{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,6]],"date-time":"2026-04-06T10:07:08Z","timestamp":1775470028782,"version":"3.50.1"},"reference-count":105,"publisher":"Oxford University Press (OUP)","issue":"1","license":[{"start":{"date-parts":[[2018,12,13]],"date-time":"2018-12-13T00:00:00Z","timestamp":1544659200000},"content-version":"vor","delay-in-days":346,"URL":"http:\/\/creativecommons.org\/licenses\/by-nc\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018,1,1]]},"DOI":"10.1093\/cybsec\/tyy002","type":"journal-article","created":{"date-parts":[[2018,4,30]],"date-time":"2018-04-30T12:47:17Z","timestamp":1525092437000},"source":"Crossref","is-referenced-by-count":18,"title":["Cybersecurity incident response capabilities in the Ecuadorian financial sector"],"prefix":"10.1093","volume":"4","author":[{"given":"Frankie E","family":"Catota","sequence":"first","affiliation":[{"name":"Department of Engineering and Public Policy, Carnegie Mellon University, USA"},{"name":"Engineering Department, Universidad Internacional SEK, Ecuador"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"M Granger","family":"Morgan","sequence":"additional","affiliation":[{"name":"Department of Engineering and Public Policy, Carnegie Mellon University, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Douglas C","family":"Sicker","sequence":"additional","affiliation":[{"name":"Department of Engineering and Public Policy, Carnegie Mellon University, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"286","published-online":{"date-parts":[[2018,4,30]]},"reference":[{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B1","year":"2013"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B2","year":"2016"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B3","year":"2017"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B4","year":"2016"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B5","year":"2016"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B6","year":"2014"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B7","author":"Tehan","year":"2012"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B8","author":"New York State Department of Financial Services","year":"2014"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B9","volume-title":"Insider threat study: illicit cyber activity in the banking and finance sector","author":"Randazzo","year":"2004"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B10","volume-title":"Insider threat study: illicit cyber activity in the banking and finance sector","author":"Randazzo","year":"2005"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B11","doi-asserted-by":"crossref","DOI":"10.21236\/ADA610430","volume-title":"Insider threat study: illicit cyber activity involving Ffaud in the US financial services sector","author":"Cummings","year":"2012"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B12","author":"International Telecommunication Union (ITU)","year":"2007"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B13","author":"Cole","year":"2008"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B14","author":"Target","year":"2010"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B15","first-page":"120","article-title":"National cyber security policy and strategy of Nigeria: a qualitative analysis","volume":"9","author":"Osho","year":"2015","journal-title":"Int J Cyber Criminol"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B16","author":"Newmeyer","year":"2014"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B17","author":"Software Engineering institute CERT"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B18","author":"Software Engineering institute CERT"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B19","author":"Organization of American States, Symantec","year":"2014"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B20","year":"2016"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B21","doi-asserted-by":"crossref","DOI":"10.18574\/nyu\/9780814732939.001.0001","volume-title":"Mastering the SemiStructured Interview and beyond: From Research Design to Analysis and Publication","author":"Galletta","year":"2013"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B22","doi-asserted-by":"crossref","first-page":"17","DOI":"10.1017\/CBO9780511814570.003","volume-title":"Research Methods for Human Computer Interaction","author":"Adams","year":"2008"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B23","volume-title":"How much is enough? A risk management approach to computer security","author":"Hoo","year":"2000"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B24","author":"Killcrece","year":"2003"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B25","first-page":"169","volume-title":"Qualitative Evaluation and Research Methods","author":"Patton","year":"1990"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B26","doi-asserted-by":"crossref","first-page":"539","DOI":"10.2307\/2392360","article-title":"The fact of fiction in organizational ethnography","volume":"24","author":"Van Maanen","year":"1979","journal-title":"Adm Sci Q"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B27","doi-asserted-by":"crossref","first-page":"63","DOI":"10.3233\/EFI-2004-22201","article-title":"Strategies for ensuring trustworthiness in qualitative research projects","volume":"22","author":"Shenton","year":"2004","journal-title":"Educ Information"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B28","doi-asserted-by":"crossref","DOI":"10.4135\/9781446288719","volume-title":"A Guide to Methods, Practice and Using Software","author":"Kuckartz","year":"2014"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B29","author":"Shirey","year":"2007"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B30","volume-title":"A taxonomy of