{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,13]],"date-time":"2026-07-13T18:04:31Z","timestamp":1783965871267,"version":"3.55.0"},"reference-count":62,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/legal\/tdmrep-license"},{"start":{"date-parts":[[2026,6,25]],"date-time":"2026-06-25T00:00:00Z","timestamp":1782345600000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0\/"}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Computers &amp; Security"],"published-print":{"date-parts":[[2026,11]]},"DOI":"10.1016\/j.cose.2026.105045","type":"journal-article","created":{"date-parts":[[2026,6,24]],"date-time":"2026-06-24T16:18:50Z","timestamp":1782317930000},"page":"105045","update-policy":"https:\/\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":0,"special_numbering":"C","title":["Mapping managerial knowledge in insider threat response: Insights from bibliometric and qualitative analyses"],"prefix":"10.1016","volume":"170","author":[{"ORCID":"https:\/\/orcid.org\/0009-0003-6702-0815","authenticated-orcid":false,"given":"Serges Martial Pouani","family":"Kameni","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2043-0265","authenticated-orcid":false,"given":"Hager","family":"Khechine","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Fran\u00e7ois","family":"Tremblay","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"78","reference":[{"issue":"15","key":"10.1016\/j.cose.2026.105045_bib0001","doi-asserted-by":"crossref","first-page":"5208","DOI":"10.3390\/app10155208","article-title":"A review of insider threat detection: classification, machine learning techniques, datasets, open challenges, and recommendations","volume":"10","author":"Al-Mhiqani","year":"2020","journal-title":"Appl. Sci."},{"issue":"4","key":"10.1016\/j.cose.2026.105045_bib0002","doi-asserted-by":"crossref","first-page":"404","DOI":"10.1108\/ICS-05-2022-0085","article-title":"Scenario-based incident response training: lessons learnt from conducting an experiential learning virtual incident response tabletop exercise","volume":"31","author":"Angafor","year":"2023","journal-title":"Inf. Comput. Secur."},{"key":"10.1016\/j.cose.2026.105045_bib0003","series-title":"Knowledge Management in Organizations. KMO 2018. Communications in Computer and Information Science","article-title":"Inclination of insider threats\u2019 Mitigation and implementation: concurrence view from Malaysian employees","volume":"877","author":"Apau","year":"2018"},{"issue":"2","key":"10.1016\/j.cose.2026.105045_bib0004","first-page":"112","article-title":"Factors effecting cyber incident occurrence: mediating role of cyber incident reporting mechanism","volume":"17","author":"Bhatti","year":"2023","journal-title":"Int. J. Cyber Criminol."},{"key":"10.1016\/j.cose.2026.105045_bib0005","doi-asserted-by":"crossref","first-page":"166","DOI":"10.1016\/j.ijcip.2018.12.001","article-title":"The insider threat: behavioural indicators and factors influencing likelihood of intervention","volume":"24","author":"Bell","year":"2019","journal-title":"Int. J. Crit. Infrastruct. Prot."},{"key":"10.1016\/j.cose.2026.105045_bib0006","doi-asserted-by":"crossref","first-page":"135","DOI":"10.2495\/RISK180121","article-title":"There is no single solution to the \u2018insider\u2019 problem but there is a valuable way forward","volume":"121","author":"Bilusich","year":"2018","journal-title":"WIT Trans. Eng. Sci."},{"key":"10.1016\/j.cose.2026.105045_bib0007","unstructured":"Bishop, M., Coles-Kemp, L., Gollmann, D., Hunker, J., and Probst, C. W. (2010). Insider threats: strategies for prevention, mitigation, and response (Dagstuhl Seminar Report No. 10341). Schloss Dagstuhl \u2013 Leibniz-Zentrum f\u00fcr Informatik."