Sensemaking in Cybersecurity Incident Response: The Interplay of Organizations, Technology and Individuals
This addresses the problem of understanding collaborative sensemaking for cybersecurity professionals, but it is incremental as it builds on existing sensemaking theory.
The study tackled the insufficient exploration of how organizations, technology, and individuals interact in sensemaking during cybersecurity incident response, proposing a framework that explains this interplay as enabling comprehensive incident handling.
Sensemaking is a critical activity in organizations. It is a process through which individuals ascribe meanings to events which forms the basis to facilitate collective action. However, the role of organizations, technology and individuals and their interaction in the process of sensemaking has not been sufficiently explored. This novel study seeks to address this gap by proposing a framework that explains how the interplay among organizations, technology and individuals enables sensemaking in the process of cybersecurity incident response. We propose that Organizations, Technology, and Individuals are the key components that interact in various ways to facilitate enactment, selection and retention activities (Sensemaking activities) in Incident Response. We argue that sensemaking in Incident Response is the outcome of this interaction. This interaction allows organizations to respond to cybersecurity incidents in a comprehensive manner.