operational cyber security risks","author":"Cebula","year":"2010"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B31","doi-asserted-by":"crossref","first-page":"24","DOI":"10.1145\/503345.503348","article-title":"Five dimensions of information security awareness","volume":"31","author":"Siponen","year":"2001","journal-title":"Comput Soc"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B32","doi-asserted-by":"crossref","first-page":"40","DOI":"10.1145\/322796.322806","article-title":"Users are not the enemy","volume":"42","author":"Adams","year":"1999","journal-title":"Commun. ACM"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B33","first-page":"196","author":"Talib","year":"2010"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B34","author":"European Union Agency for Network and Information Security","year":"2010"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B35","first-page":"1","author":"Cranor","year":"2008"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B36","first-page":"228","author":"Sasse","year":"2014"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B37","first-page":"211","author":"Hare","year":"2010"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B38"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B39"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B40","first-page":"1","volume-title":"eCrime Res. Summit","author":"Spring","year":"2015"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B41","author":"Internet Governance Forum","year":"2014"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B42","first-page":"350","author":"Jacobs","year":"2016"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B43","author":"West-Brown","year":"2003"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B44","author":"Maj","year":"2010"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B45","author":"Haller","year":"2010"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B46","first-page":"1","author":"Mooi","year":"2015"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B47","author":"Morgus","year":"2015"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B48","volume-title":"New Zealand security incident management guide for computer security incident response teams (CSIRTs)","author":"Ruefle","year":"2013"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B49","author":"Bronk","year":"2006"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B50","author":"Sawicka","year":"2005"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B51","author":"Wiik","year":"2005"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B52","first-page":"4918","author":"Mclaughlin","year":"2017"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B53","first-page":"27","author":"Penedo","year":"2006"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B54","volume-title":"Incident management mission diagnostic method, Version 1.0","author":"Dorofee","year":"2008"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B55","doi-asserted-by":"crossref","DOI":"10.21236\/ADA609862","volume-title":"An introduction to the mission risk diagnostic for incident management capabilities (MRD-IMC)","author":"Alberts","year":"2014"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B56","volume-title":"Improving the effectiveness of CSIRTs. Global cyber security capacity centre","author":"Bada","year":"2014"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B57","author":"Organization of American States (OAS)","year":"2016"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B58","doi-asserted-by":"crossref","first-page":"52","DOI":"10.1109\/MSP.2014.84","article-title":"An anthropological approach to studying CSIRTs","volume":"12","author":"Sundaramurthy","year":"2014","journal-title":"IEEE Security & Privacy"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B59","first-page":"43","author":"Sundaramurthy","year":"2014"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B60","volume-title":"How to Define and Build an Effective Cyber Threat Intelligence Capability","author":"Dalziel","year":"2014"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B61"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B62","author":"Grance","year":"2006"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B63","author":"FS-ISAC","year":"2016"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B64","author":"Johnson","year":"2014"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B65","author":"Bipartisan Policy Center","year":"2012"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B66","author":"ENISA","year":"2015"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B67","author":"Anti-Phishing Working Group"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B68","author":"Forum of Incident Response and Security Teams"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B69","author":"Forum of Incident Response and Security Teams"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B70","author":"Messaging, Malware and Mobile Anti-Abuse Working Group"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B71","author":"National Cyber-Forensics & Training Alliance"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B72","author":"Forbes"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B73","author":"National Cyber-Forensics & Training Alliance"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B74","author":"ISAC Council","year":"2004"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B75","volume-title":"Guns and Butter: The Political Economy of International