{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,16]],"date-time":"2025-10-16T20:28:09Z","timestamp":1760646489422,"version":"3.37.3"},"reference-count":44,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2016,6,7]],"date-time":"2016-06-07T00:00:00Z","timestamp":1465257600000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"funder":[{"DOI":"10.13039\/501100002790","name":"Canadian Network for Research and Innovation in Machining Technology, Natural Sciences and Engineering Research Council of Canada","doi-asserted-by":"crossref","award":["RT340802","RT735645"],"award-info":[{"award-number":["RT340802","RT735645"]}],"id":[{"id":"10.13039\/501100002790","id-type":"DOI","asserted-by":"crossref"}]},{"DOI":"10.13039\/501100004489","name":"Mitacs","doi-asserted-by":"publisher","award":["IT02236"],"award-info":[{"award-number":["IT02236"]}],"id":[{"id":"10.13039\/501100004489","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cogn Tech Work"],"published-print":{"date-parts":[[2016,11]]},"DOI":"10.1007\/s10111-016-0374-2","type":"journal-article","created":{"date-parts":[[2016,6,7]],"date-time":"2016-06-07T01:24:42Z","timestamp":1465262682000},"page":"695-716","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":12,"title":["Incident response teams in IT operations centers: the T-TOCs model of team functionality"],"prefix":"10.1007","volume":"18","author":[{"given":"Judith M.","family":"Brown","sequence":"first","affiliation":[]},{"given":"Steven","family":"Greenspan","sequence":"additional","affiliation":[]},{"given":"Robert","family":"Biddle","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2016,6,7]]},"reference":[{"issue":"5","key":"374_CR1","doi-asserted-by":"crossref","first-page":"643","DOI":"10.1016\/j.cose.2012.04.001","volume":"31","author":"A Ahmad","year":"2012","unstructured":"Ahmad A, Hadgkiss J, Ruighaver AB (2012) Incident response teams-challenges in supporting the organisational security function. Comput Secur 31(5):643\u2013652","journal-title":"Comput Secur"},{"key":"374_CR2","unstructured":"AlSabbagh B, Kowalski S (2015) Security from a systems thinking perspective-applying soft systems methodology to the analysis of an information security incident. In: Proceedings of the 58th annual meeting of the ISSS-2014 United States"},{"issue":"2","key":"374_CR3","doi-asserted-by":"crossref","first-page":"121","DOI":"10.1007\/s10111-010-0159-y","volume":"13","author":"D Botta","year":"2011","unstructured":"Botta D, Muldner K, Hawkey K, Beznosov K (2011) Toward understanding distributed cognition in IT security management: the role of cues and norms. Cognit Technol Work 13(2):121\u2013134","journal-title":"Cognit Technol Work"},{"key":"374_CR4","unstructured":"Boylan D (2014) ITILtopia: The tyranny of tiers. http:\/\/itiltopia.com\/?p=458"},{"key":"374_CR5","unstructured":"Brewster E, Griffiths R, Lawes A, Sansbury J (2012) IT service management: a guide for ITIL foundation exam candidates. BCS, The Chartered Institute for IT"},{"key":"374_CR6","doi-asserted-by":"crossref","unstructured":"Brown JM, Greenspan SL, Biddle RL (2013) Complex activities in an operations center: A case study and model for engineering interaction. In: Proceedings of the 5th ACM SIGCHI symposium on Engineering interactive computing systems, ACM, pp 265\u2013274","DOI":"10.1145\/2494603.2480310"},{"key":"374_CR7","volume-title":"ISO27001\/ISO27002: A pocket guide","author":"A Calder","year":"2013","unstructured":"Calder A (2013) ISO27001\/ISO27002: A pocket guide. IT Governance Publishing, UK"},{"key":"374_CR8","volume-title":"Basics of qualitative research: techniques and procedures for developing grounded theory","author":"J Corbin","year":"2014","unstructured":"Corbin J, Strauss A (2014) Basics of qualitative research: techniques and procedures for developing grounded