{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,10]],"date-time":"2026-06-10T17:43:15Z","timestamp":1781113395610,"version":"3.54.1"},"reference-count":106,"publisher":"Association for Computing Machinery (ACM)","issue":"CSCW2","license":[{"start":{"date-parts":[[2021,10,13]],"date-time":"2021-10-13T00:00:00Z","timestamp":1634083200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Proc. ACM Hum.-Comput. Interact."],"published-print":{"date-parts":[[2021,10,13]]},"abstract":"Malicious communications aimed at tricking employees are a serious threat for organizations, necessitating the creation of procedures and policies for quickly respond to ongoing attacks. While automated measures provide some protection, they cannot completely protect an organization. In this case study, we use interviews and observations to explore the processes staff at a large University use when handling reports of malicious communication, including how the help desk processes reports, whom they escalate them to, and how teams who manage protections such as the firewalls and mail relays use these reports to improve defenses. We found that the process and work patterns are a distributed cognitive process requiring multiple distinct teams with narrow system access and tactic knowledge. Sudden large campaigns were found to overwhelm the help desk with reports, greatly impacting staff's workflow and hindering the effective application of mitigations and the potential for reflection. We detail potential improvements to ticketing systems and reflect on ITIL, a common framework of best practice in IT management.<\/jats:p>","DOI":"10.1145\/3476079","type":"journal-article","created":{"date-parts":[[2021,10,19]],"date-time":"2021-10-19T02:30:11Z","timestamp":1634610611000},"page":"1-32","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":20,"title":["A Case Study of Phishing Incident Response in an Educational Organization"],"prefix":"10.1145","volume":"5","author":[{"given":"Kholoud","family":"Althobaiti","sequence":"first","affiliation":[{"name":"The University of Edinburgh & Taif University, Edinburgh, United Kingdom"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Adam D G","family":"Jenkins","sequence":"additional","affiliation":[{"name":"University of Edinburgh, Edinburgh, United Kingdom"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Kami","family":"Vaniea","sequence":"additional","affiliation":[{"name":"University of Edinburgh, Edinburgh, United Kingdom"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2021,10,18]]},"reference":[{"key":"e_1_2_1_1_1","volume-title":"Who Uses ITIL in 2020? https:\/\/www.bmc.com\/blogs\/who-uses-itil\/. Accessed","author":"Joe Hertvik June","year":"2019","unstructured":"June 10 and Joe Hertvik. 2020. Who Uses ITIL in 2020? https:\/\/www.bmc.com\/blogs\/who-uses-itil\/. Accessed June. 2019."},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2012.04.001"},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/itng.2009.109"},{"key":"e_1_2_1_4_1","volume-title":"2018 Symposium on Digital Behaviour Intervention for Cyber Security (AISB)","author":"Althobaiti Kholoud","year":"2018","unstructured":"Kholoud Althobaiti, Kami Vaniea, and Serena Zheng. 2018. Faheem: Explaining URLs to people using a Slack bot. In 2018 Symposium on Digital Behaviour Intervention for Cyber Security (AISB). University of Liverpool, Liverpool, UK, 1--8. http:\/\/aisb2018.csc.liv.ac.uk\/PROCEEDINGS%20AISB2018\/Digital%20Behaviour%20Interventions%20for%20CyberSecurity%20-%20AISB2018.pdf"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.chb.2016.02.065"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.aei.2004.11.001"},{"key":"e_1_2_1_7_1","volume-title":"Report Phishing. https:\/\/education.apwg.org\/report-cybercrime\/. Accessed","author":"Baunfire CMS","year":"2019","unstructured":"SparkCMS by Baunfire.com. 2020. Report Phishing. https:\/\/education.apwg.org\/report-cybercrime\/. Accessed 2019."