},{"key":"10.1016\/j.cose.2026.105045_bib0008","series-title":"Proceedings of the IEEE Security and Privacy Workshops","first-page":"8","article-title":"Reflecting on the ability of enterprise security policy to address accidental insider threat","author":"Buckley","year":"2014"},{"key":"10.1016\/j.cose.2026.105045_bib0009","series-title":"The CERT guide to insider threats: How to prevent, detect, and respond to information technology crimes","author":"Cappelli","year":"2012"},{"key":"10.1016\/j.cose.2026.105045_bib0010","series-title":"Common sense guide to prevention and detection of insider threats","author":"Cappelli","year":"2009"},{"key":"10.1016\/j.cose.2026.105045_bib0011","series-title":"Computer security incident handling guide (NIST Special Publication 800-61 Revision 2)","author":"Cichonski","year":"2012"},{"key":"10.1016\/j.cose.2026.105045_bib0012","first-page":"45","article-title":"Insider threat and information security management","volume":"49","author":"Coles-Kemp","year":"2010"},{"key":"10.1016\/j.cose.2026.105045_bib0013","series-title":"Insider threat mitigation guide","year":"2020"},{"key":"10.1016\/j.cose.2026.105045_bib0014","series-title":"The SAGE handbook of organizational research methods","first-page":"671","article-title":"Producing a systematic review","author":"Denyer","year":"2009"},{"key":"10.1016\/j.cose.2026.105045_bib0015","doi-asserted-by":"crossref","first-page":"285","DOI":"10.1016\/j.jbusres.2021.04.070","article-title":"How to conduct a bibliometric analysis: an overview and guidelines","volume":"133","author":"Donthu","year":"2021","journal-title":"J. Bus. Res."},{"issue":"3","key":"10.1016\/j.cose.2026.105045_bib0016","doi-asserted-by":"crossref","first-page":"165","DOI":"10.1057\/s41270-020-00081-9","article-title":"Why and how to merge Scopus and Web of Science during bibliometric analysis: the case of sales force literature from 1912 to 2019","volume":"8","author":"Echchakoui","year":"2020","journal-title":"J. Mark. Anal."},{"key":"10.1016\/j.cose.2026.105045_bib0017","series-title":"Proceedings of the 2017 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","first-page":"145","article-title":"Assessing insider threats to organisations: classification and mitigation approaches","author":"Fagade","year":"2017"},{"key":"10.1016\/j.cose.2026.105045_bib0018","article-title":"A review of the insider threat: A practitioner perspective within the U.K. financial services","author":"Findlay","year":"2024","journal-title":"Inf. Comput. Secur."},{"key":"10.1016\/j.cose.2026.105045_bib0019","series-title":"Best practices against insider threats for all nations","author":"Flynn","year":"2012"},{"key":"10.1016\/j.cose.2026.105045_bib0020","unstructured":"Fortinet. (2025). Insider risk report: peer insights to inform your insider risk strategy. https:\/\/www.fortinet.com\/resources\/reports\/insider-risk-report."},{"issue":"3","key":"10.1016\/j.cose.2026.105045_bib0021","doi-asserted-by":"crossref","first-page":"431","DOI":"10.2307\/2393152","article-title":"Exploring fit and misfit with multiple contingencies","volume":"34","author":"Gresov","year":"1989","journal-title":"Adm. Sci. Q."},{"key":"10.1016\/j.cose.2026.105045_bib0022","first-page":"85","article-title":"Combining traditional cyber security audit data with psychosocial data: towards predictive modeling for insider threat mitigation","volume":"49","author":"Greitzer","year":"2010"},{"key":"10.1016\/j.cose.2026.105045_bib0023","series-title":"Proceedings of the 46th Hawaii International Conference on System Sciences","first-page":"1831","article-title":"Insider threat program best practices","author":"Guido","year":"2013"},{"issue":"1","key":"10.1016\/j.cose.2026.105045_bib0024","doi-asserted-by":"crossref","first-page":"212","DOI":"10.1016\/j.joi.2016.01.006","article-title":"Selecting publication keywords for domain analysis in bibliometrics: A comparison of three methods","volume":"10","author":"Guo","year":"2016","journal-title":"J. Informetr."