{"id":"https://openalex.org/W3207647981","doi":"https://doi.org/10.1145/3476079","title":"A Case Study of Phishing Incident Response in an Educational Organization","display_name":"A Case Study of Phishing Incident Response in an Educational Organization","publication_year":2021,"publication_date":"2021-10-13","ids":{"openalex":"https://openalex.org/W3207647981","doi":"https://doi.org/10.1145/3476079","mag":"3207647981"},"language":"en","primary_location":{"id":"doi:10.1145/3476079","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3476079","pdf_url":null,"source":{"id":"https://openalex.org/S4210183893","display_name":"Proceedings of the ACM on Human-Computer Interaction","issn_l":"2573-0142","issn":["2573-0142"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM on Human-Computer Interaction","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5067988533","display_name":"Kholoud Althobaiti","orcid":"https://orcid.org/0000-0002-7299-7095"},"institutions":[{"id":"https://openalex.org/I98677209","display_name":"University of Edinburgh","ror":"https://ror.org/01nrxwf90","country_code":"GB","type":"education","lineage":["https://openalex.org/I98677209"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Kholoud Althobaiti","raw_affiliation_strings":["The University of Edinburgh &amp; Taif University, Edinburgh, United Kingdom"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"The University of Edinburgh &amp; Taif University, Edinburgh, United Kingdom","institution_ids":["https://openalex.org/I98677209"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5085518786","display_name":"Adam Jenkins","orcid":"https://orcid.org/0000-0001-7865-0087"},"institutions":[{"id":"https://openalex.org/I98677209","display_name":"University of Edinburgh","ror":"https://ror.org/01nrxwf90","country_code":"GB","type":"education","lineage":["https://openalex.org/I98677209"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Adam D G Jenkins","raw_affiliation_strings":["University of Edinburgh, Edinburgh, United Kingdom"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Edinburgh, Edinburgh, United Kingdom","institution_ids":["https://openalex.org/I98677209"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5082266410","display_name":"Kami Vaniea","orcid":"https://orcid.org/0000-0001-8042-3342"},"institutions":[{"id":"https://openalex.org/I98677209","display_name":"University of Edinburgh","ror":"https://ror.org/01nrxwf90","country_code":"GB","type":"education","lineage":["https://openalex.org/I98677209"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Kami Vaniea","raw_affiliation_strings":["University of Edinburgh, Edinburgh, United Kingdom"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Edinburgh, Edinburgh, United Kingdom","institution_ids":["https://openalex.org/I98677209"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5067988533"],"corresponding_institution_ids":["https://openalex.org/I98677209"],"apc_list":null,"apc_paid":null,"fwci":3.9815,"has_fulltext":false,"cited_by_count":21,"citation_normalized_percentile":{"value":0.94311401,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":"5","issue":"CSCW2","first_page":"1","last_page":"32"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9983000159263611,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/desk","display_name":"Desk","score":0.6427940726280212},{"id":"https://openalex.org/keywords/workflow","display_name":"Workflow","score":0.6298417448997498},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.5593819618225098},{"id":"https://openalex.org/keywords/phishing","display_name":"Phishing","score":0.5466738939285278},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5459467768669128},{"id":"https://openalex.org/keywords/incident-response","display_name":"Incident response","score":0.4943656921386719},{"id":"https://openalex.org/keywords/work","display_name":"Work (physics)","score":0.4676620066165924},{"id":"https://openalex.org/keywords/incident-management","display_name":"Incident management","score":0.4366682767868042},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.4340430796146393},{"id":"https://openalex.org/keywords/knowledge-management","display_name":"Knowledge management","score":0.4097551107406616},{"id":"https://openalex.org/keywords/process-management","display_name":"Process management","score":0.39262402057647705},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.3849859833717346},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.38273268938064575},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.2729957699775696},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.22488689422607422},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.16190636157989502}],"concepts":[{"id":"https://openalex.org/C2776545233","wikidata":"https://www.wikidata.org/wiki/Q1064858","display_name":"Desk","level":2,"score":0.6427940726280212},{"id":"https://openalex.org/C177212765","wikidata":"https://www.wikidata.org/wiki/Q627335","display_name":"Workflow","level":2,"score":0.6298417448997498},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.5593819618225098},{"id":"https://openalex.org/C83860907","wikidata":"https://www.wikidata.org/wiki/Q135005","display_name":"Phishing","level":3,"score":0.5466738939285278},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5459467768669128},{"id":"https://openalex.org/C2985105721","wikidata":"https://www.wikidata.org/wiki/Q13479512","display_name":"Incident response","level":2,"score":0.4943656921386719},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.4676620066165924},{"id":"https://openalex.org/C2780952636","wikidata":"https://www.wikidata.org/wiki/Q13479512","display_name":"Incident management","level":2,"score":0.4366682767868042},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.4340430796146393},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.4097551107406616},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.39262402057647705},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.3849859833717346},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.38273268938064575},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.2729957699775696},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.22488689422607422},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.16190636157989502},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.0},{"id":"https://openalex.org/C78519656","wikidata":"https://www.wikidata.org/wiki/Q101333","display_name":"Mechanical