},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10111-010-0159-y"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/1280680.1280693"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSPW51379.2020.00069"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0142--694X(00)00028--4"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.14722\/usec.2015.23009"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/msp.2013.106"},{"key":"e_1_2_1_14_1","volume-title":"14th Americas Conference on Information Systems, AMCIS. Association for Information Systems","author":"Carr Christopher L.","year":"2008","unstructured":"Christopher L. Carr, Patrick J. Bateman, and Saral J. Navlakha. 2008. They Call for Help, But Don't Always Listen: The Development of the User-Help Desk Knowledge Application Model. In Learning from the past & charting the future of the discipline. 14th Americas Conference on Information Systems, AMCIS. Association for Information Systems, Toronto, Ontario, Canada, 387. http:\/\/aisel.aisnet.org\/amcis2008\/387"},{"key":"e_1_2_1_15_1","volume-title":"SOUPS Workshop on USAble IT Security Management (USM). CiteSeerX","author":"Chiasson Sonia","year":"2007","unstructured":"Sonia Chiasson, PC van Oorschot, and Robert Biddle. 2007. Even experts deserve USAble security: Design guidelines for security management systems. In SOUPS Workshop on USAble IT Security Management (USM). CiteSeerX, Pittsburgh, PA, USA, 1--4."},{"key":"e_1_2_1_16_1","volume-title":"High Precision Detection of Business Email Compromise. In 28th USENIX Security Symposium, USENIX Security. USENIX Association","author":"Cidon Asaf","year":"2019","unstructured":"Asaf Cidon, Lior Gavish, Itay Bleier, Nadia Korshun, Marco Schweighauser, and Alexey Tsitkin. 2019. High Precision Detection of Business Email Compromise. In 28th USENIX Security Symposium, USENIX Security. USENIX Association, Santa Clara, CA, USA, 1291--1307. https:\/\/www.usenix.org\/conference\/usenixsecurity19\/presentation\/cidon"},{"key":"e_1_2_1_17_1","volume-title":"COBIT: Control Objectives for Information Technologies. https:\/\/www.isaca.org\/resources\/cobit. Accessed","author":"Cobit","year":"2020","unstructured":"Cobit 2020. COBIT: Control Objectives for Information Technologies. https:\/\/www.isaca.org\/resources\/cobit. Accessed 10 Oct. 2020."},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/1294046.1294056"},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382456.2382493"},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/169891.169991"},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSPW.2019.00028"},{"key":"e_1_2_1_22_1","volume-title":"Official Statistics Cyber Security Breaches Survey 2020--","author":"Media & Sport Department for Digital, Culture. 2020.","unstructured":"Media & Sport Department for Digital, Culture. 2020. Official Statistics Cyber Security Breaches Survey 2020-- Chapter 5: Incidence and impact of breaches or attacks. Technical Report. National Cyber Security Centre. Also available as https:\/\/www.gov.uk\/government\/publications\/cyber-security-breaches-survey-2020\/cyber-security-breaches-survey-2020. Accessed Jan. 2021."},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/1124772.1124861"},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/compsac.2016.105"},{"key":"e_1_2_1_25_1","volume-title":"Information Security South Africa Conference 2009, School of Tourism & Hospitality, Proceedings ISSA2009. ISSA, Pretoria, South Africa","author":"Frauenstein Edwin Donald","year":"2009","unstructured":"Edwin Donald Frauenstein and Rossouw von Solms. 2009. Phishing: How an Organization can Protect Itself. In Information Security South Africa Conference 2009, School of Tourism & Hospitality, Proceedings ISSA2009. ISSA, Pretoria, South Africa, University of Johannesburg, Johannesburg, South Africa, 253--268. http:\/\/icsa.cs.up.ac.za\/issa\/2009\/Proceedings\/Full\/12%5FPaper.pdf"},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1007\/978--3--642--39377--8_22"},{"key":"e_1_2_1_27_1","volume-title":"23rd Americas Conference on Information Systems, AMCIS. Association for Information Systems","author":"Grispos George","year":"2017","unstructured":"George Grispos, William Bradley Glisson, David Bourrie, Tim Storer, and Stacy Miller. 