert fatigue affect analysts’ mindful behavior at the individual level?” Through qualitative interviews with 12 analysts from five SOCs, we identified core activities that establish SOCs as HROs. At the individual level, analysts employ "mindful balancing" tactics to alternate between mindfulness and mindlessness to manage their demanding work. Our study offers important theoretical and practical insights, elaborated further in the article.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.
Comments
SIGSEC