{"id":"https://openalex.org/W4387628519","doi":"https://doi.org/10.1145/3617072.3617098","title":"Encouraging Organisational Information Security Incident Reporting","display_name":"Encouraging Organisational Information Security Incident Reporting","publication_year":2023,"publication_date":"2023-10-13","ids":{"openalex":"https://openalex.org/W4387628519","doi":"https://doi.org/10.1145/3617072.3617098"},"language":"en","primary_location":{"id":"doi:10.1145/3617072.3617098","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3617072.3617098","pdf_url":null,"source":null,"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2023 European Symposium on Usable Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref","datacite"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3617072.3617098","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5024046620","display_name":"Fabian Lucas Ballreich","orcid":"https://orcid.org/0009-0002-3960-8809"},"institutions":[{"id":"https://openalex.org/I102335020","display_name":"Karlsruhe Institute of Technology","ror":"https://ror.org/04t3en479","country_code":"DE","type":"education","lineage":["https://openalex.org/I102335020","https://openalex.org/I1305996414"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Fabian Lucas Ballreich","raw_affiliation_strings":["Karlsruhe Institute of Technology, Germany"],"affiliations":[{"raw_affiliation_string":"Karlsruhe Institute of Technology, Germany","institution_ids":["https://openalex.org/I102335020"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5022078187","display_name":"Melanie Volkamer","orcid":"https://orcid.org/0000-0003-2674-4043"},"institutions":[{"id":"https://openalex.org/I102335020","display_name":"Karlsruhe Institute of Technology","ror":"https://ror.org/04t3en479","country_code":"DE","type":"education","lineage":["https://openalex.org/I102335020","https://openalex.org/I1305996414"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Melanie Volkamer","raw_affiliation_strings":["Karlsruhe Institute of Technology, Germany"],"affiliations":[{"raw_affiliation_string":"Karlsruhe Institute of Technology, Germany","institution_ids":["https://openalex.org/I102335020"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5003852531","display_name":"Dirk M\u00fcllmann","orcid":"https://orcid.org/0009-0008-2435-1151"},"institutions":[{"id":"https://openalex.org/I102335020","display_name":"Karlsruhe Institute of Technology","ror":"https://ror.org/04t3en479","country_code":"DE","type":"education","lineage":["https://openalex.org/I102335020","https://openalex.org/I1305996414"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Dirk M\u00fcllmann","raw_affiliation_strings":["Karlsruhe Institute of Technology, Germany"],"affiliations":[{"raw_affiliation_string":"Karlsruhe Institute of Technology, Germany","institution_ids":["https://openalex.org/I102335020"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5089226399","display_name":"Benjamin Berens","orcid":"https://orcid.org/0000-0002-9284-7924"},"institutions":[{"id":"https://openalex.org/I102335020","display_name":"Karlsruhe Institute of Technology","ror":"https://ror.org/04t3en479","country_code":"DE","type":"education","lineage":["https://openalex.org/I102335020","https://openalex.org/I1305996414"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Benjamin Maximilian Berens","raw_affiliation_strings":["Karlsruhe Institute of Technology, Germany"],"affiliations":[{"raw_affiliation_string":"Karlsruhe Institute of Technology, Germany","institution_ids":["https://openalex.org/I102335020"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5093062292","display_name":"Elena Marie H\u00e4u\u00dfler","orcid":"https://orcid.org/0009-0002-2211-4052"},"institutions":[{"id":"https://openalex.org/I102335020","display_name":"Karlsruhe Institute of Technology","ror":"https://ror.org/04t3en479","country_code":"DE","type":"education","lineage":["https://openalex.org/I102335020","https://openalex.org/I1305996414"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Elena Marie H\u00e4u\u00dfler","raw_affiliation_strings":["Karlsruhe Institute of Technology, Germany"],"affiliations":[{"raw_affiliation_string":"Karlsruhe Institute of Technology, Germany","institution_ids":["https://openalex.org/I102335020"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5035796880","display_name":"Karen Renaud","orcid":"https://orcid.org/0000-0002-7187-6531"},"institutions":[{"id":"https://openalex.org/I165390105","display_name":"University of South Africa","ror":"https://ror.org/048cwvf49","country_code":"ZA","type":"education","lineage":["https://openalex.org/I165390105"]}],"countries":["ZA"],"is_corresponding":false,"raw_author_name":"Karen V. Renaud","raw_affiliation_strings":["University of Strathclyde, Scotland Uk and University of South Africa, South Africa and Abertay University, Scotland Uk"],"affiliations":[{"raw_affiliation_string":"University of Strathclyde, Scotland Uk