{"id":"https://openalex.org/W4415688741","doi":"https://doi.org/10.1007/s10207-025-01144-7","title":"Analysing the role of LLMs in cybersecurity incident management","display_name":"Analysing the role of LLMs in cybersecurity incident management","publication_year":2025,"publication_date":"2025-10-30","ids":{"openalex":"https://openalex.org/W4415688741","doi":"https://doi.org/10.1007/s10207-025-01144-7"},"language":"en","primary_location":{"id":"doi:10.1007/s10207-025-01144-7","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10207-025-01144-7","pdf_url":"https://link.springer.com/content/pdf/10.1007/s10207-025-01144-7.pdf","source":{"id":"https://openalex.org/S164062316","display_name":"International Journal of Information Security","issn_l":"1615-5262","issn":["1615-5262","1615-5270"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Information Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://link.springer.com/content/pdf/10.1007/s10207-025-01144-7.pdf","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5108617094","display_name":"G. H. Gethin Jones","orcid":null},"institutions":[{"id":"https://openalex.org/I251738","display_name":"Edinburgh Napier University","ror":"https://ror.org/03zjvnn91","country_code":"GB","type":"education","lineage":["https://openalex.org/I251738"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Gavin Jones","raw_affiliation_strings":["School of Computing Engineering & the Built Environment, Edinburgh Napier University, Edinburgh, UK"],"affiliations":[{"raw_affiliation_string":"School of Computing Engineering & the Built Environment, Edinburgh Napier University, Edinburgh, UK","institution_ids":["https://openalex.org/I251738"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5010562761","display_name":"Dimitrios Kasimatis","orcid":"https://orcid.org/0009-0009-2036-426X"},"institutions":[{"id":"https://openalex.org/I251738","display_name":"Edinburgh Napier University","ror":"https://ror.org/03zjvnn91","country_code":"GB","type":"education","lineage":["https://openalex.org/I251738"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Dimitrios Kasimatis","raw_affiliation_strings":["School of Computing Engineering & the Built Environment, Edinburgh Napier University, Edinburgh, UK"],"affiliations":[{"raw_affiliation_string":"School of Computing Engineering & the Built Environment, Edinburgh Napier University, Edinburgh, UK","institution_ids":["https://openalex.org/I251738"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5082150685","display_name":"Nikolaos Pitropakis","orcid":"https://orcid.org/0000-0002-3392-9970"},"institutions":[{"id":"https://openalex.org/I230915877","display_name":"The American College of Greece","ror":"https://ror.org/03vkake80","country_code":"GR","type":"nonprofit","lineage":["https://openalex.org/I230915877"]}],"countries":["GR"],"is_corresponding":false,"raw_author_name":"Nikolaos Pitropakis","raw_affiliation_strings":["Department of Information Technology, The American College of Greece, Athens, Greece"],"affiliations":[{"raw_affiliation_string":"Department of Information Technology, The American College of Greece, Athens, Greece","institution_ids":["https://openalex.org/I230915877"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5055358404","display_name":"Richard Macfarlane","orcid":"https://orcid.org/0000-0002-5325-2872"},"institutions":[{"id":"https://openalex.org/I251738","display_name":"Edinburgh Napier University","ror":"https://ror.org/03zjvnn91","country_code":"GB","type":"education","lineage":["https://openalex.org/I251738"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Richard Macfarlane","raw_affiliation_strings":["School of Computing Engineering & the Built Environment, Edinburgh Napier University, Edinburgh, UK"],"affiliations":[{"raw_affiliation_string":"School of Computing Engineering & the Built Environment, Edinburgh Napier University, Edinburgh, UK","institution_ids":["https://openalex.org/I251738"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5068020099","display_name":"William J. Buchanan","orcid":"https://orcid.org/0000-0003-0809-3523"},"institutions":[{"id":"https://openalex.org/I251738","display_name":"Edinburgh Napier University","ror":"https://ror.org/03zjvnn91","country_code":"GB","type":"education","lineage":["https://openalex.org/I251738"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"William J. Buchanan","raw_affiliation_strings":["School of Computing Engineering & the Built Environment, Edinburgh Napier University, Edinburgh, UK"],"affiliations":[{"raw_affiliation_string":"School of Computing Engineering & the Built Environment, Edinburgh Napier University, Edinburgh, UK","institution_ids":["https://openalex.org/I251738"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5108617094"],"corresponding_institution_ids":["https://openalex.org/I251738"],"apc_list":{"value":2590,"currency":"EUR","value_usd":3190},"apc_paid":{"value":2590,"currency":"EUR","value_usd":3190},"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.46207892,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"24","issue":"6","first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.15760000050067902,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.15760000050067902,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.09160000085830688,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12519","display_name":"Cybercrime and Law Enforcement Studies","score":0.0681999996304512,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/consistency","display_name":"Consistency (knowledge bases)","score":0.6032000184059143},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.570900022983551},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5566999912261963},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.524399995803833},{"id":"https://openalex.org/keywords/incident-management","display_name":"Incident management","score":0.45890000462532043},{"id":"https://openalex.org/keywords/incident-response","display_name":"Incident response","score":0.4480000138282776},{"id":"https://openalex.org/keywords/work","display_name":"Work (physics)","score":0.3691999912261963}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6290000081062317},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6171000003814697},{"id":"https://openalex.org/C2776436953","wikidata":"https://www.wikidata.org/wiki/Q5163215","display_name":"Consistency (knowledge bases)","level":2,"score":0.6032000184059143},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.570900022983551},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5566999912261963},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.524399995803833},{"id":"https://openalex.org/C2780952636","wikidata":"https://www.wikidata.org/wiki/Q13479512","display_name":"Incident management","level":2,"score":0.45890000462532043},{"id":"https://openalex.org/C2985105721","wikidata":"https://www.wikidata.org/wiki/Q13479512","display_name":"Incident response","level":2,"score":0.4480000138282776},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.3691999912261963},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.366100013256073},{"id":"https://openalex.org/C2778139618","wikidata":"https://www.wikidata.org/wiki/Q13440398","display_name":"Workforce","level":2,"score":0.361299991607666},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.3280999958515167},{"id":"https://openalex.org/C2776240099","wikidata":"https://www.wikidata.org/wiki/Q327018","display_name":"Interrogation","level":2,"score":0.3158000111579895},{"id":"https://openalex.org/C48145219","wikidata":"https://www.wikidata.org/wiki/Q1335365","display_name":"Security token","level":2,"score":0.3091000020503998},{"id":"https://openalex.org/C26713055","wikidata":"https://www.wikidata.org/wiki/Q245962","display_name":"Implementation","level":2,"score":0.3057999908924103},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.28999999165534973},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.27140000462532043},{"id":"https://openalex.org/C184356942","wikidata":"https://www.wikidata.org/wiki/Q830382","display_name":"Best practice","level":2,"score":0.27070000767707825},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.26930001378059387}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1007/s10207-025-01144-7","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10207-025-01144-7","pdf_url":"https://link.springer.com/content/pdf/10.1007/s10207-025-01144-7.pdf","source":{"id":"https://openalex.org/S164062316","display_name":"International Journal of Information Security","issn_l":"1615-5262","issn":["1615-5262","1615-5270"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Information Security","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1007/s10207-025-01144-7","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10207-025-01144-7","pdf_url":"https://link.springer.com/content/pdf/10.1007/s10207-025-01144-7.pdf","source":{"id":"https://openalex.org/S164062316","display_name":"International Journal of Information Security","issn_l":"1615-5262","issn":["1615-5262","1615-5270"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Information Security","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4415688741.pdf"},"referenced_works_count":18,"referenced_works":["https://openalex.org/W2617200927","https://openalex.org/W3101684541","https://openalex.org/W3108159510","https://openalex.org/W3134211737","https://openalex.org/W3207879748","https://openalex.org/W4211103228","https://openalex.org/W4285018249","https://openalex.org/W4320921204","https://openalex.org/W4353044174","https://openalex.org/W4360980513","https://openalex.org/W4366980161","https://openalex.org/W4379259169","https://openalex.org/W4381385223","https://openalex.org/W4386693657","https://openalex.org/W4387500346","https://openalex.org/W4390191336","https://openalex.org/W4391376033","https://openalex.org/W4399732551"],"related_works":[],"abstract_inverted_index":{"Abstract":[0],"Cybersecurity":[1],"and":[2,15,30,72,78,88,96,102,112,147],"artificial":[3],"intelligence":[4],"(AI)":[5],"increasingly":[6],"intersect":[7],"as":[8,94],"organizations":[9],"grapple":[10],"with":[11],"sophisticated":[12],"cyber":[13,32],"threats":[14],"expanding":[16],"digital":[17],"landscapes.":[18],"Incident":[19],"response":[20,53],"teams":[21],"traditionally":[22],"rely":[23],"on":[24,51,138,144],"structured":[25],"procedures":[26],"to":[27,118,130],"identify,":[28],"manage,":[29],"mitigate":[31],"incidents.":[33],"Our":[34],"work":[35],"explores":[36],"the":[37],"effectiveness":[38],"of":[39,68],"generative":[40],"AI,":[41],"specifically":[42],"Large":[43],"Language":[44],"Models":[45],"(LLMs),":[46],"within":[47],"cybersecurity,":[48],"focusing":[49],"primarily":[50],"incident":[52,69,106],"processes.":[54],"Experimental":[55],"evaluations":[56],"demonstrate":[57],"that":[58],"specific":[59],"LLMs":[60],"exhibit":[61],"distinct":[62],"strengths":[63],"suitable":[64],"for":[65,83],"different":[66],"stages":[67],"management.":[70],"GPT-4o":[71],"GPT-3.5":[73],"show":[74],"high":[75],"clarity,":[76],"consistency":[77],"coherence,":[79],"making":[80],"them":[81],"appropriate":[82],"real-time":[84],"containment,":[85],"isolation,":[86],"eradication":[87],"recovery":[89],"tasks.":[90],"Conversely,":[91],"models":[92],"such":[93],"GPT-o1":[95],"GPT-4":[97],"offer":[98],"superior":[99],"reasoning":[100],"capabilities":[101],"conciseness,":[103],"better":[104],"supporting":[105],"preparation,":[107],"post-incident":[108],"analysis,":[109],"vulnerability":[110],"assessment":[111],"training":[113],"development.":[114],"Key":[115],"limitations":[116],"pertaining":[117],"current":[119],"LLM":[120],"implementations":[121],"are":[122],"identified,":[123],"particularly":[124],"token":[125],"context":[126],"constraints":[127],"in":[128],"addition":[129],"a":[131],"discussion":[132],"about":[133],"ethical":[134],"considerations":[135],"regarding":[136],"reliance":[137],"AI":[139],"responses,":[140],"including":[141],"potential":[142],"impacts":[143],"workforce":[145],"skills":[146],"organizational":[148],"security":[149],"posture.":[150]},"counts_by_year":[],"updated_date":"2026-03-11T06:11:40.159057","created_date":"2025-10-30T00:00:00"}