{"id":"https://openalex.org/W4414533670","doi":"https://doi.org/10.1007/s10207-025-01106-z","title":"Cyber situation awareness during an emerging cyberthreat: a case study","display_name":"Cyber situation awareness during an emerging cyberthreat: a case study","publication_year":2025,"publication_date":"2025-09-26","ids":{"openalex":"https://openalex.org/W4414533670","doi":"https://doi.org/10.1007/s10207-025-01106-z"},"language":"en","primary_location":{"id":"doi:10.1007/s10207-025-01106-z","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10207-025-01106-z","pdf_url":"https://link.springer.com/content/pdf/10.1007/s10207-025-01106-z.pdf","source":{"id":"https://openalex.org/S164062316","display_name":"International Journal of Information Security","issn_l":"1615-5262","issn":["1615-5262","1615-5270"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Information Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://link.springer.com/content/pdf/10.1007/s10207-025-01106-z.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5010663043","display_name":"Annika Andreasson","orcid":"https://orcid.org/0000-0003-1748-3769"},"institutions":[{"id":"https://openalex.org/I180242103","display_name":"Stockholm School of Economics","ror":"https://ror.org/01s5jzh92","country_code":"SE","type":"education","lineage":["https://openalex.org/I180242103"]}],"countries":["SE"],"is_corresponding":true,"raw_author_name":"Annika Andreasson","raw_affiliation_strings":["Stockholm School of Economics, Box 6501, SE-113 83, Stockholm, Sweden"],"affiliations":[{"raw_affiliation_string":"Stockholm School of Economics, Box 6501, SE-113 83, Stockholm, Sweden","institution_ids":["https://openalex.org/I180242103"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5088339869","display_name":"Henrik Artman","orcid":"https://orcid.org/0000-0002-6903-9072"},"institutions":[{"id":"https://openalex.org/I86987016","display_name":"KTH Royal Institute of Technology","ror":"https://ror.org/026vcq606","country_code":"SE","type":"education","lineage":["https://openalex.org/I86987016"]}],"countries":["SE"],"is_corresponding":false,"raw_author_name":"Henrik Artman","raw_affiliation_strings":["KTH Royal Institute of Technology, SE-100 44, Stockholm, Sweden"],"affiliations":[{"raw_affiliation_string":"KTH Royal Institute of Technology, SE-100 44, Stockholm, Sweden","institution_ids":["https://openalex.org/I86987016"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5051919182","display_name":"Joel Brynielsson","orcid":"https://orcid.org/0000-0002-2677-9759"},"institutions":[{"id":"https://openalex.org/I1291458624","display_name":"Swedish Defence Research Agency","ror":"https://ror.org/0470cgs30","country_code":"SE","type":"funder","lineage":["https://openalex.org/I1291458624"]},{"id":"https://openalex.org/I86987016","display_name":"KTH Royal Institute of Technology","ror":"https://ror.org/026vcq606","country_code":"SE","type":"education","lineage":["https://openalex.org/I86987016"]}],"countries":["SE"],"is_corresponding":false,"raw_author_name":"Joel Brynielsson","raw_affiliation_strings":["FOI Swedish Defence Research Agency, SE-164 90, Stockholm, Sweden","KTH Royal Institute of Technology, SE-100 44, Stockholm, Sweden"],"affiliations":[{"raw_affiliation_string":"FOI Swedish Defence Research Agency, SE-164 90, Stockholm, Sweden","institution_ids":["https://openalex.org/I1291458624"]},{"raw_affiliation_string":"KTH Royal Institute of Technology, SE-100 44, Stockholm, Sweden","institution_ids":["https://openalex.org/I86987016"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5037374855","display_name":"Ulrik Franke","orcid":"https://orcid.org/0000-0003-2017-7914"},"institutions":[{"id":"https://openalex.org/I101466613","display_name":"Swedish Defence University","ror":"https://ror.org/04mj8af82","country_code":"SE","type":"education","lineage":["https://openalex.org/I101466613"]},{"id":"https://openalex.org/I86987016","display_name":"KTH Royal Institute of