and University of South Africa, South Africa and Abertay University, Scotland Uk","institution_ids":["https://openalex.org/I165390105"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5024046620"],"corresponding_institution_ids":["https://openalex.org/I102335020"],"apc_list":null,"apc_paid":null,"fwci":2.7052,"has_fulltext":true,"cited_by_count":6,"citation_normalized_percentile":{"value":0.91981683,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"224","last_page":"236"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11045","display_name":"Privacy, Security, and Data Protection","score":0.9866999983787537,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T12519","display_name":"Cybercrime and Law Enforcement Studies","score":0.9656000137329102,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/notice","display_name":"Notice","score":0.688363254070282},{"id":"https://openalex.org/keywords/work","display_name":"Work (physics)","score":0.6734440326690674},{"id":"https://openalex.org/keywords/german","display_name":"German","score":0.567351222038269},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.5494406819343567},{"id":"https://openalex.org/keywords/incident-report","display_name":"Incident report","score":0.5348784923553467},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.4631950259208679},{"id":"https://openalex.org/keywords/incident-response","display_name":"Incident response","score":0.45094820857048035},{"id":"https://openalex.org/keywords/energy","display_name":"Energy (signal processing)","score":0.41277286410331726},{"id":"https://openalex.org/keywords/public-relations","display_name":"Public relations","score":0.40651798248291016},{"id":"https://openalex.org/keywords/accounting","display_name":"Accounting","score":0.36501824855804443},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.308287650346756},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.30476057529449463},{"id":"https://openalex.org/keywords/political-science","display_name":"Political science","score":0.16091987490653992},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.1486290991306305}],"concepts":[{"id":"https://openalex.org/C2779913896","wikidata":"https://www.wikidata.org/wiki/Q7063001","display_name":"Notice","level":2,"score":0.688363254070282},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.6734440326690674},{"id":"https://openalex.org/C154775046","wikidata":"https://www.wikidata.org/wiki/Q188","display_name":"German","level":2,"score":0.567351222038269},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.5494406819343567},{"id":"https://openalex.org/C2909164965","wikidata":"https://www.wikidata.org/wiki/Q6014597","display_name":"Incident report","level":2,"score":0.5348784923553467},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.4631950259208679},{"id":"https://openalex.org/C2985105721","wikidata":"https://www.wikidata.org/wiki/Q13479512","display_name":"Incident response","level":2,"score":0.45094820857048035},{"id":"https://openalex.org/C186370098","wikidata":"https://www.wikidata.org/wiki/Q442787","display_name":"Energy (signal processing)","level":2,"score":0.41277286410331726},{"id":"https://openalex.org/C39549134","wikidata":"https://www.wikidata.org/wiki/Q133080","display_name":"Public relations","level":1,"score":0.40651798248291016},{"id":"https://openalex.org/C121955636","wikidata":"https://www.wikidata.org/wiki/Q4116214","display_name":"Accounting","level":1,"score":0.36501824855804443},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.308287650346756},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.30476057529449463},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.16091987490653992},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.1486290991306305},{"id":"https://openalex.org/C166957645","wikidata":"https://www.wikidata.org/wiki/Q23498","display_name":"Archaeology","level":1,"score":0.0},{"id":"https://openalex.org/C95457728","wikidata":"https://www.wikidata.org/wiki/Q309","display_name":"History","level":0,"score":0.0},{"id":"https://openalex.org/C105795698","wikidata":"https://www.wikidata.org/wiki/Q12483","display_name":"Statistics","level":1,"score":0.0},{"id":"https://openalex.org/C78519656","wikidata":"https://www.wikidata.org/wiki/Q101333","display_name":"Mechanical engineering","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0}],"mesh":[],"locations_count":4,"locations":[{"id":"doi:10.1145/3617072.3617098","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3617072.3617098","pdf_url":null,"source":null,"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2023 European Symposium on Usable Security","raw_type":"proceedings-article"},{"id":"pmh:oai:EVASTAR-Karlsruhe.de:1000163448","is_oa":true,"landing_page_url":"https://publikationen.bibliothek.kit.edu/1000163448","pdf_url":"https://publikationen.bibliothek.kit.edu/1000163448/151570029","source":{"id":"https://openalex.org/S4306401992","display_name":"Repository