How can organizations develop situation awareness for incident response: a case study of management practice

Atif Ahmad, Sean B. Maynard, Kevin C. Desouza, James Kotsias, Monica T. Whitty, Richard L. Baskerville

Research output: Contribution to journalArticleResearchpeer-review

40 Citations (Scopus)


Organized, sophisticated and persistent cyber-threat-actors pose a significant challenge to large, high-value organizations. They are capable of disrupting and destroying cyber infrastructures, denying organizations access to IT services, and stealing sensitive information including intellectual property, trade secrets and customer data. Past research points to Situation Awareness as critical to effective response. However, most research has focused on the technological perspective with comparatively less focus on the practice perspective. We therefore present an in-depth case study of a leading financial organization with a well-resourced and mature incident response capability that has evolved as a result of experiences with past attacks. Our contribution is a process model that explains how organizations can practice situation awareness of the cyber-threat landscape and the broad business context in incident response.

Original languageEnglish
Article number102122
Number of pages15
JournalComputers and Security
Publication statusPublished - Feb 2021
Externally publishedYes


  • Case study
  • Cybersecurity
  • Cybersecurity management
  • Incident response
  • Information security management
  • Process model
  • Situation awareness

Cite this