theory. Sage publications, Californiya"},{"key":"374_CR9","doi-asserted-by":"crossref","DOI":"10.4324\/9780203891797","volume-title":"Vygotsky and research","author":"H Daniels","year":"2008","unstructured":"Daniels H (2008) Vygotsky and research. Routledge, Abingdon"},{"key":"374_CR10","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/978-0-387-36792-7_1","volume-title":"Human work interaction design: designing for human work","author":"M Duignan","year":"2006","unstructured":"Duignan M, Noble J, Biddle R (2006) Activity theory for design from checklist to interview. Human work interaction design: designing for human work. Springer, Berlin, pp 1\u201325"},{"issue":"7","key":"374_CR11","doi-asserted-by":"crossref","first-page":"960","DOI":"10.1080\/001401300409143","volume":"43","author":"Y Engestrom","year":"2000","unstructured":"Engestrom Y (2000) Activity theory as a framework for analyzing and redesigning work. Ergonomics 43(7):960\u2013974","journal-title":"Ergonomics"},{"issue":"3","key":"374_CR12","doi-asserted-by":"crossref","first-page":"187","DOI":"10.1007\/s10111-011-0201-8","volume":"14","author":"JM Flach","year":"2012","unstructured":"Flach JM (2012) Complexity: learning to muddle through. Cogn Technol Work 14(3):187\u2013197","journal-title":"Cogn Technol Work"},{"key":"374_CR13","unstructured":"Gartner (2014) IT glossary. http:\/\/www.gartner.com\/it-glossary\/it-services"},{"key":"374_CR14","volume-title":"The checklist manifesto: how to get things right","author":"A Gawande","year":"2010","unstructured":"Gawande A, Lloyd JB (2010) The checklist manifesto: how to get things right. Metropolitan Books, New York"},{"key":"374_CR15","unstructured":"Grance T, Kent K, Kim B (2012) NIST special publication 800-61r2: Computer security incident handling guide. http:\/\/nvlpubs.nist.gov\/nistpubs\/SpecialPublications\/NIST.SP.800-61r2.pdf"},{"key":"374_CR16","first-page":"12","volume-title":"The Human in the Center: Agile decision-making in complex operations and command center","author":"S Greenspan","year":"2012","unstructured":"Greenspan S, Brown J, Biddle R (2012) The Human in the Center: Agile decision-making in complex operations and command center. CA Labs Research, New York, p 12"},{"key":"374_CR17","unstructured":"Hove C, T\u00e5rnes M (2013) Information security incident management: An empirical study of current practice. Master\u2019s thesis, Norwegian University of Science and Technology"},{"key":"374_CR18","doi-asserted-by":"publisher","unstructured":"Hove C, Tarnes M, Line M, Bernsmed K (2014) Information security incident management: identified practice in large organizations. In: 8th International conference on, IT security incident management IT forensics (IMF), 2014 pp 27\u201346. doi: 10.1109\/IMF.2014.9","DOI":"10.1109\/IMF.2014.9"},{"issue":"1","key":"374_CR19","doi-asserted-by":"crossref","first-page":"7","DOI":"10.1007\/s11623-011-0004-3","volume":"35","author":"E Humphreys","year":"2011","unstructured":"Humphreys E (2011) Information security management system standards. Datenschutz und Datensicherheit-DuD 35(1):7\u201311","journal-title":"Datenschutz und Datensicherheit-DuD"},{"key":"374_CR20","unstructured":"ISO\/IEC (2013a) Information technology\u2014security techniques\u2014code of practice for information security controls. http:\/\/www.iso27001security.com\/html\/27002.html"},{"key":"374_CR21","unstructured":"ISO\/IEC (2013b) Information technology\u2013security techniques\u2013information security management systems\u2013requirements. http:\/\/www.iso.org\/iso\/home\/store\/catalogue_ics\/catalogue_detail_ics.htm?csnumber=54534"},{"issue":"3 & 4","key":"374_CR22","first-page":"203","volume":"5","author":"M J\u00e4ntti","year":"2012","unstructured":"J\u00e4ntti M, Cater-Steel A, Shrestha A (2012) Towards an improved it service