Cybersecurity Incident Response in Organisations: A Meta-level Framework for Scenario-based Training
This work addresses the problem of improving incident response training for cybersecurity teams in organizations, focusing on socio-technical aspects, but it appears incremental as it builds on existing literature and lacks broad validation.
The authors tackled the underdeveloped process of cybersecurity incident response by developing a scenario-based training approach to address socio-technical barriers, resulting in a novel meta-level framework for generating targeted scenarios, with a proof-of-concept scenario provided.
Cybersecurity incident response teams mitigate the impact of adverse cyber-related events in organisations. Field studies of IR teams suggest that at present the process of IR is under-developed with a focus on the technological dimension with little consideration of practice capability. To address this gap, we develop a scenario-based training approach to assist organisations to overcome socio-technical barriers to incident response. The training approach is informed by a comprehensive list of socio-technical barriers compiled from a comprehensive review of the literature. Our primary contribution is a novel meta-level framework to generate scenarios specifically targeting socio-technical issues. To demonstrate the utility of the framework, a proof-of-concept scenario is presented.