2017. Security Incident Recognition and Reporting (SIRR): An Industrial Perspective. In 23rd Americas Conference on Information Systems, AMCIS. Association for Information Systems, Boston, MA, USA, 1--10. http:\/\/aisel.aisnet.org\/amcis2017\/InformationSystems\/Presentations\/15"},{"key":"e_1_2_1_28_1","volume-title":"SOUPS Workshop on USAble IT Security Management (USM). CiteSeerX","author":"Eben","unstructured":"Eben M. Haber and Eser Kandogan. 2007. Security administrators: A breed apart. In SOUPS Workshop on USAble IT Security Management (USM). CiteSeerX, Pittsburgh, PA, USA, 3--6."},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/1031607.1031657"},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/3368691.3368705"},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1080\/17538157.2016.1255629"},{"key":"e_1_2_1_32_1","volume-title":"28th USENIX Security Symposium. USENIX Association","author":"Ho Grant","unstructured":"Grant Ho, Asaf Cidon, Lior Gavish, Marco Schweighauser, Vern Paxson, Stefan Savage, Geoffrey M. Voelker, and David A. Wagner. 2019. Detecting and Characterizing Lateral Phishing at Scale. In 28th USENIX Security Symposium. USENIX Association, Santa Clara, CA, USA, 1273--1290. https:\/\/www.usenix.org\/conference\/usenixsecurity19\/presentation\/ho"},{"key":"e_1_2_1_33_1","volume-title":"Detecting Credential Spearphishing in Enterprise Settings. In 26th USENIX Security Symposium, USENIX Security. USENIX Association","author":"Ho Grant","unstructured":"Grant Ho, Aashish Sharma, Mobin Javed, Vern Paxson, and David A. Wagner. 2017. Detecting Credential Spearphishing in Enterprise Settings. In 26th USENIX Security Symposium, USENIX Security. USENIX Association, Vancouver, BC, Canada, 469--485. https:\/\/www.usenix.org\/conference\/usenixsecurity17\/technical-sessions\/presentation\/ho"},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/353485.353487"},{"key":"e_1_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1016\/B978-0-08-051574--8.50028--5"},{"key":"e_1_2_1_36_1","volume-title":"Report Phishing Sites. https:\/\/www.us-cert.gov\/report-phishing. Accessed","author":"Homeland Phishing","year":"2020","unstructured":"Homeland Phishing Reporting 2020. Report Phishing Sites. https:\/\/www.us-cert.gov\/report-phishing. Accessed May. 2020."},{"key":"e_1_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/2063176.2063197"},{"key":"e_1_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/ares.2014.46"},{"key":"e_1_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1037\/10096-012"},{"key":"e_1_2_1_40_1","article-title":"New method of forensic computing in a small organization","volume":"5","author":"Ismail Suhaila","year":"2011","unstructured":"Suhaila Ismail, Arniyati Ahmad, and Mohd Afizi Mohd Shukran. 2011. New method of forensic computing in a small organization. Australian Journal of Basic and Applied Sciences 5, 9 (2011), 2019e25.","journal-title":"Australian Journal of Basic and Applied Sciences"},{"key":"e_1_2_1_41_1","volume-title":"Phishing Staff Awareness E-Learning Course. https:\/\/www.itgovernance.co.uk\/shop\/product\/phishing-staff-awareness-e-learning-course. Accessed","author":"IT","year":"2020","unstructured":"IT governance training 2020. Phishing Staff Awareness E-Learning Course. https:\/\/www.itgovernance.co.uk\/shop\/product\/phishing-staff-awareness-e-learning-course. Accessed May. 2020."},{"key":"e_1_2_1_42_1","volume-title":"ITIL- IT service management. https:\/\/www.axelos.com\/best-practice-solutions\/itil. Accessed","author":"Itil","year":"2020","unstructured":"Itil 2021. ITIL- IT service management. https:\/\/www.axelos.com\/best-practice-solutions\/itil. Accessed 10 Oct. 2020."},{"key":"e_1_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1080\/0144929x.2011.632650"},{"key":"e_1_2_1_44_1","volume-title":"Examining Challenges in IT Service Desk System and Processes: A Case Study. In The Seventh International Conference on Systems(ICONS). 