{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,5]],"date-time":"2026-04-05T23:10:13Z","timestamp":1775430613358,"version":"3.50.1"},"publisher-location":"Cham","reference-count":16,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032147813","type":"print"},{"value":"9783032147820","type":"electronic"}],"license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-3-032-14782-0_26","type":"book-chapter","created":{"date-parts":[[2026,4,5]],"date-time":"2026-04-05T22:40:14Z","timestamp":1775428814000},"page":"484-502","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Understanding APT Defense Through Expert Eyes: A Critical Exploration of\u00a0Perceived Needs and\u00a0Gaps"],"prefix":"10.1007","author":[{"given":"Raymond Andr\u00e9","family":"Hagen","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kirsi","family":"Helkala","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Lasse","family":"\u00d8verlier","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2026,4,1]]},"reference":[{"key":"26_CR1","doi-asserted-by":"publisher","unstructured":"Nelson, A., Rekhi, S., Souppaya, M., Scarfone, K.: Computer security incident handling guide. NIST Special Publication SP 800-61r3, National Institute of Standards and Technology (Apr 2025). https:\/\/doi.org\/10.6028\/NIST.SP.800-61r3, https:\/\/csrc.nist.gov\/pubs\/sp\/800\/61\/r3\/final","DOI":"10.6028\/NIST.SP.800-61r3"},{"issue":"2","key":"26_CR2","doi-asserted-by":"publisher","first-page":"77","DOI":"10.1191\/1478088706qp063oa","volume":"3","author":"V Braun","year":"2006","unstructured":"Braun, V., Clarke, V.: Using thematic analysis in psychology. Qual. Res. Psychol. 3(2), 77\u2013101 (2006)","journal-title":"Qual. Res. Psychol."},{"key":"26_CR3","doi-asserted-by":"publisher","unstructured":"Che Mat, N.I., Jamil, N., Yusoff, Y., Mat Kiah, M.L.: A systematic literature review on advanced persistent threat behaviors and its detection strategy. J. Cybersec. 10(1), tyad023 (2024). https:\/\/doi.org\/10.1093\/cybsec\/tyad023","DOI":"10.1093\/cybsec\/tyad023"},{"key":"26_CR4","unstructured":"Forum of Incident Response and Security Teams (FIRST): Computer security incident response team (csirt) services framework, version 2.1. Technical Report\u00a0v2.1, FIRST (nov 2019). https:\/\/www.first.org\/standards\/frameworks\/csirts\/csirt_services_framework_v2-1"},{"key":"26_CR5","doi-asserted-by":"crossref","unstructured":"Hagen, R.A., Helkala, K.: Complexity of contemporary indicators of compromise (2024), European Conference on Cyber Warfare and Security 2024 Proceedings","DOI":"10.34190\/eccws.23.1.2149"},{"issue":"4","key":"26_CR6","first-page":"18","volume":"23","author":"EM Hutchins","year":"2011","unstructured":"Hutchins, E.M., Cloppert, M.J., Amin, R.M.: Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. J. Defense Softw. Eng. 23(4), 18\u201320 (2011)","journal-title":"J. Defense Softw. Eng."},{"key":"26_CR7","doi-asserted-by":"publisher","unstructured":"Johnson, L., Badger, M., Waltermire, D., Snyder, C., Skorupka, C.: Guide to cyber threat information sharing. Tech. Rep. NIST Special Publication 800-150, National Institute of Standards and Technology (2016). https:\/\/doi.org\/10.6028\/NIST.SP.800-150","DOI":"10.6028\/NIST.SP.800-150"},{"key":"26_CR8","doi-asserted-by":"publisher","unstructured":"Krishnapriya, S., Singh, S.: A comprehensive survey on advanced persistent threat (apt) detection techniques. Comput. Mate. Continua 80(2), 2675\u20132719 (2024). https:\/\/doi.org\/10.32604\/cmc.2024.052447, https:\/\/www.sciencedirect.com\/science\/article\/pii\/S1546221824005952","DOI":"10.32604\/cmc.2024.052447"},{"key":"26_CR9","unstructured":"Rid, T.: Cyber War Will Not Take Place. Oxford University Press (2013)"},{"key":"26_CR10","doi-asserted-by":"publisher","unstructured":"Salim, D.T., Singh, M.M., Keikhosrokiani, P.: A systematic literature review for apt detection and effective cyber situational awareness (ecsa) conceptual model. Heliyon 9(7), e17156 (2023). https:\/\/doi.org\/10.1016\/j.heliyon.2023.e17156, https:\/\/www.sciencedirect.com\/science\/article\/pii\/S2405844023045776","DOI":"10.1016\/j.heliyon.2023.e17156"},{"key":"26_CR11","doi-asserted-by":"crossref","unstructured":"Simon, H.A.: Models of Man: Social and Rational. Wiley, New York (1957)","DOI":"10.2307\/2550441"},{"key":"26_CR12","unstructured":"Strom, B.E., Applebaum, A., Miller, D.P., Nickels, K., Pennington, A., Thomas, C.B.: Mitre attack\u00ae: Design and philosophy. Tech. Rep. MITRE Technical Report, MITRE (2018), available from MITRE"},{"key":"26_CR13","unstructured":"The MITRE Corporation: MITRE ATTACK. https:\/\/attack.mitre.org\/ (2025). Accessed 29 July 2025"},{"key":"26_CR14","doi-asserted-by":"publisher","unstructured":"Tounsi, W., Rais, H.: A survey on technical threat intelligence in the age of sophisticated cyber attacks. Comput. Sec. 72, 212\u2013233 (2018). https:\/\/doi.org\/10.1016\/j.cose.2017.09.001","DOI":"10.1016\/j.cose.2017.09.001"},{"key":"26_CR15","doi-asserted-by":"publisher","unstructured":"Wagner, T.D., Mahbub, K., Palomar, E., Abdallah, A.E.: Cyber threat intelligence sharing: survey and research directions. Comput. Sec. 87, 101589 (2019). https:\/\/doi.org\/10.1016\/j.cose.2019.101589","DOI":"10.1016\/j.cose.2019.101589"},{"key":"26_CR16","unstructured":"Weick, K.E.: Sensemaking in Organizations, Foundations for Organizational Science, vol.\u00a03. SAGE Publications, Inc., Thousand Oaks, CA \/ London, UK, 1 edn. (jul 1995). https:\/\/uk.sagepub.com\/en-gb\/eur\/sensemaking-in-organizations\/book4988"}],"container-title":["Lecture Notes in Computer Science","Secure IT Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-14782-0_26","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,5]],"date-time":"2026-04-05T22:40:15Z","timestamp":1775428815000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-14782-0_26"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026]]},"ISBN":["9783032147813","9783032147820"],"references-count":16,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-14782-0_26","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026]]},"assertion":[{"value":"1 April 2026","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"The authors have no competing interests to declare that are relevant to the content of this article.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Disclosure of Interests"}},{"value":"NordSec","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Nordic Conference on Secure IT Systems","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Tartu","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Estonia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"12 November 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"13 November 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"nordsec2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/nordsec2025.cs.ut.ee\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}