Technology","ror":"https://ror.org/026vcq606","country_code":"SE","type":"education","lineage":["https://openalex.org/I86987016"]}],"countries":["SE"],"is_corresponding":false,"raw_author_name":"Ulrik Franke","raw_affiliation_strings":["KTH Royal Institute of Technology, SE-100 44, Stockholm, Sweden","Swedish Defence University, Box 278 05, SE-115 93, Stockholm, Sweden"],"affiliations":[{"raw_affiliation_string":"KTH Royal Institute of Technology, SE-100 44, Stockholm, Sweden","institution_ids":["https://openalex.org/I86987016"]},{"raw_affiliation_string":"Swedish Defence University, Box 278 05, SE-115 93, Stockholm, Sweden","institution_ids":["https://openalex.org/I101466613"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5010663043"],"corresponding_institution_ids":["https://openalex.org/I180242103"],"apc_list":{"value":2590,"currency":"EUR","value_usd":3190},"apc_paid":{"value":2590,"currency":"EUR","value_usd":3190},"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.30614082,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"24","issue":"5","first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10525","display_name":"Human-Automation Interaction and Safety","score":0.9973999857902527,"subfield":{"id":"https://openalex.org/subfields/3207","display_name":"Social Psychology"},"field":{"id":"https://openalex.org/fields/32","display_name":"Psychology"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T10525","display_name":"Human-Automation Interaction and Safety","score":0.9973999857902527,"subfield":{"id":"https://openalex.org/subfields/3207","display_name":"Social Psychology"},"field":{"id":"https://openalex.org/fields/32","display_name":"Psychology"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9850000143051147,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12888","display_name":"Military Strategy and Technology","score":0.9563000202178955,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/situation-awareness","display_name":"Situation awareness","score":0.7821000218391418},{"id":"https://openalex.org/keywords/timeline","display_name":"Timeline","score":0.7405999898910522},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6333000063896179},{"id":"https://openalex.org/keywords/information-sharing","display_name":"Information sharing","score":0.5536999702453613},{"id":"https://openalex.org/keywords/empirical-research","display_name":"Empirical research","score":0.49149999022483826},{"id":"https://openalex.org/keywords/information-technology","display_name":"Information technology","score":0.3995000123977661},{"id":"https://openalex.org/keywords/data-breach","display_name":"Data breach","score":0.38199999928474426},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.3749000132083893},{"id":"https://openalex.org/keywords/information-system","display_name":"Information system","score":0.3734000027179718}],"concepts":[{"id":"https://openalex.org/C145804949","wikidata":"https://www.wikidata.org/wiki/Q478123","display_name":"Situation awareness","level":2,"score":0.7821000218391418},{"id":"https://openalex.org/C4438859","wikidata":"https://www.wikidata.org/wiki/Q186117","display_name":"Timeline","level":2,"score":0.7405999898910522},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6333000063896179},{"id":"https://openalex.org/C2776854237","wikidata":"https://www.wikidata.org/wiki/Q6031064","display_name":"Information sharing","level":2,"score":0.5536999702453613},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5534999966621399},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5342000126838684},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.5174999833106995},{"id":"https://openalex.org/C120936955","wikidata":"https://www.wikidata.org/wiki/Q2155640","display_name":"Empirical research","level":2,"score":0.49149999022483826},{"id":"https://openalex.org/C121017731","wikidata":"https://www.wikidata.org/wiki/Q11661","display_name":"Information