{"id":"https://openalex.org/W1988453576","doi":"https://doi.org/10.1108/09685221011035241","title":"Preparation, detection, and analysis: the diagnostic work of IT security incident response","display_name":"Preparation, detection, and analysis: the diagnostic work of IT security incident response","publication_year":2010,"publication_date":"2010-03-13","ids":{"openalex":"https://openalex.org/W1988453576","doi":"https://doi.org/10.1108/09685221011035241","mag":"1988453576"},"language":"en","primary_location":{"id":"doi:10.1108/09685221011035241","is_oa":false,"landing_page_url":"https://doi.org/10.1108/09685221011035241","pdf_url":null,"source":{"id":"https://openalex.org/S204075876","display_name":"Information Management & Computer Security","issn_l":"0968-5227","issn":["0968-5227","1758-5805"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319811","host_organization_name":"Emerald Publishing Limited","host_organization_lineage":["https://openalex.org/P4310319811"],"host_organization_lineage_names":["Emerald Publishing Limited"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information Management &amp; Computer Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5087005536","display_name":"Rodrigo Werlinger","orcid":null},"institutions":[{"id":"https://openalex.org/I141945490","display_name":"University of British Columbia","ror":"https://ror.org/03rmrcq20","country_code":"CA","type":"education","lineage":["https://openalex.org/I141945490"]}],"countries":["CA"],"is_corresponding":true,"raw_author_name":"Rodrigo Werlinger","raw_affiliation_strings":["University of British Columbia, Vancouver, Canada","University of British Columbia  Vancouver Canada"],"affiliations":[{"raw_affiliation_string":"University of British Columbia, Vancouver, Canada","institution_ids":["https://openalex.org/I141945490"]},{"raw_affiliation_string":"University of British Columbia  Vancouver Canada","institution_ids":["https://openalex.org/I141945490"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5026476203","display_name":"Kasia M\u00fcldner","orcid":"https://orcid.org/0000-0003-4660-5315"},"institutions":[{"id":"https://openalex.org/I55732556","display_name":"Arizona State University","ror":"https://ror.org/03efmqc40","country_code":"US","type":"education","lineage":["https://openalex.org/I55732556"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Kasia Muldner","raw_affiliation_strings":["School of Computing and Informatics, Arizona State University, Tempe, Arizona, USA","(School of Computing and Informatics, Arizona State University, Tempe, Arizona, USA)"],"affiliations":[{"raw_affiliation_string":"School of Computing and Informatics, Arizona State University, Tempe, Arizona, USA","institution_ids":["https://openalex.org/I55732556"]},{"raw_affiliation_string":"(School of Computing and Informatics, Arizona State University, Tempe, Arizona, USA)","institution_ids":["https://openalex.org/I55732556"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5091571857","display_name":"Kirstie Hawkey","orcid":null},"institutions":[{"id":"https://openalex.org/I141945490","display_name":"University of British Columbia","ror":"https://ror.org/03rmrcq20","country_code":"CA","type":"education","lineage":["https://openalex.org/I141945490"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Kirstie Hawkey","raw_affiliation_strings":["University of British Columbia, Vancouver, Canada","University of British Columbia  Vancouver Canada"],"affiliations":[{"raw_affiliation_string":"University of British Columbia, Vancouver, Canada","institution_ids":["https://openalex.org/I141945490"]},{"raw_affiliation_string":"University of British Columbia  Vancouver Canada","institution_ids":["https://openalex.org/I141945490"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5035380853","display_name":"Konstantin Beznosov","orcid":"https://orcid.org/0000-0002-1327-7477"},"institutions":[{"id":"https://openalex.org/I141945490","display_name":"University of British Columbia","ror":"https://ror.org/03rmrcq20","country_code":"CA","type":"education","lineage":["https://openalex.org/I141945490"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Konstantin Beznosov","raw_affiliation_strings":["University of British Columbia, Vancouver, Canada","University of British Columbia  Vancouver Canada"],"affiliations":[{"raw_affiliation_string":"University of British Columbia, Vancouver, Canada","institution_ids":["https://openalex.org/I141945490"]},{"raw_affiliation_string":"University of British Columbia  Vancouver