},{"issue":"1","key":"10.1016\/j.cose.2026.105045_bib0025","doi-asserted-by":"crossref","first-page":"142","DOI":"10.1057\/sj.2015.36","article-title":"A human factors contribution to countering insider threats: practical prospects from a novel approach to warning and avoiding","volume":"30","author":"Hills","year":"2017","journal-title":"Secur. J."},{"issue":"18","key":"10.1016\/j.cose.2026.105045_bib0026","doi-asserted-by":"crossref","first-page":"5297","DOI":"10.3390\/s20185297","article-title":"Tracking the insider attacker: A blockchain traceability system for insider threats","volume":"20","author":"Hu","year":"2020","journal-title":"Sensors"},{"key":"10.1016\/j.cose.2026.105045_bib0027","first-page":"195","article-title":"Taking stock and looking forward: an outsider\u2019s perspective on the insider threat","volume":"39","author":"Hunker","year":"2008"},{"issue":"12","key":"10.1016\/j.cose.2026.105045_bib0028","doi-asserted-by":"crossref","DOI":"10.1016\/j.asej.2024.103068","article-title":"Insider threat mitigation: systematic literature review","volume":"15","author":"Inayat","year":"2024","journal-title":"Ain Shams Eng. J."},{"issue":"10","key":"10.1016\/j.cose.2026.105045_bib0029","first-page":"3044","article-title":"A review on insider threat status in Malaysian organizations","volume":"96","author":"Isnin","year":"2018","journal-title":"J. Theor. Appl. Inf. Technol."},{"key":"10.1016\/j.cose.2026.105045_bib0030","series-title":"Contingency views of organization and management","author":"Kast","year":"1973"},{"issue":"2\u20133","key":"10.1016\/j.cose.2026.105045_bib0031","doi-asserted-by":"crossref","first-page":"179","DOI":"10.1016\/0165-4101(94)00382-F","article-title":"Complementarities and fit: strategy, structure, and organizational change in manufacturing","volume":"19","author":"Milgrom","year":"1995","journal-title":"J. Account. Econ."},{"key":"10.1016\/j.cose.2026.105045_bib0032","unstructured":"National Insider Threat Special Interest Group (NITSIG), and Insider Threat Defense Group (ITDG). (2025). Insider threat incidents report forDecember 2025. https:\/\/nationalinsiderthreatsig.org\/pdfs\/insider-threat-threats-incidents-report-disgruntled-malicious-employees%2012-31-25.pdf."},{"issue":"5","key":"10.1016\/j.cose.2026.105045_bib0033","doi-asserted-by":"crossref","first-page":"1384","DOI":"10.1080\/00207543.2019.1636323","article-title":"Identification of critical success factors, risks and opportunities of industry 4.0 in SMEs","volume":"58","author":"Moeuf","year":"2020","journal-title":"Int. J. Prod. Res."},{"key":"10.1016\/j.cose.2026.105045_bib0034","series-title":"Proceedings of the IEEE Security and Privacy Workshops","first-page":"237","article-title":"Balancing organizational incentives to counter insider threat","author":"Moore","year":"2018"},{"key":"10.1016\/j.cose.2026.105045_bib0035","series-title":"Proceedings of the IEEE Security and Privacy Workshops","first-page":"207","article-title":"Insider threat cybersecurity framework webtool and methodology: defending against complex cyber-physical threats","author":"Mylrea","year":"2018"},{"key":"10.1016\/j.cose.2026.105045_bib0036","doi-asserted-by":"crossref","unstructured":"National Institute of Standards and Technology. (2024). The NIST cybersecurity framework (Version 2.0). https:\/\/doi.org\/10.6028\/nist.cswp.29.ipd.","DOI":"10.6028\/NIST.CSWP.29.ipd"},{"key":"10.1016\/j.cose.2026.105045_bib0037","series-title":"Understanding the perspectives of information security managers on insider threat","author":"Ngufor","year":"2020"},{"key":"10.1016\/j.cose.2026.105045_bib0038","series-title":"Proceedings of the ASE\/IEEE International Conference on Social Computing","first-page":"734","article-title":"The governance of corporate forensics using COBIT, NIST and increased automated forensic approaches","author":"Nnoli","year":"2012"},{"key":"10.1016\/j.cose.2026.105045_bib0039","series-title":"Proceedings of the ISSA Conference","first-page":"1","article-title":"A framework of opportunity-reducing techniques to mitigate the insider