Developing decision support for cybersecurity threat and incident managers

Developing decision support for cybersecurity threat and incident managers

Cybersecurity threat and incident managers in large organizations, especially in the financial sector, are confronted more and more with an increase in volume and complexity of threats and incidents. At the same time, these managers have to deal with many internal processes and criteria, in addition...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Computers & security 2022-02, Vol.113, p.102535, Article 102535
Hauptverfasser: van der Kleij, Rick, Schraagen, Jan Maarten, Cadet, Beatrice, Young, Heather
Format: Artikel
Sprache:eng
Schlagworte:
Cognitive task analysis
Cognitive tasks
Cognitive work analysis
Cybersecurity
Decision support
Decision support systems
Financial institutions
Financial services
Incident response
Information security risk management
Memory aids
Task analysis
Threats
Work measurement
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue
container_start_page 102535
container_title Computers & security
container_volume 113
creator van der Kleij, Rick
Schraagen, Jan Maarten
Cadet, Beatrice
Young, Heather
description Cybersecurity threat and incident managers in large organizations, especially in the financial sector, are confronted more and more with an increase in volume and complexity of threats and incidents. At the same time, these managers have to deal with many internal processes and criteria, in addition to requirements from external parties, such as regulators that pose an additional challenge to handling threats and incidents. Little research has been carried out to understand to what extent decision support can aid these professionals in managing threats and incidents. The purpose of this research was to develop decision support for cybersecurity threat and incident managers in the financial sector. To this end, we carried out a cognitive task analysis and the first two phases of a cognitive work analysis, based on two rounds of in-depth interviews with ten professionals from three financial institutions. Our results show that decision support should address the problem of balancing the bigger picture with details. That is, being able to simultaneously keep the broader operational context in mind as well as adequately investigating, containing and remediating a cyberattack. In close consultation with the three financial institutions involved, we developed a critical-thinking memory aid that follows typical incident response process steps, but adds big picture elements and critical thinking steps. This should make cybersecurity threat and incident managers more aware of the broader operational implications of threats and incidents while keeping a critical mindset. Although a summative evaluation was beyond the scope of the present research, we conducted iterative formative evaluations of the memory aid that show its potential.
doi_str_mv 10.1016/j.cose.2021.102535
format Article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2624986459</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><els_id>S016740482100359X</els_id><sourcerecordid>2624986459</sourcerecordid><originalsourceid>FETCH-LOGICAL-c328t-19e8573075dfab34a849eb4561caa0e5929dc1f1f22b457fe88519e268663a083</originalsourceid><addsrcrecordid>eNp9kE1LAzEQhoMoWKt_wFPA89Yku8lmwYtU6wcFL3oOaXa2ZmmTNckW-u9NWc-eBl6eZ2Z4EbqlZEEJFff9wvgIC0YYzQHjJT9DMyprVghG5DmaZaguKlLJS3QVY08IrYWUM_T-BAfY-cG6LW7B2Gi9w3EcBh8S7nzA5riBEMGMwaYjTt8BdMLatdg6Y1twCe-109vMXKOLTu8i3PzNOfpaPX8uX4v1x8vb8nFdmJLJVNAGJK9LUvO205uy0rJqYFNxQY3WBHjDmtbQjnaM5bTuQEqeHSakEKUmspyju2nvEPzPCDGp3o_B5ZOKCVY1UlS8yRSbKBN8jAE6NQS71-GoKFGnzlSvTp2pU2dq6ixLD5ME-f-DhaCiseAMtDaASar19j_9F0v2dQY</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2624986459</pqid></control><display><type>article</type><title>Developing decision support for cybersecurity threat and incident managers</title><source>Access via ScienceDirect (Elsevier)</source><creator>van der Kleij, Rick ; Schraagen, Jan Maarten ; Cadet, Beatrice ; Young, Heather</creator><creatorcontrib>van der Kleij, Rick ; Schraagen, Jan Maarten ; Cadet, Beatrice ; Young, Heather</creatorcontrib><description>Cybersecurity threat and incident managers in large organizations, especially in the financial sector, are confronted more and more with an increase in volume and complexity of threats and incidents. At the same time, these managers have to deal with many internal processes and criteria, in addition to requirements from external parties, such as regulators that pose an additional challenge to handling threats and incidents. Little research has been carried out to understand to what extent decision support can aid these professionals in managing threats and incidents. The purpose of this research was to develop decision support for cybersecurity threat and incident managers in the financial sector. To this end, we carried out a cognitive task analysis and the first two phases of a cognitive work analysis, based on two rounds of in-depth interviews with ten professionals from three financial institutions. Our results show that decision support should address the problem of balancing the bigger picture with details. That is, being able to simultaneously keep the broader operational context in mind as well as adequately investigating, containing and remediating a cyberattack. In close consultation with the three financial institutions involved, we developed a critical-thinking memory aid that follows typical incident response process steps, but adds big picture elements and critical thinking steps. This should make cybersecurity threat and incident managers more aware of the broader operational implications of threats and incidents while keeping a critical mindset. Although a summative evaluation was beyond the scope of the present research, we conducted iterative formative evaluations of the memory aid that show its potential.