000000208 001__ 208
000000208 005__ 20130522141941.0
000000208 037__ $$aLERSSE-RefConfPaper-2009-037
000000208 041__ $$aeng
000000208 100__ $$aRodrigo Werlinger
000000208 245__ $$aTowards Understanding Diagnostic Work During the Detection and Investigation of Security Incidents
000000208 260__ $$c2009-06-25
000000208 300__ $$a14
000000208 520__ $$aThis study investigates how security practitioners perform diagnostic work during the identification of security incidents. Based on empirical data from 16 interviews with security practitioners, we identify the tasks, skills, strategies and tools that security practitioners use to diagnose security incidents. Our analysis shows that diagnosis is a highly collaborative activity, which may involve practitioners developing their own tools to perform specific tasks. Our results also show that diagnosis during incident response is complicated by practitioners’ need to rely on tacit knowledge, as well as usability issues with security tools. We offer recommendations to improve technology that supports the diagnosis of security incidents.
000000208 6531_ $$aDiagnosis
000000208 6531_ $$aSecurity Incident Response
000000208 6531_ $$aQualitative Analysis
000000208 6531_ $$aCollaboration
000000208 6531_ $$aHOT Admin
000000208 700__ $$aKasia Muldner
000000208 700__ $$aKirstie Hawkey 
000000208 700__ $$aKonstantin Beznosov
000000208 8560_ $$fhawkey@ece.ubc.ca
000000208 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/208/files/208.pdf$$yTransfer from CDS 0.99.7
000000208 909C4 $$pWerlinger, R., Muldner, K., Hawkey, K., and Beznosov, K. (2009). Towards Understanding Diagnostic Work during the Detection and Investigation of Security Incidents. Proc. of Int. Symposium on Human Aspects of Information Security & Assurance (HAISA 2009), Athens, Greece, June 25-26, 2009, 119-132.
000000208 980__ $$aRefConfPaper