technology","level":2,"score":0.3995000123977661},{"id":"https://openalex.org/C165609540","wikidata":"https://www.wikidata.org/wiki/Q1172486","display_name":"Data breach","level":2,"score":0.38199999928474426},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.3749000132083893},{"id":"https://openalex.org/C180198813","wikidata":"https://www.wikidata.org/wiki/Q121182","display_name":"Information system","level":2,"score":0.3734000027179718},{"id":"https://openalex.org/C3018725008","wikidata":"https://www.wikidata.org/wiki/Q4071928","display_name":"Cyber threats","level":2,"score":0.34790000319480896},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.3422999978065491},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.33160001039505005},{"id":"https://openalex.org/C2778137410","wikidata":"https://www.wikidata.org/wiki/Q2732820","display_name":"Government (linguistics)","level":2,"score":0.3255999982357025},{"id":"https://openalex.org/C9114305","wikidata":"https://www.wikidata.org/wiki/Q1428317","display_name":"Situational ethics","level":2,"score":0.31119999289512634},{"id":"https://openalex.org/C190248442","wikidata":"https://www.wikidata.org/wiki/Q839486","display_name":"Qualitative research","level":2,"score":0.30219998955726624},{"id":"https://openalex.org/C189693848","wikidata":"https://www.wikidata.org/wiki/Q6031064","display_name":"Information exchange","level":2,"score":0.29760000109672546},{"id":"https://openalex.org/C506615639","wikidata":"https://www.wikidata.org/wiki/Q21662260","display_name":"Command and control","level":2,"score":0.29350000619888306},{"id":"https://openalex.org/C166052673","wikidata":"https://www.wikidata.org/wiki/Q83021","display_name":"Empirical evidence","level":2,"score":0.2799000144004822},{"id":"https://openalex.org/C128487930","wikidata":"https://www.wikidata.org/wiki/Q579488","display_name":"Information management","level":2,"score":0.2793999910354614},{"id":"https://openalex.org/C2776544517","wikidata":"https://www.wikidata.org/wiki/Q189447","display_name":"Unexpected events","level":2,"score":0.27900001406669617},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.27709999680519104},{"id":"https://openalex.org/C39549134","wikidata":"https://www.wikidata.org/wiki/Q133080","display_name":"Public relations","level":1,"score":0.2705000042915344},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.2639999985694885},{"id":"https://openalex.org/C62555980","wikidata":"https://www.wikidata.org/wiki/Q1460420","display_name":"Emergency management","level":2,"score":0.25279998779296875},{"id":"https://openalex.org/C121858775","wikidata":"https://www.wikidata.org/wiki/Q18600568","display_name":"Information Operations","level":2,"score":0.251800000667572}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1007/s10207-025-01106-z","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10207-025-01106-z","pdf_url":"https://link.springer.com/content/pdf/10.1007/s10207-025-01106-z.pdf","source":{"id":"https://openalex.org/S164062316","display_name":"International Journal of Information Security","issn_l":"1615-5262","issn":["1615-5262","1615-5270"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Information Security","raw_type":"journal-article"},{"id":"pmh:oai:DiVA.org:fhs-14106","is_oa":true,"landing_page_url":"http://urn.kb.se/resolve?urn=urn:nbn:se:fhs:diva-14106","pdf_url":"https://fhs.diva-portal.org/smash/get/diva2:2001860/FULLTEXT01","source":{"id":"https://openalex.org/S4306401559","display_name":"KTH Publication Database DiVA (KTH Royal Institute of Technology)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"}],"best_oa_location":{"id":"doi:10.1007/s10207-025-01106-z","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10207-025-01106-z","pdf_url":"https://link.springer.com/content/pdf/10.1007/s10207-025-01106-z.pdf","source":{"id":"https://openalex.org/S164062316","display_name":"International Journal of Information Security","issn_l":"1615-5262","issn":["1615-5262","1615-5270"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Information