In 2014, we launched our open-access repository which offers full text access to conference proceedings from many of our events including the INC and HAISA series. These papers are free to access and distribute (subject to citing the source).
Third International Conference on Human Aspects of Information Security & Assurance (HAISA 2009)
Title: Towards Understanding Diagnostic Work During the Detection and Investigation of Security Incidents
Author(s): Rodrigo Werlinger, Kasia Muldner, Kirstie Hawkey, Konstantin Beznosov
Keywords: Diagnosis, Security Incident Response, Qualitative Analysis, Collaboration, Security Tools
Abstract: This study investigates how security practitioners perform diagnostic work during the identification of security incidents. Based on empirical data from 16 interviews with security practitioners, we identify the tasks, skills, strategies, and tools that security practitioners use to diagnose security incidents. Our analysis shows that the diagnosis of security incidents is a highly collaborative activity, which may involve practitioners developing their own tools to perform specific tasks. Furthermore, our results suggest that diagnosis during security incident response is complicated by practitioners’ need to rely on tacit knowledge, as well as usability issues with security tools. We oﬀer recommendations to improve technology that supports the diagnosis of security incidents.
Download count: 1390
How to get this paper:
PDF copy of this paper is free to download. You may distribute this copy providing you cite this page as the source.