</description><identifier>ISSN: 0167-4048</identifier><identifier>EISSN: 1872-6208</identifier><identifier>DOI: 10.1016/j.cose.2021.102535</identifier><language>eng</language><publisher>Amsterdam: Elsevier Ltd</publisher><subject>Cognitive task analysis ; Cognitive tasks ; Cognitive work analysis ; Cybersecurity ; Decision support ; Decision support systems ; Financial institutions ; Financial services ; Incident response ; Information security risk management ; Memory aids ; Task analysis ; Threats ; Work measurement</subject><ispartof>Computers &amp; security, 2022-02, Vol.113, p.102535, Article 102535</ispartof><rights>2021</rights><rights>Copyright Elsevier Sequoia S.A. Feb 2022</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c328t-19e8573075dfab34a849eb4561caa0e5929dc1f1f22b457fe88519e268663a083</citedby><cites>FETCH-LOGICAL-c328t-19e8573075dfab34a849eb4561caa0e5929dc1f1f22b457fe88519e268663a083</cites><orcidid>0000-0003-4467-7286 ; 0000-0003-2685-1703</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://dx.doi.org/10.1016/j.cose.2021.102535$$EHTML$$P50$$Gelsevier$$H</linktohtml><link.rule.ids>314,780,784,3550,27924,27925,45995</link.rule.ids></links><search><creatorcontrib>van der Kleij, Rick</creatorcontrib><creatorcontrib>Schraagen, Jan Maarten</creatorcontrib><creatorcontrib>Cadet, Beatrice</creatorcontrib><creatorcontrib>Young, Heather</creatorcontrib><title>Developing decision support for cybersecurity threat and incident managers</title><title>Computers &amp; security</title><description>Cybersecurity threat and incident managers in large organizations, especially in the financial sector, are confronted more and more with an increase in volume and complexity of threats and incidents. At the same time, these managers have to deal with many internal processes and criteria, in addition to requirements from external parties, such as regulators that pose an additional challenge to handling threats and incidents. Little research has been carried out to understand to what extent decision support can aid these professionals in managing threats and incidents. The purpose of this research was to develop decision support for cybersecurity threat and incident managers in the financial sector. To this end, we carried out a cognitive task analysis and the first two phases of a cognitive work analysis, based on two rounds of in-depth interviews with ten professionals from three financial institutions. Our results show that decision support should address the problem of balancing the bigger picture with details. That is, being able to simultaneously keep the broader operational context in mind as well as adequately investigating, containing and remediating a cyberattack. In close consultation with the three financial institutions involved, we developed a critical-thinking memory aid that follows typical incident response process steps, but adds big picture elements and critical thinking steps. This should make cybersecurity threat and incident managers more aware of the broader operational implications of threats and incidents while keeping a critical mindset. Although a summative evaluation was beyond the scope of the present research, we conducted iterative formative evaluations of the memory aid that show its potential.</description><subject>Cognitive task analysis</subject><subject>Cognitive tasks</subject><subject>Cognitive work analysis</subject><subject>Cybersecurity</subject><subject>Decision support</subject><subject>Decision support systems</subject><subject>Financial institutions</subject><subject>Financial services</subject><subject>Incident response</subject><subject>Information security risk management</subject><subject>Memory aids</subject><subject>Task analysis</subject><subject>Threats</subject><subject>Work measurement</subject><issn>0167-4048</issn><issn>1872-6208</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2022</creationdate><recordtype>article</recordtype><recordid>eNp9kE1LAzEQhoMoWKt_wFPA89Yku8lmwYtU6wcFL3oOaXa2ZmmTNckW-u9NWc-eBl6eZ2Z4EbqlZEEJFff9wvgIC0YYzQHjJT9DMyprVghG5DmaZaguKlLJS3QVY08IrYWUM_T-BAfY-cG6LW7B2Gi9w3EcBh8S7nzA5riBEMGMwaYjTt8BdMLatdg6Y1twCe-109vMXKOLTu8i3PzNOfpaPX8uX4v1x8vb8nFdmJLJVNAGJK9LUvO205uy0rJqYFNxQY3WBHjDmtbQjnaM5bTuQEqeHSakEKUmspyju2nvEPzPCDGp3o_B5ZOKCVY1UlS8yRSbKBN8jAE6NQS71-GoKFGnzlSvTp2pU2dq6ixLD5ME-f-DhaCiseAMtDaASar19j_9F0v2dQY</recordid><startdate>202202</startdate><enddate>202202</enddate><creator>van der Kleij, Rick</creator><creator>Schraagen, Jan Maarten</creator><creator>Cadet, Beatrice</creator><creator>Young, Heather</creator><general>Elsevier Ltd</general><general>Elsevier Sequoia S.A</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>JQ2</scope><scope>K7.