Incident response teams – Challenges in supporting the organisational security function

Ahmad, 2005, An information-centric approach to data security in organizations

Alberts, 2004

Argyris, 1978

Benbasat, 1987, The case research strategy in studies of information systems, MIS Quarterly, 11, 369, 10.2307/248684

Bishop, 2003

Bishop, 2003

Cooke, 2003

Cooke, 2006

Darke, 1998, Successfully completing case study research: combining rigour, relevance and pragmatism, Information Systems Journal, 8, 273, 10.1046/j.1365-2575.1998.00040.x

Dhillon, 2001, Current directions in IS security research: towards soci-organizational perspectives, Information Systems Journal, 11, 127, 10.1046/j.1365-2575.2001.00099.x

Dixon, 1999

Jaikumar, 2002, Organizations should build an incident response team, ComputerWorld Canada, 9

Killcrece, 2003

Killcrece, 2003

Killcrece, 2004

Kim, 1993, The link between individual and organizational learning, Sloan Management Review, 35, 37

Kossakowski, 1999

Malhotra, 1996

Meijer, 2003

Melara, 2003

Mitropolous, 2006, On incident handling and response: a state-of-the-art approach, Computers and Security, 25, 351, 10.1016/j.cose.2005.09.006

National Institute of Standards and Technology, 2008

Neuman, 2006

Novak, 2007, Investigative response: after the breach, Computers and Security, 26, 183, 10.1016/j.cose.2006.08.012

SANS Institute. Computer security incident handling step by step. Available from: http://www.sans.org; n.d.

Shanks, 1993, A review of approaches in research and scholarship in information systems, 29

Shedden, 2010, Risk management standards – the perception of ease of use, Journal of Information Systems Security, 6

Siponen, 2005, Analysis of modern IS security development approaches: towards the next generation of social and adaptable ISS methods, Information and Organization, 15, 10.1016/j.infoandorg.2004.11.001

Smith, 1994, Forming an incident response team

Stephenson, 2003, Conducting incident post mortems, Computer Fraud and Security, 4, 16, 10.1016/S1361-3723(03)04012-0

Tan, 2003, Incident handling: where the need for planning is often not recognised

Van Niekerk, 2004

Van Wyk, 2001

Walsham, 1995, Interpretive case studies in IS research: nature and method, European Journal of Information Systems, 4, 74, 10.1057/ejis.1995.9

West-Brown, 2003

Werlinger, 2010, Preparation, detection, and analysis: the diagnostic work of IT security incident response, Information Management and Computer Security, 18, 26, 10.1108/09685221011035241

Whitman, 2005

Wiik, 2005, Limits to effectiveness in computer security incident response teams

Yin, 2003

Zafar, 2009, Current state of information security research in IS, Communications of the Association for Information Systems, 24, 10.17705/1CAIS.02434