{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,9]],"date-time":"2025-10-09T13:21:18Z","timestamp":1760016078034,"version":"3.41.2"},"reference-count":24,"publisher":"Emerald","issue":"3","license":[{"start":{"date-parts":[[2015,7,13]],"date-time":"2015-07-13T00:00:00Z","timestamp":1436745600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015,7,13]]},"abstract":"Purpose<\/jats:title>\u2013 The purpose of this paper is to investigate the work practices of network security professionals and to propose a new and robust work practices model of these professionals.<\/jats:p><\/jats:sec>Design\/methodology\/approach<\/jats:title>\u2013 The proposed work practices model is composed by combining the findings of ten notable empirical studies performed so far this century. The proposed model was then validated by an online survey of 125 network security professionals with a wide demographic spread.<\/jats:p><\/jats:sec>Findings<\/jats:title>\u2013 The empirical data collected from the survey of network security professionals strongly validate the proposed work practices model. The results also highlight interesting trends for different groups of network security professionals, with respect to performing different security-related activities.<\/jats:p><\/jats:sec>Research limitations\/implications<\/jats:title>\u2013 Further studies could investigate more closely the links and dependencies between the different activities of the proposed work practices model and tools used by network security professionals to perform these activities.<\/jats:p><\/jats:sec>Practical implications<\/jats:title>\u2013 A robust work practices model of network security professionals could hugely assist tool developers in designing usable tools for network security management.<\/jats:p><\/jats:sec>Originality\/value<\/jats:title>\u2013 This paper proposes a new work practices model of network security professionals, which is built by consolidating existing empirical evidence and validated by conducting a survey of network security professionals. The findings enhance the understanding of tool developers about the day-to-day activities of network security professionals, consequently assisting developers in designing better tools for network security management.<\/jats:p><\/jats:sec>","DOI":"10.1108\/ics-07-2014-0049","type":"journal-article","created":{"date-parts":[[2015,6,10]],"date-time":"2015-06-10T13:45:13Z","timestamp":1433943913000},"page":"347-367","source":"Crossref","is-referenced-by-count":5,"title":["Investigating the work practices of network security professionals"],"prefix":"10.1108","volume":"23","author":[{"given":"Muhammad","family":"Adnan","sequence":"first","affiliation":[]},{"given":"Mike","family":"Just","sequence":"additional","affiliation":[]},{"given":"Lynne","family":"Baillie","sequence":"additional","affiliation":[]},{"given":"Hilmi Gunes","family":"Kayacik","sequence":"additional","affiliation":[]}],"member":"140","reference":[{"key":"key2020122220090616800_b1","doi-asserted-by":"crossref","unstructured":"Armstrong, R.A. (2014), \u201cWhen to use the Bonferroni correction\u201d, Ophthalmic and Physiological Optics , Vol. 34 No. 5, pp. 502-508.","DOI":"10.1111\/opo.12131"},{"key":"key2020122220090616800_b2","unstructured":"Biros, D.P. and Eppich, T. (2001), \u201cHuman element key to intrusion detection\u201d, available at: www.afcea.org\/content\/?q=node\/516 (accessed 7 January 2014)."},{"key":"key2020122220090616800_b3","doi-asserted-by":"crossref","unstructured":"Botta, D. , Werlinger, R. , Gagne, A. , Beznosov, B. , Iverson, L. , Fels, S. and Fisher, B. (2007), \u201cTowards understanding IT security professionals and their tools\u201d, Proceedings of Symposium on Usable Privacy and Security (SOUPS), ACM, pp. 100-111.","DOI":"10.1145\/1280680.1280693"},{"key":"key2020122220090616800_b4","unstructured":"Cichonski, P. , Millar, T. , Grance, T. and Scarfone, K. (2012), \u201cComputer security incident handling guide\u201d, available at: http:\/\/csrc.nist.gov\/publications\/nistpubs\/800-61rev2\/SP800-61rev2.pdf (accessed 10 February 2014)."