Cybersecurity Incident Response (IR) teams mitigate the impact of adverse cyber-related events in organisations. Field studies of IR teams suggest that at present the process of IR is underdeveloped with a focus on the technological dimension with little consideration of practice capability. To improve IR capabilities, we develop a scenario-based training approach to assist organisations to overcome socio-technical barriers to IR. The training approach is informed by a comprehensive list of socio-technical barriers compiled from a review of the literature. Our primary contribution is a novel meta-level framework to generate scenarios specifically targeting socio-technical issues. As a first step towards demonstrating the utility of the framework, a proof-of-concept scenario is presented.
O'Neill, Ashley; Maynard, Sean B.; Ahmad, Atif; and Filippou, Justin, "Cybersecurity Incident Response in Organisations: A Meta-level Framework for Scenario-based Training" (2022). ACIS 2022 Proceedings. 35.