threat","author":"Padayachee","year":"2015"},{"key":"10.1016\/j.cose.2026.105045_bib0040","doi-asserted-by":"crossref","first-page":"n71","DOI":"10.1136\/bmj.n71","article-title":"The PRISMA 2020 statement: an updated guideline for reporting systematic reviews","author":"Page","year":"2021","journal-title":"BMJ"},{"key":"10.1016\/j.cose.2026.105045_bib0041","series-title":"Lecture notes in computer science","doi-asserted-by":"crossref","first-page":"654","DOI":"10.1007\/978-3-319-20376-8_58","article-title":"Insider threats: the major challenge to security risk management","author":"Pereira","year":"2015"},{"issue":"1","key":"10.1016\/j.cose.2026.105045_bib0042","doi-asserted-by":"crossref","first-page":"169","DOI":"10.1109\/TIFS.2009.2039591","article-title":"Insiders behaving badly: addressing bad actors and their actions","volume":"5","author":"Pfleeger","year":"2010","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"issue":"1","key":"10.1016\/j.cose.2026.105045_bib0043","doi-asserted-by":"crossref","first-page":"435","DOI":"10.1007\/s10586-014-0403-y","article-title":"Surveillance of anomaly and misuse in critical networks to counter insider threats using computational intelligence","volume":"18","author":"Punithavathani","year":"2014","journal-title":"Clust. Comput."},{"issue":"4","key":"10.1016\/j.cose.2026.105045_bib0044","doi-asserted-by":"crossref","first-page":"755","DOI":"10.1057\/s41284-020-00259-x","article-title":"Redefining insider threats: a distinction between insider hazards and insider threats","volume":"34","author":"Reveraert","year":"2021","journal-title":"Secur. J."},{"issue":"3","key":"10.1016\/j.cose.2026.105045_bib0045","doi-asserted-by":"crossref","first-page":"467","DOI":"10.1177\/08933189211062250","article-title":"The enabling role of internal organizational communication in insider threat activity \u2013 Evidence from a high security organization","volume":"36","author":"Rice","year":"2022","journal-title":"Manag. Commun. Q."},{"issue":"1","key":"10.1016\/j.cose.2026.105045_bib0046","doi-asserted-by":"crossref","first-page":"777","DOI":"10.1007\/s11192-020-03647-7","article-title":"Sample size in bibliometric analysis","volume":"125","author":"Rogers","year":"2020","journal-title":"Scientometrics"},{"key":"10.1016\/j.cose.2026.105045_bib0047","series-title":"Proceedings of the 8th International Conference on Availability, Reliability and Security (ARES 2013)","first-page":"77","article-title":"A survey of insider threat detection","author":"Sahito","year":"2013"},{"issue":"1","key":"10.1016\/j.cose.2026.105045_bib0048","doi-asserted-by":"crossref","first-page":"27","DOI":"10.1016\/j.emj.2004.12.007","article-title":"The business case for corporate sustainability","volume":"23","author":"Salzmann","year":"2005","journal-title":"Eur. Manag. J."},{"key":"10.1016\/j.cose.2026.105045_bib0049","doi-asserted-by":"crossref","DOI":"10.3390\/electronics9091460","article-title":"Impact and key challenges of insider threats on organizations and critical businesses","author":"Saxena","year":"2020","journal-title":"Electronics"},{"issue":"5","key":"10.1016\/j.cose.2026.105045_bib0050","doi-asserted-by":"crossref","first-page":"1385","DOI":"10.1007\/s10207-023-00697-9","article-title":"A method for insider threat assessment by modeling the internal employee interactions","volume":"22","author":"Sepehrzadeh","year":"2023","journal-title":"Int. J. Inf. Secur."},{"key":"10.1016\/j.cose.2026.105045_bib0051","series-title":"Proceedings of the IEEE Security and Privacy Workshops","article-title":"Navigating the insider threat tool landscape: low-cost technical solutions to jump-start an insider threat program","author":"Spooner","year":"2018"},{"key":"10.1016\/j.cose.2026.105045_bib0052","unstructured":"SpyCloud, Inc. (2025). Insider threat pulse report. SpyCloud. https:\/\/spycloud.com\/blog\/spycloud-insider-threat-report-2025-recap\/."