},{"key":"key2020122220090616800_b5","doi-asserted-by":"crossref","unstructured":"D\u2019Amico, A. and Whitley, K. (2008), \u201cReal work of computer network defense analysts\u201d, Proceedings of VizSEC 2007 , Springer, Heidelberg, pp. 19-37.","DOI":"10.1007\/978-3-540-78243-8_2"},{"key":"key2020122220090616800_b6","doi-asserted-by":"crossref","unstructured":"D\u2019Amico, A. , Whitley, K. , Tesone, D. , O\u2019Brien, B. and Roth, E. (2005), \u201cAchieving cyber defense situational awareness: a cognitive task analysis of information assurance analysts\u201d, Proceedings of the Human Factors and Ergonomics Society Annual Meeting , Vol. 49 No. 3, pp. 229-233.","DOI":"10.1177\/154193120504900304"},{"key":"key2020122220090616800_b7","doi-asserted-by":"crossref","unstructured":"Dlamini, M.T. , Eloff, J.H. and Eloff, M.M. (2009), \u201cInformation security: the moving target\u201d, Computers & Security , Vol. 28 No. 3, pp. 189-198.","DOI":"10.1016\/j.cose.2008.11.007"},{"key":"key2020122220090616800_b8","doi-asserted-by":"crossref","unstructured":"Goel, S. and Shawky, H.A. (2009), \u201cEstimating the market impact of security breach announcements on firm values\u201d, Information & Management , Vol. 46 No. 7, pp. 404-410.","DOI":"10.1016\/j.im.2009.06.005"},{"key":"key2020122220090616800_b9","unstructured":"Goodall, J.R. , Lutters, W.G. and Komlodi, A. (2004b), \u201cThe work of intrusion detection: rethinking the role of security analysts\u201d, Proceedings of 10th Americas Conference on Information Systems (AMCIS), New York, NY, pp. 1421-1427."},{"key":"key2020122220090616800_b10","unstructured":"Goodall, J.R. , Lutters, W.J. and Komlodi, A. (2009), \u201cSupporting intrusion detection work practice\u201d, Journal of Information System Security , Vol. 5 No. 2, pp. 42-73."},{"key":"key2020122220090616800_b11","doi-asserted-by":"crossref","unstructured":"Hawkey, K. , Muldner, K. and Beznosov, K. (2008), \u201cSearching for the right fit: balancing IT security management model trade-offs\u201d, Internet Computing, IEEE , Vol. 12 No. 3, pp. 22-30.","DOI":"10.1109\/MIC.2008.61"},{"key":"key2020122220090616800_b12","unstructured":"Kandogan, E. and Haber, E.M. (2005), \u201cSecurity administration tools and practices\u201d, Security and Usability: Designing Secure Systems that People can Use , O\u2019Reilly, Sebastopol, CA, pp. 357-378."},{"key":"key2020122220090616800_b13","doi-asserted-by":"crossref","unstructured":"Killcrece, G. , Kossakowski, K. , Ruefle, R. and Zajicek, M. (2003a), \u201cState of the practice of computer security incident response teams (CSIRTs)\u201d, available at: https:\/\/resources.sei.cmu.edu\/asset_files\/TechnicalReport\/2003_005_001_14204.pdf (accessed 12 January 2014).","DOI":"10.21236\/ADA421684"},{"key":"key2020122220090616800_b14","doi-asserted-by":"crossref","unstructured":"Killcrece, G. , Kossakowski, K.P. , Ruefle, R. and Zajicek, M. (2003b), \u201cOrganizational models for computer security incident response teams (CSIRTs)\u201d, available at: http:\/\/resources.sei.cmu.edu\/asset_files\/Handbook\/2003_002_001_14099.pdf (accessed 20 January 2014).","DOI":"10.21236\/ADA421684"},{"key":"key2020122220090616800_b15","doi-asserted-by":"crossref","unstructured":"Komlodi, A. , Goodall, J.R. and Lutters, W.G. (2004), \u201cAn information visualization framework for intrusion detection\u201d, CHI\u201904 Extended Abstracts , ACM, pp. 1743-1746.","DOI":"10.1145\/985921.1062935"},{"key":"key2020122220090616800_b16","doi-asserted-by":"crossref","unstructured":"Perneger, T.V. (1998), \u201cWhat\u2019s wrong with Bonferroni adjustments\u201d, British