Cybersecurity Incident Response in Organizations

The evolving cyber-threat landscape has given rise to new and increasingly potent attacks against organizations. Human attackers use sophisticated tools and techniques to disrupt and destroy cyber infrastructures, deny organizations access to IT services, and steal sensitive information including Intellectual Property, trade secrets and customer data.

Incident response takes place under considerable time pressure in a dynamic and rapidly changing environment with high levels of information load, information diversity and task uncertainty. Effective response requires command, control and coordination of diverse teams of organizational stakeholders as they develop situation awareness, adapt to the rapidly evolving situation, raise the necessary resources, and respond to threats.

The practice of incident response is a relatively under-studied area of research. The purpose of this special issue is to collect and disseminate the latest advances in this area for a broad audience. We seek submissions that study the real-world problem of incident response and contribute sound practical advice to industry. Papers could employ qualitative, quantitative, mixed-methods and design science techniques. Exploratory case studies and action research are welcome.

Topics of interest include (but are not limited to):

• In-depth and revelatory case studies of incident response practice in organizations
• Maturity models of incident response
• Novel conceptualizations of the practice of incident response (e.g. response agility, communication and coordination, organizational learning, knowledge sharing, sense-making, situation awareness, process improvement)
• Management of the incident response function (e.g. strategy, policy, risk, training)
• Adoption of novel technologies for incident response (e.g. data-fusion and real-time analytics)

Submission Format

The submitted papers must be written in English and describe original research which is not published nor currently under review by other journals or conferences. Author guidelines for preparation of manuscript can be found at https://www.journals.elsevier.com/computers-and-security/.

Submission Guidelines

All manuscripts and any supplementary material should be submitted through the Elsevier journal Computers & Security submission system at https://ees.elsevier.com/cose/. The authors must select VSI:Incident Response when they reach the journal type selection.

List of Guest Editors

Atif Ahmad, University of Melbourne, Australia [email protected]

Sean Maynard, University of Melbourne, Australia [email protected]

Richard Baskerville, Georgia State University, USA [email protected]

Important Dates

Submission Deadline: May 1, 2021


First Round of Reviews: Aug 1, 2021


Second Round of Reviews: Feb 1, 2022


Final Decision: May 1, 2022

References

Ahmad, A., Desouza, K. C., Maynard, S. B., Naseer, H., & Baskerville, R. L. (2020). How integration of cyber security management and incident response enables organizational learning. Journal of the Association for Information Science and Technology, 71(8), 939-953.

Ahmad, A., Webb, J., Desouza, K.C., and Boorman, J. (2019). “Strategically-Motivated Advanced Persistent Threat: Definition, Process, Tactics and a Disinformation Model of Counterattack,” Computers & Security. Vol 86, pp. 402-418.

Ahmad, A., Maynard, S.B., & Shanks, G. (2015). A Case Analysis of Information Systems and Security Incident Responses. International Journal of Information Management. 35(6), (pp. 717 -723). (Impact Factor 8.210)

Baskerville, R., Spagnoletti, P., & Kim, J. (2014). Incident-centered Information Security: Managing a Strategic Balance between Prevention and Response. Information & Management, 51(1), 138-151.

Webb, J., Ahmad, A., Maynard, S.B., & Shanks, G. (2014). A Situation Awareness Model for Information Security Risk Management. Computers & Security. 44, (pp. 1-15).

Ahmad, A., Hadjkiss, J., & Ruighaver, A.B. (2012). Incident Response Teams – Challenges in Supporting the Organizational Security Function. Computers & Security. 31(5), (pp. 643–652).