Security","author":"Eckert","year":"2005"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B76","author":"FS-ISAC"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B77","author":"FS-ISAC"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B78","author":"FS-ISAC"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B79","author":"SWIFT"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B80","author":"Spamhaus"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B81","author":"Shadowserver"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B82","first-page":"13","author":"Metcalf","year":"2015"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B83","author":"Catota","year":"2016"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B84","author":"FS-ISAC","year":"2015"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B85","article-title":"Attack trees - modeling security threats","author":"Schneier","year":"1999","journal-title":"Dr. Dobb\u2019s J"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B86","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.cosrev.2014.07.001","article-title":"DAG-based attack and defense modeling: don\u2019t miss the forest for the attack trees","volume":"13\u201314","author":"Kordy","year":"2014","journal-title":"Comput Sci Rev"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B87","doi-asserted-by":"crossref","first-page":"34","DOI":"10.1007\/s00766-004-0194-4","article-title":"Eliciting security requirements with misuse cases","volume":"10","author":"Sindre","year":"2005","journal-title":"Requir Eng"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B88","doi-asserted-by":"crossref","first-page":"31","DOI":"10.1016\/j.cose.2004.06.011","article-title":"A taxonomy of network and computer attacks","volume":"24","author":"Hansman","year":"2005","journal-title":"Comput Secur"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B89","doi-asserted-by":"crossref","DOI":"10.21236\/ADA609863","volume-title":"A taxonomy of operational cyber security risks version 2","author":"Cebula","year":"2014"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B90","author":"Howard","year":"1997"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B91","doi-asserted-by":"crossref","DOI":"10.2172\/751004","volume-title":"A common language for computer security incidents","author":"Howard","year":"1998"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B92","first-page":"80","article-title":"Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains","volume":"1","author":"Hutchins","year":"2011","journal-title":"6th Annu Int Conf Inf Warf Secur"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B93","author":"Caltagirone","year":"2013"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B94"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B95","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/2635673","article-title":"A survey of interdependent information security games","volume":"47","author":"Laszka","year":"2015","journal-title":"ACM Comput Surv (CSUR)"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B96","doi-asserted-by":"crossref","first-page":"461","DOI":"10.1016\/j.jaccpubpol.2003.09.001","article-title":"Sharing information on computer systems security\u202f: an economic analysis","volume":"22","author":"Gordon","year":"2003","journal-title":"J Account Public Policy"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B97","volume-title":"Cybersecurity and information sharing: legal challenges and solutions","author":"Nolan","year":"2015"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B98","first-page":"57","author":"Bhatia","year":"2016"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B99","doi-asserted-by":"crossref","first-page":"186","DOI":"10.1287\/isre.1050.0053","article-title":"The economic incentives for sharing security information","volume":"16","author":"Gal-Or","year":"2005","journal-title":"Inf Syst Res"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B100","first-page":"497","article-title":"Is cybersecurity a public good? Evidence from the financial services industry","volume":"1","author":"Powell","year":"2005","journal-title":"J Econ Pol"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B101","doi-asserted-by":"crossref","first-page":"1073","DOI":"10.1093\/qje\/100.Supplement.1073","article-title":"Adam Smith and the prisoners\u2019 dilema","volume":"100","author":"Tullock","year":"1985","journal-title":"Q J Econ"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B102","author":"Robinson","year":"2010"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B103","author":"Lampson","year":"2004"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B104","doi-asserted-by":"crossref","first-page":"70","DOI":"10.1162\/DAED_a_00116","article-title":"Doctrine for cybersecurity","volume":"140","author":"Mulligan","year":"2011","journal-title":"Daedalus"},{"key":"key\n\t\t\t\t2019012508464750500_tyy002-B105","doi-asserted-by":"crossref","first-page":"11","DOI":"10.1080\/17440572.2016.1197123","article-title":"The online stolen data market: disruption and intervention approaches","volume":"18","author":"Hutchings","year":"2016","journal-title":"Glob Crime"}],"container-title":["Journal of Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/academic.oup.com\/cybersecurity\/article-pdf\/4\/1\/tyy002\/27126908\/tyy002.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,10,17]],"date-time":"2019-10-17T07:14:37Z","timestamp":1571296477000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article\/doi\/10.1093\/cybsec\/tyy002\/4990518"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,1,1]]},"references-count":105,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2018,4,30]]},"published-print":{"date-parts":[[2018,1,1]]}},"URL":"https:\/\/doi.org\/10.1093\/cybsec\/tyy002","relation":{},"ISSN":["2057-2085","2057-2093"],"issn-type":[{"value":"2057-2085","type":"print"},{"value":"2057-2093","type":"electronic"}],"subject":[],"published-other":{"date-parts":[[2018]]},"published":{"date-parts":[[2018,1,1]]}}}