Canada","institution_ids":["https://openalex.org/I141945490"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5087005536"],"corresponding_institution_ids":["https://openalex.org/I141945490"],"apc_list":null,"apc_paid":null,"fwci":12.1407,"has_fulltext":false,"cited_by_count":94,"citation_normalized_percentile":{"value":0.98286111,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":100},"biblio":{"volume":"18","issue":"1","first_page":"26","last_page":"42"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9958000183105469,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9904000163078308,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5820844173431396},{"id":"https://openalex.org/keywords/originality","display_name":"Originality","score":0.5437697768211365},{"id":"https://openalex.org/keywords/incident-management","display_name":"Incident management","score":0.5350191593170166},{"id":"https://openalex.org/keywords/work","display_name":"Work (physics)","score":0.529094934463501},{"id":"https://openalex.org/keywords/usability","display_name":"Usability","score":0.5198100805282593},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.5124395489692688},{"id":"https://openalex.org/keywords/tacit-knowledge","display_name":"Tacit knowledge","score":0.5096273422241211},{"id":"https://openalex.org/keywords/knowledge-management","display_name":"Knowledge management","score":0.4621686637401581},{"id":"https://openalex.org/keywords/incident-response","display_name":"Incident response","score":0.44655317068099976},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.38237905502319336},{"id":"https://openalex.org/keywords/qualitative-research","display_name":"Qualitative research","score":0.28979313373565674},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.11398899555206299},{"id":"https://openalex.org/keywords/sociology","display_name":"Sociology","score":0.08553895354270935}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5820844173431396},{"id":"https://openalex.org/C2776950860","wikidata":"https://www.wikidata.org/wiki/Q2914681","display_name":"Originality","level":3,"score":0.5437697768211365},{"id":"https://openalex.org/C2780952636","wikidata":"https://www.wikidata.org/wiki/Q13479512","display_name":"Incident management","level":2,"score":0.5350191593170166},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.529094934463501},{"id":"https://openalex.org/C170130773","wikidata":"https://www.wikidata.org/wiki/Q216378","display_name":"Usability","level":2,"score":0.5198100805282593},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.5124395489692688},{"id":"https://openalex.org/C2779561248","wikidata":"https://www.wikidata.org/wiki/Q743861","display_name":"Tacit knowledge","level":2,"score":0.5096273422241211},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.4621686637401581},{"id":"https://openalex.org/C2985105721","wikidata":"https://www.wikidata.org/wiki/Q13479512","display_name":"Incident response","level":2,"score":0.44655317068099976},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.38237905502319336},{"id":"https://openalex.org/C190248442","wikidata":"https://www.wikidata.org/wiki/Q839486","display_name":"Qualitative research","level":2,"score":0.28979313373565674},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.11398899555206299},{"id":"https://openalex.org/C144024400","wikidata":"https://www.wikidata.org/wiki/Q21201","display_name":"Sociology","level":0,"score":0.08553895354270935},{"id":"https://openalex.org/C36289849","wikidata":"https://www.wikidata.org/wiki/Q34749","display_name":"Social science","level":1,"score":0.0},{"id":"https://openalex.org/C78519656","wikidata":"https://www.wikidata.org/wiki/Q101333","display_name":"Mechanical engineering","level":1,"score":0.0},{"id":"https://openalex.org/C107457646","wikidata":"https://www.wikidata.org/wiki/Q207434","display_name":"Human\u2013computer interaction","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1108/09685221011035241","is_oa":false,"landing_page_url":"https://doi.org/10.1108/09685221011035241","pdf_url":null,"source":{"id":"https://openalex.org/S204075876","display_name":"Information Management & Computer Security","issn_l":"0968-5227","issn":["0968-5227","1758-5805"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319811","host_organization_name":"Emerald Publishing Limited","host_organization_lineage":["https://openalex.org/P4310319811"],"host_organization_lineage_names":["Emerald Publishing Limited"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Information Management &amp; Computer