</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><orcidid>https://orcid.org/0000-0003-4467-7286</orcidid><orcidid>https://orcid.org/0000-0003-2685-1703</orcidid></search><sort><creationdate>202202</creationdate><title>Developing decision support for cybersecurity threat and incident managers</title><author>van der Kleij, Rick ; Schraagen, Jan Maarten ; Cadet, Beatrice ; Young, Heather</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c328t-19e8573075dfab34a849eb4561caa0e5929dc1f1f22b457fe88519e268663a083</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2022</creationdate><topic>Cognitive task analysis</topic><topic>Cognitive tasks</topic><topic>Cognitive work analysis</topic><topic>Cybersecurity</topic><topic>Decision support</topic><topic>Decision support systems</topic><topic>Financial institutions</topic><topic>Financial services</topic><topic>Incident response</topic><topic>Information security risk management</topic><topic>Memory aids</topic><topic>Task analysis</topic><topic>Threats</topic><topic>Work measurement</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>van der Kleij, Rick</creatorcontrib><creatorcontrib>Schraagen, Jan Maarten</creatorcontrib><creatorcontrib>Cadet, Beatrice</creatorcontrib><creatorcontrib>Young, Heather</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>ProQuest Criminal Justice (Alumni)</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>Computers &amp; security</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>van der Kleij, Rick</au><au>Schraagen, Jan Maarten</au><au>Cadet, Beatrice</au><au>Young, Heather</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Developing decision support for cybersecurity threat and incident managers</atitle><jtitle>Computers &amp; security</jtitle><date>2022-02</date><risdate>2022</risdate><volume>113</volume><spage>102535</spage><pages>102535-</pages><artnum>102535</artnum><issn>0167-4048</issn><eissn>1872-6208</eissn><abstract>Cybersecurity threat and incident managers in large organizations, especially in the financial sector, are confronted more and more with an increase in volume and complexity of threats and incidents. At the same time, these managers have to deal with many internal processes and criteria, in addition to requirements from external parties, such as regulators that pose an additional challenge to handling threats and incidents. Little research has been carried out to understand to what extent decision support can aid these professionals in managing threats and incidents. The purpose of this research was to develop decision support for cybersecurity threat and incident managers in the financial sector. To this end, we carried out a cognitive task analysis and the first two phases of a cognitive work analysis, based on two rounds of in-depth interviews with ten professionals from three financial institutions. Our results show that decision support should address the problem of balancing the bigger picture with details. That is, being able to simultaneously keep the broader operational context in mind as well as adequately investigating, containing and remediating a cyberattack. In close consultation with the three financial institutions involved, we developed a critical-thinking memory aid that follows typical incident response process steps, but adds big picture elements and critical thinking steps. This should make cybersecurity threat and incident managers more aware of the broader operational implications of threats and incidents while keeping a critical mindset. Although a summative evaluation was beyond the scope of the present research, we conducted iterative formative evaluations of the memory aid that show its potential.</abstract><cop>Amsterdam</cop><pub>Elsevier Ltd</pub><doi>10.1016/j.cose.2021.102535</doi><orcidid>https://orcid.org/0000-0003-4467-7286</orcidid><orcidid>https://orcid.org/0000-0003-2685-1703</orcidid></addata></record>
fulltext fulltext
identifier ISSN: 0167-4048
ispartof Computers & security, 2022-02, Vol.113, p.102535, Article 102535
issn 0167-4048
1872-6208
language eng
recordid cdi_proquest_journals_2624986459
source Access via ScienceDirect (Elsevier)
subjects Cognitive task analysis
Cognitive tasks
Cognitive work analysis
Cybersecurity
Decision support
Decision support systems
Financial institutions
Financial services
Incident response
Information security risk management
Memory aids
Task analysis
Threats
Work measurement
title Developing decision support for cybersecurity threat and incident managers
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-03T12%3A04%3A47IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Developing%20decision%20support%20for%20cybersecurity%20threat%20and%20incident%20managers&rft.jtitle=Computers%20&%20security&rft.au=van%20der%20Kleij,%20Rick&rft.date=2022-02&rft.volume=113&rft.spage=102535&rft.pages=102535-&rft.artnum=102535&rft.issn=0167-4048&rft.eissn=1872-6208&rft_id=info:doi/10.1016/j.cose.2021.102535&rft_dat=%3Cproquest_cross%3E2624986459%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2624986459&rft_id=info:pmid/&rft_els_id=S016740482100359X&rfr_iscdi=true