000000222 001__ 222
000000222 005__ 20130522141940.0
000000222 037__ $$aLERSSE-RefJnlPaper-2009-013
000000222 100__ $$aRodrigo Werlinger
000000222 245__ $$aPreparation, detection, and analysis: the diagnostic work of IT security incident response
000000222 260__ $$c2009-11-22
000000222 300__ $$a16
000000222 520__ $$aPurpose — The purpose of this study is to examine security incident response practices of IT security practitioners as a diagnostic work process, including the preparation phase, detection, and analysis of anomalies. Design/methodology/approach — The data set consisted of 16 semi-structured interviews with IT security practitioners from 7 organizational types (e.g., academic, government, private). The interviews were analyzed using qualitative description with constant comparison and inductive analysis of the data to analyze diagnostic work during security incident response. Findings — Our analysis shows that security incident response is a highly collaborative activity, which may involve practitioners developing their own tools to perform specific tasks. Our results also show that diagnosis during incident response is complicated by practitioners’ need to rely on tacit knowledge, as well as usability issues with security tools. Research limitations/implications — Due to the nature of semi-structured interviews, not all participants discussed security incident response at the same level of detail. More data are required to generalize and refine our findings. Originality/value — The contribution of our work is twofold. First, using empirical data, we analyze and describe the tasks, skills, strategies, and tools that security practitioners use to diagnose security incidents. Our findings enhance the research community’s understanding of the diagnostic work during security incident response. Second, we identify opportunities for future research directions related to improving security tools.
000000222 6531_ $$aHOT Admin
000000222 6531_ $$aDiagnosis
000000222 6531_ $$aSecurity Incident Response
000000222 6531_ $$aQualitative Analysis
000000222 6531_ $$aCollaboration
000000222 6531_ $$aTool Usability
000000222 700__ $$aKasia Muldner
000000222 700__ $$aKirstie Hawkey
000000222 700__ $$aKonstantin Beznosov
000000222 8560_ $$fbeznosov@ece.ubc.ca
000000222 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/222/files/222.pdf$$yTransfer from CDS 0.99.7
000000222 909C4 $$pRodrigo Werlinger, Kasia Muldner, Kirstie Hawkey, and Konstantin Beznosov. Preparation,
    detection, and analysis: the diagnostic work of IT security incident response. Journal of
    Information Management & Computer Security, 18(1):26-42, January 2010.
    
000000222 980__ $$aRefJnlPaper