Security","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320325664","display_name":"F\u00f6rsvarsmakten","ror":"https://ror.org/04qn5a624"}],"has_content":{"grobid_xml":false,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4414533670.pdf"},"referenced_works_count":35,"referenced_works":["https://openalex.org/W145528294","https://openalex.org/W199490443","https://openalex.org/W1493528063","https://openalex.org/W1633862057","https://openalex.org/W1792756357","https://openalex.org/W1926713316","https://openalex.org/W1963494573","https://openalex.org/W2029173882","https://openalex.org/W2050131929","https://openalex.org/W2089773578","https://openalex.org/W2146948159","https://openalex.org/W2402196826","https://openalex.org/W2491808042","https://openalex.org/W2588452010","https://openalex.org/W2613928009","https://openalex.org/W2726869989","https://openalex.org/W2892759841","https://openalex.org/W2898349228","https://openalex.org/W2982205235","https://openalex.org/W2990495326","https://openalex.org/W3082161389","https://openalex.org/W3108159510","https://openalex.org/W3132822841","https://openalex.org/W3216622316","https://openalex.org/W4226104776","https://openalex.org/W4285180042","https://openalex.org/W4297900482","https://openalex.org/W4311693894","https://openalex.org/W4384948700","https://openalex.org/W4390869558","https://openalex.org/W4399266710","https://openalex.org/W4400835129","https://openalex.org/W4401387460","https://openalex.org/W4402933478","https://openalex.org/W4410109915"],"related_works":[],"abstract_inverted_index":{"Abstract":[0],"The":[1,109,123],"digitalization":[2],"of":[3,21,58,84,88,118,137,201],"our":[4],"societies":[5],"makes":[6],"them":[7],"increasingly":[8],"vulnerable":[9],"to":[10,37,114,161,195],"emerging":[11],"cyberthreats.":[12,202],"These":[13],"cyberthreats":[14,38],"can":[15],"manifest":[16],"themselves":[17],"in":[18,35,42,61,63,81,120,152],"the":[19,82,95,121,129,133,135,146,162,196],"form":[20,83],"organized,":[22],"sophisticated,":[23],"and":[24,39,106,145,183],"persistent":[25],"threat":[26,130],"actors,":[27],"as":[28,30,141],"well":[29],"nonadversarial":[31],"mistakes.":[32],"Staff":[33],"involved":[34,60],"responding":[36],"handling":[40,75,200],"incidents":[41],"organizations":[43],"need":[44],"cyber":[45,71,155],"situation":[46,72,156],"awareness.":[47,157],"This":[48,189],"paper":[49],"presents":[50],"a":[51,64,76,116,192],"case":[52,96],"study":[53,190],"on":[54,198],"what":[55],"challenges":[56,160],"members":[57],"staff":[59,154,170],"cybersecurity":[62],"large,":[65],"complex":[66],"organization":[67,163],"experience":[68],"when":[69],"developing":[70],"awareness":[73],"while":[74],"remote":[77],"code":[78],"execution":[79],"vulnerability":[80],"Log4Shell.":[85],"Two":[86],"types":[87,136],"qualitative":[89],"empirical":[90,110],"material":[91,111],"were":[92,164],"used":[93],"for":[94],"study,":[97],"data":[98],"collected":[99],"through":[100],"semi-structured":[101],"interviews":[102],"with":[103],"ten":[104],"informants,":[105],"internal":[107],"documentation.":[108],"was":[112,171,176,187],"analyzed":[113],"create":[115],"timeline":[117],"events":[119],"organization.":[122],"results":[124],"show":[125],"how":[126],"information":[127,150,167,186],"about":[128],"spread":[131],"throughout":[132],"organization,":[134],"artifacts":[138],"that":[139],"served":[140],"common":[142,179],"operational":[143,180],"pictures,":[144],"role":[147],"played":[148],"by":[149],"sharing":[151,168],"maintaining":[153],"Three":[158],"major":[159],"found:":[165],"(i)":[166],"among":[169],"not":[172],"effortless,":[173],"(ii)":[174],"there":[175],"no":[177],"organization-wide":[178],"picture":[181],"established,":[182],"(iii)":[184],"inaccurate":[185],"shared.":[188],"adds":[191],"real-world":[193],"contribution":[194],"literature":[197],"organizational":[199]},"counts_by_year":[],"updated_date":"2026-03-20T23:20:44.827607","created_date":"2025-10-10T00:00:00"}