Insights and Recommendations for Improving Handoff Processes in Cybersecurity Operations Centers

Authors

Liam Brennan
Crystal M. Fausett, San Jose State UniversityFollow
Elizabeth H. Lazzara, Embry-Riddle Aeronautical University

Publication Date

2-25-2026

Document Type

Contribution to a Book

Publication Title

Handbook of Human Factors in Cybersecurity Systems A Human Centered Approach

DOI

10.1201/9781003413707-6

First Page

91

Last Page

123

Abstract

With the increasing complexity of the sociotechnical systems surrounding cybersecurity operations, the effective utilization and performance of cybersecurity teams is critical. This chapter contributes to this conversation by leveraging knowledge from team science, healthcare, and other high-risk industries with respect to handoffs and applies these insights toward the optimization of security operations centers (SOCs). This begins with a clarification of the utilization and meaning surrounding terms such as SOC and teams, with the former referring to “a team primarily composed of security analysts organized to detect, analyze, respond to, report on, and prevent cybersecurity incidents” and the latter referring to a “distinguishable set of two or more individuals who interact dynamically, adaptively, and interdependently; who share common goals or purposes; and who have specific roles or functions to perform.” From here, the nuances of teams, including potential variations in their nature and structures, are presented to better orient the audience as to the diverse considerations surrounding teamwork, regardless of domain. With this newfound understanding, the dearth of research surrounding handoffs, which can be equated to the transfer of information, responsibility, or accountability, is examined within the context of SOCs with supplementary case studies provided to better explore variations in applications and criticality. Additional considerations and recommended practices with respect to the implementation of handoffs within SOCs are outlined and buttressed by a mnemonic which can be employed to facilitate the handoff process. Given current and projected growth within cybersecurity, the question of how best to optimize the utilization and performance of teams will continue to be of concern for much time to come. With this focus, continued research into the field and applications is further outlined in an effort to highlight additional opportunities for advancement.

Department

Information

Recommended Citation

Liam Brennan, Crystal M. Fausett, and Elizabeth H. Lazzara. "Insights and Recommendations for Improving Handoff Processes in Cybersecurity Operations Centers" Handbook of Human Factors in Cybersecurity Systems A Human Centered Approach (2026): 91-123. https://doi.org/10.1201/9781003413707-6