Encouraging organisational information security incident reporting

Ballreich, Fabian Lucas and Volkamer, Melanie and Müllmann, Dirk and Berens, Benjamin and Häußler, Elena Marie and Renaud, Karen; (2023) Encouraging organisational information security incident reporting. In: EuroUSEC '23. ACM International Conference Proceeding Series . ACM, DNK, 224–236. ISBN 9798400708145 (https://doi.org/10.1145/3617072.3617098)

Preview

Text. Filename: Ballreich-etal-EuroUSEC-2023-Encouraging-organisational-information-security.pdf Accepted Author Manuscript License: Strathprints license 1.0 Download (1MB)| Preview

Abstract

21st-century organisations can only learn how to respond effectively to, and recover from, adverse information security incidents if their employees report any incidents they notice. This should happen irrespective of whether or not they themselves triggered the incident. Organisations have started to inform their employees about their incident reporting obligations. However, there is little research that organisations can benefit from to make their reporting provisions maximally effective. For this work, we follow a multi-step approach.(1) We review the related research on reporting, including reporting reluctance, and the legalities of incident reporting in the European Union. (2) We explain how we developed variations of information texts that raise awareness of incident reporting obligations and aim to ameliorate reporting reluctance. (3) We conducted an online user study (n=257) to identify the most effective information text. (4) The most effective text was deployed by the CISO of a German energy company and we collected feedback from 24 employees to support a qualitative analysis. We discuss our experiences and the implications of such information text design. We make recommendations for encouraging information security incident reporting and suggest future work.

ORCID iDs

Renaud, Karen ORCID: https://orcid.org/0000-0002-7187-6531

• Share and Export
  

  RDF+XMLBibTeXRIOXX2 XMLRDF+N-TriplesJSONDublin CoreAtomSimple MetadataReferMETSHTML CitationASCII CitationOpenURL ContextObjectEndNoteOpenURL ContextObject in SpanMODSMPEG-21 DIDLEP3 XMLData Cite XMLRIS (EndNote Online, Zotero, Ref manager, etc)RDF+N3Multiline CSV
• Item metadata

  Item type:	Book Section
  ID code:	87693
  Dates:	Date Event 16 October 2023 Published 18 August 2023 Accepted
  Subjects:	Science > Mathematics > Electronic computers. Computer science > Other topics, A-Z > Human-computer interaction
  Department:	Faculty of Science > Computer and Information Sciences
  Depositing user:	Pure Administrator
  Date deposited:	20 Dec 2023 15:33
  Last modified:	19 Nov 2024 01:24
  Related URLs:	Event
  URI:	https://strathprints.strath.ac.uk/id/eprint/87693