desk system and processes: a case study. Int J Adv Syst Measurements 5(3 and 4):203\u2013215","journal-title":"Int J Adv Syst Measurements"},{"key":"374_CR23","unstructured":"Kapella V (2003) A framework for incident and problem management. International Network Services whitepaper"},{"key":"374_CR24","doi-asserted-by":"crossref","unstructured":"Killcrece G, Kossakowski KP, Ruefle R, Zajicek M (2003) Organizational models for computer security incident response teams (csirts). Tech. rep, DTIC Document","DOI":"10.21236\/ADA421684"},{"key":"374_CR25","first-page":"17","volume-title":"Context and consciousness","author":"K Kuutti","year":"1996","unstructured":"Kuutti K (1996) Activity theory as a potential framework for human-computer interaction research. In: Nardi B (ed) Context and consciousness, vol 2. MIT Press, Cambridge, pp 17\u201344"},{"key":"374_CR26","doi-asserted-by":"crossref","unstructured":"MacEachren AM, Jaiswal A, Robinson AC, Pezanowski S, Savelyev A, Mitra P, Zhang X, Blanford J (2011) Senseplace2: Geotwitter analytics support for situational awareness. In: IEEE conference on visual analytics science and technology (VAST), pp 181\u2013190","DOI":"10.1109\/VAST.2011.6102456"},{"issue":"6","key":"374_CR27","first-page":"641","volume":"5","author":"P Malega","year":"2014","unstructured":"Malega P (2014) Escalation management as the necessary form of incident management process. J Emerg Trends Comput Inf Sci 5(6):641\u2013646","journal-title":"J Emerg Trends Comput Inf Sci"},{"issue":"4","key":"374_CR28","doi-asserted-by":"crossref","first-page":"455","DOI":"10.1177\/1468794105056923","volume":"5","author":"S McDonald","year":"2005","unstructured":"McDonald S (2005) Studying actions in context: a qualitative shadowing method for organizational research. Qual Res 5(4):455\u2013473","journal-title":"Qual Res"},{"key":"374_CR29","doi-asserted-by":"crossref","unstructured":"Metzger S, Hommel W, Reiser H (2011) Integrated security incident management\u2013concepts and real-world experiences. In: IEEE 6th International conference on IT security incident management and IT forensics (IMF) 2011, pp 107\u2013121","DOI":"10.1109\/IMF.2011.15"},{"issue":"4","key":"374_CR30","doi-asserted-by":"crossref","first-page":"260","DOI":"10.1108\/10650740710834644","volume":"24","author":"K M\u00f6ller","year":"2007","unstructured":"M\u00f6ller K (2007) Setting up a Grid-CERT: experiences of an academic CSIRT. Campus-Wide Inf Syst 24(4):260\u2013270","journal-title":"Campus-Wide Inf Syst"},{"issue":"1","key":"374_CR31","doi-asserted-by":"crossref","first-page":"31","DOI":"10.1145\/571773.571783","volume":"22","author":"BA Nardi","year":"1998","unstructured":"Nardi BA (1998) Concepts of cognition and consciousness: Four voices. ACM SIGDOC Asterisk J Comput Doc 22(1):31\u201348","journal-title":"ACM SIGDOC Asterisk J Comput Doc"},{"issue":"4","key":"374_CR32","doi-asserted-by":"crossref","first-page":"363","DOI":"10.1007\/s10111-012-0225-8","volume":"15","author":"L Norros","year":"2013","unstructured":"Norros L, Norros I, Liinasuo M, Sepp\u00e4nen K (2013) Impact of human operators on communication network dependability. Cogn Technol Work 15(4):363\u2013372","journal-title":"Cogn Technol Work"},{"issue":"2","key":"374_CR33","doi-asserted-by":"crossref","first-page":"186","DOI":"10.3102\/0034654306298273","volume":"77","author":"WM Roth","year":"2007","unstructured":"Roth WM, Lee YJ (2007) Vygotsky\u2019s neglected legacy: cultural-historical activity theory. Rev Educ Res 77(2):186\u2013232","journal-title":"Rev Educ Res"},{"key":"374_CR34","volume-title":"IT service management and IT governance: review, comparative analysis and their impact on utility computing","author":"M Sall\u00e9","year":"2004","unstructured":"Sall\u00e9 M (2004) IT service management and IT governance: review, comparative analysis and their impact on utility computing. Hewlett-Packard Company, California"},{"key":"374_CR35","doi-asserted-by":"crossref","unstructured":"Samaroo R, Brown JM, Biddle R, Greenspan S (2013) The day-in-the-life scenario: A technique for capturing user experience in complex work environments. In: 10th IEEE international conference and expo on emerging technologies for a smarter world (CEWIT) 2013, pp 1\u20137","DOI":"10.1109\/CEWIT.2013.6713761"},{"key":"374_CR36","doi-asserted-by":"crossref","first-page":"42","DOI":"10.1016\/j.cose.2014.05.003","volume":"45","author":"A T\u00f8ndel","year":"2014","unstructured":"T\u00f8ndel A, Line MB, Jaatun MG (2014) Information security incident management: current practice as reported in the literature. Comput Secur 45:42\u201357","journal-title":"Comput Secur"},{"issue":"4","key":"374_CR37","doi-asserted-by":"crossref","first-page":"347","DOI":"10.1111\/isj.12025","volume":"24","author":"CR Trusson","year":"2014","unstructured":"Trusson CR, Doherty NF, Hislop D (2014) Knowledge sharing using it service management tools: conflicting discourses and incompatible practices. Inf Syst J 24(4):347\u2013371","journal-title":"Inf Syst J"},{"issue":"1","key":"374_CR38","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/S0953-5438(01)00039-X","volume":"14","author":"P Turner","year":"2001","unstructured":"Turner P, Turner S (2001) A web of contradictions. Interact Comput 14(1):1\u201314","journal-title":"Interact Comput"},{"key":"374_CR39","unstructured":"Vygotsky L (1934) Thinking and speech. The collected works of LS Vygotsky, vol. 1. New York, NY: Plenum"},{"key":"374_CR40","doi-asserted-by":"crossref","unstructured":"West-Brown MJ, Stikvoort D, Kossakowski KP, Killcrece G, Ruefle R (2003) Handbook for computer security incident response teams CSIRTs. Tech. rep, DTIC Document","DOI":"10.21236\/ADA413778"},{"key":"374_CR41","unstructured":"Wiik J, Gonzalez JJ, Davidsen PI, Kossakowski KP (2009a) Chronic workload problems in CSIRTs. In: 27th International conference of the system dynamics society July, at Albuquerque, NM, USA"},{"key":"374_CR42","unstructured":"Wiik J, Gonzalez JJ, Davidsen PI, Kossakowski KP (2009b) Persistent instabilities in the high-priority incident workload of CSIRTs. In: 27th International conference of the system dynamics society"},{"key":"374_CR43","unstructured":"Wiik J, Gonzalez JJ, Davidsen PI, Kossakowski KP (2009c) Preserving a balanced CSIRT constituency. In: 27th International conference of the system dynamics society July, at Albuquerque, NM, USA"},{"issue":"3","key":"374_CR44","doi-asserted-by":"crossref","first-page":"193","DOI":"10.1007\/s10111-009-0134-7","volume":"12","author":"S Zieba","year":"2010","unstructured":"Zieba S, Polet P, Vanderhaegen F, Debernard S (2010) Principles of adjustable autonomy: a framework for resilient human-machine cooperation. Cogn Technol Work 12(3):193\u2013203","journal-title":"Cogn Technol Work"}],"container-title":["Cognition, Technology & Work"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10111-016-0374-2.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10111-016-0374-2\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10111-016-0374-2.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,9,9]],"date-time":"2019-09-09T05:41:16Z","timestamp":1568007676000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10111-016-0374-2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,6,7]]},"references-count":44,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2016,11]]}},"alternative-id":["374"],"URL":"https:\/\/doi.org\/10.1007\/s10111-016-0374-2","relation":{},"ISSN":["1435-5558","1435-5566"],"issn-type":[{"type":"print","value":"1435-5558"},{"type":"electronic","value":"1435-5566"}],"subject":[],"published":{"date-parts":[[2016,6,7]]}}}