},{"issue":"1","key":"10.1016\/j.cose.2026.105045_bib0053","first-page":"23","article-title":"An introduction to insider threat management","volume":"16","author":"Steele","year":"2007","journal-title":"Inf. Syst. Secur."},{"issue":"3","key":"10.1016\/j.cose.2026.105045_bib0054","article-title":"The role risk-management plays in reducing insider threat\u2019s in the federal Government","volume":"31","author":"Stone","year":"2021","journal-title":"Inf. Secur. J."},{"issue":"6","key":"10.1016\/j.cose.2026.105045_bib0055","doi-asserted-by":"crossref","first-page":"472","DOI":"10.1016\/j.cose.2005.05.002","article-title":"The insider threat to information systems and the effectiveness of ISO17799","volume":"24","author":"Theoharidou","year":"2005","journal-title":"Comput. Secur."},{"issue":"2","key":"10.1016\/j.cose.2026.105045_bib0056","article-title":"Software survey: VOSviewer, a computer program for bibliometric mapping","volume":"84","author":"Van Eck","year":"2009","journal-title":"Scientometr. (Print)"},{"issue":"2","key":"10.1016\/j.cose.2026.105045_bib0057","doi-asserted-by":"crossref","first-page":"1053","DOI":"10.1007\/s11192-017-2300-7","article-title":"Citation-based clustering of publications using CitNetExplorer and VOSviewer","volume":"111","author":"Van Eck","year":"2017","journal-title":"Scientometr. (Print)"},{"issue":"4","key":"10.1016\/j.cose.2026.105045_bib0058","doi-asserted-by":"crossref","first-page":"225","DOI":"10.1016\/j.istr.2008.10.013","article-title":"Practical management of malicious insider threat \u2013 An enterprise CSIRT perspective","volume":"13","author":"Walker","year":"2008","journal-title":"Inf. Secur. Tech. Rep."},{"issue":"1","key":"10.1016\/j.cose.2026.105045_bib0059","doi-asserted-by":"crossref","first-page":"59","DOI":"10.1080\/07421222.1989.11517849","article-title":"An assessment of the contingency theory of management Information systems","volume":"6","author":"Weill","year":"1989","journal-title":"J. Manag. Inf. Syst."},{"issue":"5","key":"10.1016\/j.cose.2026.105045_bib0060","doi-asserted-by":"crossref","first-page":"911","DOI":"10.1017\/jmo.2018.57","article-title":"Developing a conceptual model for insider threat","volume":"27","author":"Whitty","year":"2021","journal-title":"J. Manag. Organ."},{"key":"10.1016\/j.cose.2026.105045_bib0061","series-title":"ISSE 2004\u2014Securing Electronic Business Processes","first-page":"75","article-title":"Big brother does not keep your assets safe","author":"Wiele","year":"2004"},{"issue":"13","key":"10.1016\/j.cose.2026.105045_bib0062","doi-asserted-by":"crossref","first-page":"1103","DOI":"10.1080\/01900692.2021.1947319","article-title":"Artificial intelligence in the public sector - a research agenda","volume":"44","author":"Wirtz","year":"2021","journal-title":"Int. J. Public Adm."}],"container-title":["Computers &amp; Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S016740482600221X?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S016740482600221X?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2026,7,13]],"date-time":"2026-07-13T17:14:22Z","timestamp":1783962862000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S016740482600221X"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,11]]},"references-count":62,"alternative-id":["S016740482600221X"],"URL":"https:\/\/doi.org\/10.1016\/j.cose.2026.105045","relation":{},"ISSN":["0167-4048"],"issn-type":[{"value":"0167-4048","type":"print"}],"subject":[],"published":{"date-parts":[[2026,11]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"Mapping managerial knowledge in insider threat response: Insights from bibliometric and qualitative analyses","name":"articletitle","label":"Article Title"},{"value":"Computers & Security","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.cose.2026.105045","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2026 The Authors. Published by Elsevier Ltd.","name":"copyright","label":"Copyright"}],"article-number":"105045"}}