KITopen (Karlsruhe Institute of Technology)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I102335020","host_organization_name":"Karlsruhe Institute of Technology","host_organization_lineage":["https://openalex.org/I102335020"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"doc-type:conferenceObject"},{"id":"pmh:oai:strathprints.strath.ac.uk:87693","is_oa":true,"landing_page_url":"https://strathprints.strath.ac.uk/view/author/1324853.html>;","pdf_url":"https://strathprints.strath.ac.uk/87693/1/Ballreich-etal-EuroUSEC-2023-Encouraging-organisational-information-security.pdf","source":{"id":"https://openalex.org/S4306402226","display_name":"Strathprints: The University of Strathclyde institutional repository (University of Strathclyde)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I181647926","host_organization_name":"University of Strathclyde","host_organization_lineage":["https://openalex.org/I181647926"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"NonPeerReviewed"},{"id":"doi:10.5445/ir/1000163448","is_oa":true,"landing_page_url":"https://doi.org/10.5445/ir/1000163448","pdf_url":null,"source":{"id":"https://openalex.org/S7407052948","display_name":"KITopen","issn_l":null,"issn":[],"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article-journal"}],"best_oa_location":{"id":"doi:10.1145/3617072.3617098","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3617072.3617098","pdf_url":null,"source":null,"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2023 European Symposium on Usable Security","raw_type":"proceedings-article"},"sustainable_development_goals":[{"score":0.49000000953674316,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":18,"referenced_works":["https://openalex.org/W20106690","https://openalex.org/W1621268071","https://openalex.org/W2116071990","https://openalex.org/W2150104072","https://openalex.org/W2153126281","https://openalex.org/W2885975017","https://openalex.org/W2964046818","https://openalex.org/W2995773584","https://openalex.org/W3004465616","https://openalex.org/W3011777756","https://openalex.org/W3159322291","https://openalex.org/W3177589658","https://openalex.org/W3199256509","https://openalex.org/W4232453675","https://openalex.org/W4242721106","https://openalex.org/W4250007884","https://openalex.org/W4283796481","https://openalex.org/W6906522749"],"related_works":["https://openalex.org/W3204723561","https://openalex.org/W3199928954","https://openalex.org/W4251008024","https://openalex.org/W1132449169","https://openalex.org/W1991606108","https://openalex.org/W4236345345","https://openalex.org/W136373522","https://openalex.org/W4206206623","https://openalex.org/W2606977410","https://openalex.org/W2484916007"],"abstract_inverted_index":{"21st-century":[0],"organisations":[1,56],"can":[2,57],"only":[3],"learn":[4],"how":[5,98],"to":[6,41,60,114,126,155],"respond":[7],"effectively":[8],"to,":[9],"and":[10,85,112,148,164,181],"recover":[11],"from,":[12],"adverse":[13],"information":[14,103,131,169,177],"security":[15,178],"incidents":[16,22],"if":[17],"their":[18,43,46,62],"employees":[19,44,154],"report":[20],"any":[21],"they":[23,33],"notice.":[24],"This":[25],"should":[26],"happen":[27],"irrespective":[28],"of":[29,88,102,108,143,167],"whether":[30],"or":[31],"not":[32],"themselves":[34],"triggered":[35],"the":[36,77,86,92,128,141,165],"incident.":[37],"Organisations":[38],"have":[39],"started":[40],"inform":[42],"about":[45],"incident":[47,89,109,179],"reporting":[48,63,83,90,110,116,180],"obligations.":[49],"However,":[50],"there":[51],"is":[52],"little":[53],"research":[54,79],"that":[55,105],"benefit":[58],"from":[59,152],"make":[61,173],"provisions":[64],"maximally":[65],"effective.":[66],"For":[67],"this":[68],"work,":[69],"we":[70,99,149],"follow":[71],"a":[72,144,157],"multi-step":[73],"approach.(1)":[74],"We":[75,96,119,160,172],"review":[76],"related":[78],"on":[80],"reporting,":[81],"including":[82],"reluctance,":[84],"legalities":[87],"in":[91],"European":[93],"Union.":[94],"(2)":[95],"explain":[97],"developed":[100],"variations":[101],"texts":[104],"raise":[106],"awareness":[107],"obligations":[111],"aim":[113],"ameliorate":[115],"reluctance.":[117],"(3)":[118],"conducted":[120],"an":[121],"online":[122],"user":[123],"study":[124],"(n=257)":[125],"identify":[127],"most":[129,135],"effective":[130,136],"text.":[132],"(4)":[133],"The":[134],"text":[137,170],"was":[138],"deployed":[139],"by":[140],"CISO":[142],"German":[145],"energy":[146],"company":[147],"collected":[150],"feedback":[151],"24":[153],"support":[156],"qualitative":[158],"analysis.":[159],"discuss":[161],"our":[162],"experiences":[163],"implications":[166],"such":[168],"design.":[171],"recommendations":[174],"for":[175],"encouraging":[176],"suggest":[182],"future":[183],"work.":[184]},"counts_by_year":[{"year":2025,"cited_by_count":5},{"year":2024,"cited_by_count":1}],"updated_date":"2026-04-16T15:07:20.185449","created_date":"2025-10-10T00:00:00"}