engineering","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3476079","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3476079","pdf_url":null,"source":{"id":"https://openalex.org/S4210183893","display_name":"Proceedings of the ACM on Human-Computer Interaction","issn_l":"2573-0142","issn":["2573-0142"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM on Human-Computer Interaction","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.5899999737739563,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":85,"referenced_works":["https://openalex.org/W29249083","https://openalex.org/W138198488","https://openalex.org/W194597101","https://openalex.org/W591589697","https://openalex.org/W647472823","https://openalex.org/W1442570287","https://openalex.org/W1524818324","https://openalex.org/W1533307491","https://openalex.org/W1582830784","https://openalex.org/W1595460242","https://openalex.org/W1932740793","https://openalex.org/W1967187672","https://openalex.org/W1970450852","https://openalex.org/W1971010819","https://openalex.org/W1974075050","https://openalex.org/W1979725670","https://openalex.org/W1980898836","https://openalex.org/W1981681059","https://openalex.org/W1983581110","https://openalex.org/W1988453576","https://openalex.org/W1995926991","https://openalex.org/W1999802409","https://openalex.org/W2015493345","https://openalex.org/W2016540947","https://openalex.org/W2019176237","https://openalex.org/W2029591949","https://openalex.org/W2031999883","https://openalex.org/W2036225462","https://openalex.org/W2037715679","https://openalex.org/W2038168246","https://openalex.org/W2040521904","https://openalex.org/W2041350032","https://openalex.org/W2052176706","https://openalex.org/W2055127755","https://openalex.org/W2063466632","https://openalex.org/W2070037319","https://openalex.org/W2071869991","https://openalex.org/W2087094682","https://openalex.org/W2095638537","https://openalex.org/W2110642396","https://openalex.org/W2114627300","https://openalex.org/W2118123302","https://openalex.org/W2120575289","https://openalex.org/W2121513440","https://openalex.org/W2131906261","https://openalex.org/W2136136174","https://openalex.org/W2140976335","https://openalex.org/W2154994646","https://openalex.org/W2184117982","https://openalex.org/W2184687371","https://openalex.org/W2185773889","https://openalex.org/W2278316643","https://openalex.org/W2292691859","https://openalex.org/W2329226491","https://openalex.org/W2474235677","https://openalex.org/W2513442265","https://openalex.org/W2514696089","https://openalex.org/W2537669654","https://openalex.org/W2548757713","https://openalex.org/W2561164078","https://openalex.org/W2568368320","https://openalex.org/W2577223672","https://openalex.org/W2586495638","https://openalex.org/W2586631747","https://openalex.org/W2599060790","https://openalex.org/W2620949767","https://openalex.org/W2753877802","https://openalex.org/W2796098074","https://openalex.org/W2893240802","https://openalex.org/W2898538513","https://openalex.org/W2898983472","https://openalex.org/W2941428017","https://openalex.org/W2944554782","https://openalex.org/W2965547394","https://openalex.org/W2965877922","https://openalex.org/W2969370724","https://openalex.org/W2982546300","https://openalex.org/W2986291326","https://openalex.org/W2993567264","https://openalex.org/W2999720669","https://openalex.org/W3031041923","https://openalex.org/W3048960967","https://openalex.org/W3093549234","https://openalex.org/W4213012696","https://openalex.org/W4285719527"],"related_works":["https://openalex.org/W4236345345","https://openalex.org/W2170135113","https://openalex.org/W3174670271","https://openalex.org/W3199928954","https://openalex.org/W3204723561","https://openalex.org/W4251008024","https://openalex.org/W1561922874","https://openalex.org/W3022724426","https://openalex.org/W2249861023","https://openalex.org/W4206206623"],"abstract_inverted_index":{"Malicious":[0],"communications":[1],"aimed":[2],"at":[3,51],"tricking":[4],"employees":[5],"are":[6,101],"a":[7,52,102,156],"serious":[8],"threat":[9],"for":[10,19,143],"organizations,":[11],"necessitating":[12],"the":[13,48,64,82,96,124,135,141],"creation":[14],"of":[15,59,138,159],"procedures":[16],"and":[17,44,74,84,98,114,133,140,152],"policies":[18],"quickly":[20],"respond":[21],"to":[22,46,90,122,149],"ongoing":[23],"attacks.":[24],"While":[25],"automated":[26],"measures":[27],"provide":[28],"some":[29],"protection,":[30],"they":[31,70],"cannot":[32],"completely":[33],"protect":[34],"an":[35],"organization.":[36],"In":[37],"this":[38],"case":[39],"study,":[40],"we":[41],"use":[42,55,87],"interviews":[43],"observations":[45],"explore":[47],"processes":[49,67],"staff":[50],"large":[53,118],"University":[54],"when":[56],"handling":[57],"reports":[58,89],"malicious":[60],"communication,":[61],"including":[62],"how":[63,75],"help":[65,125],"desk":[66,126],"reports,":[68,128],"whom":[69],"escalate":[71],"them":[72],"to,":[73],"teams":[76,109],"who":[77],"manage":[78],"protections":[79],"such":[80],"as":[81],"firewalls":[83],"mail":[85],"relays":[86],"these":[88],"improve":[91],"defenses.":[92],"We":[93,145],"found":[94,121],"that":[95],"process":[97,105],"work":[99],"patterns":[100],"distributed":[103],"cognitive":[104],"requiring":[106],"multiple":[107],"distinct":[108],"with":[110,127],"narrow":[111],"system":[112],"access":[113],"tactic":[115],"knowledge.":[116],"Sudden":[117],"campaigns":[119],"were":[120],"overwhelm":[123],"greatly":[129],"impacting":[130],"staff's":[131],"workflow":[132],"hindering":[134],"effective":[136],"application":[137],"mitigations":[139],"potential":[142,147],"reflection.":[144],"detail":[146],"improvements":[148],"ticketing":[150],"systems":[151],"reflect":[153],"on":[154],"ITIL,":[155],"common":[157],"framework":[158],"best":[160],"practice":[161],"in":[162],"IT":[163],"management.":[164]},"counts_by_year":[{"year":2025,"cited_by_count":7},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":8},{"year":2022,"cited_by_count":2}],"updated_date":"2026-05-21T06:26:12.895304","created_date":"2025-10-10T00:00:00"}