Medical Journal , Vol. 316 No. 7139, pp. 1236-1238.","DOI":"10.1136\/bmj.316.7139.1236"},{"key":"key2020122220090616800_b17","doi-asserted-by":"crossref","unstructured":"Posey, C. , Roberts, T.L. , Lowry, P.B. and Hightower, R.T. (2014), \u201cBridging the divide: a qualitative comparison of information security thought patterns between information security professionals and ordinary organizational insiders\u201d, Information & Management , Vol. 51 No. 5, pp. 551-567.","DOI":"10.1016\/j.im.2014.03.009"},{"key":"key2020122220090616800_b18","doi-asserted-by":"crossref","unstructured":"Shiravi, H. , Shiravi, A. and Ghorbani, A.A. (2012), \u201cA survey of visualisation systems for network security\u201d, IEEE Transactions on Visualization and Computer Graphics , Vol. 18 No. 8, pp. 1313-1329.","DOI":"10.1109\/TVCG.2011.144"},{"key":"key2020122220090616800_b19","unstructured":"Stolze, M. , Pawlitzek, R. and Hild, S. (2003a), \u201cTask support for network security monitoring\u201d, Proceedings of the SIGCHI Workshop on System Administrators Are Users, Too: Designing Workspaces for Managing Internet-Scale Systems, ACM."},{"key":"key2020122220090616800_b20","unstructured":"Stolze, M. , Pawlitzek, R. and Wespi, A. (2003b), \u201cVisual problem-solving support for new event triage in centralized network security monitoring: challenges, tools and benefits\u201d, Proceedings of the international conference on IT-Incident Management & IT-Forensics (IMF), Stuttgart, pp. 67-76, available at: http:\/\/dblp.uni-trier.de\/db\/conf\/sidar\/sidar2003.html"},{"key":"key2020122220090616800_b21","doi-asserted-by":"crossref","unstructured":"Thompson, R.S. , Rantanen, E. and Yurcik, W. (2006), \u201cNetwork intrusion detection cognitive task analysis: textual and visual tool usage and recommendations\u201d, Proceedings of Human Factors and Ergonomics Society Annual Meeting (HFES) , Vol. 50 No. 5, pp. 669-673.","DOI":"10.1177\/154193120605000511"},{"key":"key2020122220090616800_b22","doi-asserted-by":"crossref","unstructured":"Werlinger, R. , Hawkey, K. , Botta, D. and Beznosov, K. (2009), \u201cSecurity practitioners in context: their activities and interactions with other stakeholders within organizations\u201d, International Journal of Human Computer Studies , Vol. 67 No. 7, pp. 584-606.","DOI":"10.1016\/j.ijhcs.2009.03.002"},{"key":"key2020122220090616800_b23","doi-asserted-by":"crossref","unstructured":"Werlinger, R. , Muldner, K. , Hawkey, K. and Beznosov, K. (2010), \u201cPreparation, detection, and analysis the diagnostic work of IT security incident response\u201d, Information Management & Computer Security , Vol. 18 No. 1, pp. 26-42.","DOI":"10.1108\/09685221011035241"},{"key":"key2020122220090616800_b24","doi-asserted-by":"crossref","unstructured":"West-Brown, M.J. , Stikvoort, D. , Kossakowski, K.P. , Killcrece, G. and Ruefle, R. (2003), \u201cHandbook for computer security incident response teams\u201d, available at: www.sei.cmu.edu\/reports\/03hb002.pdf (accessed 22 January 2014).","DOI":"10.21236\/ADA413778"}],"container-title":["Information & Computer Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/ICS-07-2014-0049","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-07-2014-0049\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-07-2014-0049\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:23:00Z","timestamp":1753406580000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/23\/3\/347-367\/109584"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,7,13]]},"references-count":24,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2015,7,13]]}},"alternative-id":["10.1108\/ICS-07-2014-0049"],"URL":"https:\/\/doi.org\/10.1108\/ics-07-2014-0049","relation":{},"ISSN":["2056-4961"],"issn-type":[{"type":"print","value":"2056-4961"}],"subject":[],"published":{"date-parts":[[2015,7,13]]}}}