Security","raw_type":"journal-article"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.659.1466","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.659.1466","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://lersse-dl.ece.ubc.ca/record/222/files/222.pdf?version%3D1","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":33,"referenced_works":["https://openalex.org/W109631643","https://openalex.org/W1606540910","https://openalex.org/W1914118524","https://openalex.org/W1976815164","https://openalex.org/W1979725670","https://openalex.org/W1984354322","https://openalex.org/W2003325641","https://openalex.org/W2006568990","https://openalex.org/W2019172453","https://openalex.org/W2025280003","https://openalex.org/W2026212330","https://openalex.org/W2037697692","https://openalex.org/W2050997510","https://openalex.org/W2073104441","https://openalex.org/W2098112891","https://openalex.org/W2107457868","https://openalex.org/W2113147897","https://openalex.org/W2116197614","https://openalex.org/W2121513440","https://openalex.org/W2122382822","https://openalex.org/W2129298892","https://openalex.org/W2133800002","https://openalex.org/W2134287485","https://openalex.org/W2139684605","https://openalex.org/W2146356111","https://openalex.org/W2159165123","https://openalex.org/W2169691657","https://openalex.org/W2293921399","https://openalex.org/W2337987024","https://openalex.org/W2346085410","https://openalex.org/W4249792657","https://openalex.org/W6679458849","https://openalex.org/W6680099259"],"related_works":["https://openalex.org/W4236345345","https://openalex.org/W2170135113","https://openalex.org/W3174670271","https://openalex.org/W3199928954","https://openalex.org/W3204723561","https://openalex.org/W4251008024","https://openalex.org/W3022724426","https://openalex.org/W1561922874","https://openalex.org/W2249861023","https://openalex.org/W4206206623"],"abstract_inverted_index":{"Purpose":[0],"The":[1,34,55,80,104,164,194],"purpose":[2],"of":[3,13,31,38,68,137,151,166,201],"this":[4],"paper":[5,176,211],"is":[6,87,113,169],"to":[7,71,100,118,134,157,190,219],"examine":[8],"security":[9,17,44,76,84,129,144,187,192,206,221],"incident":[10,77,85,111,145,207],"response":[11,86,112,146],"practices":[12],"information":[14],"technology":[15],"(IT)":[16],"practitioners":[18,45,95,188],"as":[19,123,125],"a":[20,88],"diagnostic":[21,73,203],"work":[22,74,168,204],"process,":[23],"including":[24],"the":[25,69,135,148,161,167,175,180,197,202,210],"preparation":[26],"phase,":[27],"detection,":[28],"and":[29,53,65,159,178,184],"analysis":[30,67,81],"anomalies.":[32],"Design/methodology/approach":[33],"data":[35,70,154],"set":[36],"consisted":[37],"16":[39],"semi\u2010structured":[40,138],"interviews":[41,56],"with":[42,62,128],"IT":[43],"from":[46],"seven":[47],"organizational":[48],"types":[49],"(e.g.":[50],"academic,":[51],"government,":[52],"private).":[54],"were":[57],"analyzed":[58],"using":[59,172],"qualitative":[60],"description":[61],"constant":[63],"comparison":[64],"inductive":[66],"analyze":[72],"during":[75,110,205],"response.":[78,208],"Findings":[79],"shows":[82],"that":[83,108,186],"highly":[89],"collaborative":[90],"activity,":[91],"which":[92],"may":[93],"involve":[94],"developing":[96],"their":[97],"own":[98],"tools":[99,185],"perform":[101],"specific":[102],"tasks.":[103],"results":[105],"also":[106],"show":[107],"diagnosis":[109],"complicated":[114],"by":[115],"practitioners'":[116],"need":[117],"rely":[119],"on":[120],"tacit":[121],"knowledge,":[122],"well":[124],"usability":[126],"issues":[127],"tools.":[130,222],"Research":[131],"limitations/implications":[132],"Owing":[133],"nature":[136],"interviews,":[139],"not":[140],"all":[141],"participants":[142],"discussed":[143],"at":[147],"same":[149],"level":[150],"detail.":[152],"More":[153],"are":[155],"required":[156],"generalize":[158],"refine":[160],"findings.":[162],"Originality/value":[163],"contribution":[165],"twofold.":[170],"First,":[171],"empirical":[173],"data,":[174],"analyzes":[177],"describes":[179],"tasks,":[181],"skills,":[182],"strategies,":[183],"use":[189],"diagnose":[191],"incidents.":[193],"findings":[195],"enhance":[196],"research":[198,216],"community's":[199],"understanding":[200],"Second,":[209],"identifies":[212],"opportunities":[213],"for":[214],"future":[215],"directions":[217],"related":[218],"improving":[220]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":4},{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":10},{"year":2020,"cited_by_count":9},{"year":2019,"cited_by_count":7},{"year":2018,"cited_by_count":13},{"year":2017,"cited_by_count":4},{"year":2016,"cited_by_count":7},{"year":2015,"cited_by_count":7},{"year":2014,"cited_by_count":6},{"year":2013,"cited_by_count":8},{"year":2012,"cited_by_count":5}],"updated_date":"2026-04-05T17:49:38.594831","created_date":"2025-10-10T00:00:00"}