105--108","author":"J\u00e4ntti M.","year":"2012","unstructured":"M. J\u00e4ntti. 2012. Examining Challenges in IT Service Desk System and Processes: A Case Study. In The Seventh International Conference on Systems(ICONS). 105--108."},{"key":"e_1_2_1_45_1","volume-title":"Combating Phishing Attacks: A Knowledge Management Approach. In 50th Hawaii International Conference on System Sciences, HICSS. ScholarSpace \/ AIS Electronic Library (AISeL), Hilton Waikoloa Village","author":"Jensen Matthew L.","unstructured":"Matthew L. Jensen, Alexandra Durcikova, and Ryan T. Wright. January 4--7, 2017. Combating Phishing Attacks: A Knowledge Management Approach. In 50th Hawaii International Conference on System Sciences, HICSS. ScholarSpace \/ AIS Electronic Library (AISeL), Hilton Waikoloa Village, Hawaii, USA, 1--10. http:\/\/hdl.handle.net\/10125\/41681"},{"key":"e_1_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1093\/acprof:oso\/9780195374124.001.0001"},{"key":"e_1_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1007\/978--3--642--39218--4_28"},{"key":"e_1_2_1_48_1","volume-title":"6th International Conference for Internet Technology and Secured Transactions, ICITST. IEEE, Abu Dhabi, UAE, 416--421","author":"Khonji Mahmoud","year":"2011","unstructured":"Mahmoud Khonji, Youssef Iraqi, and Andrew Jones. 2011. Mitigation of spear phishing attacks: A Content-based Authorship Identification framework. In 6th International Conference for Internet Technology and Secured Transactions, ICITST. IEEE, Abu Dhabi, UAE, 416--421. http:\/\/ieeexplore.ieee.org\/document\/6148475\/"},{"key":"e_1_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1371\/journal.pone.0205089"},{"key":"e_1_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1007\/978--3--642--27937--9_5"},{"key":"e_1_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354239"},{"key":"e_1_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1007\/978--1--4842--2164--8"},{"key":"e_1_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/1240624.1240760"},{"key":"e_1_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/1754393.1754396"},{"key":"e_1_2_1_55_1","volume-title":"An empirical analysis of cyber security incidents at a large organization. Department of Management Science and Engineering","author":"Kuypers Marshall A","unstructured":"Marshall A Kuypers, Thomas Maillart, and Elisabeth Pat\u00e9-Cornell. 2016. An empirical analysis of cyber security incidents at a large organization. Department of Management Science and Engineering, Stanford University, School of Information, UC Berkeley, http:\/\/fsi.stanford.edu\/sites\/default\/files\/kuypersweis_v7.pdf, accessed July 30 (2016), 1--22."},{"key":"e_1_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.tele.2020.101343"},{"key":"e_1_2_1_57_1","volume-title":"Apate: Anti-Phishing Analysing and Triaging Environment (Poster). In 36th IEEESymposium on Security and Privacy","author":"Lastdrager E.E.H.","year":"2015","unstructured":"E.E.H. Lastdrager, Pieter H. Hartel, and Marianne Junger. 2015. Apate: Anti-Phishing Analysing and Triaging Environment (Poster). In 36th IEEESymposium on Security and Privacy. IEEE Computer Society, United States, 2."},{"key":"e_1_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1109\/imf.2018.00015"},{"key":"e_1_2_1_59_1","volume-title":"IsecT Ltd. 2013. ISO\/IEC 27002:2013 - Information technology - Security techniques - Code of practice for information security controls","year":"2020","unstructured":"IsecT Ltd. 2013. ISO\/IEC 27002:2013 - Information technology - Security techniques - Code of practice for information security controls (second edition). https:\/\/www.iso27001security.com\/html\/27002.html. Accessed May. 2020."},{"key":"e_1_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1007\/978--1--84628--901--9_6"},{"key":"e_1_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1093\/cybsec\/tyx008"},{"key":"e_1_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1145\/358916.358950"},{"key":"e_1_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1109\/imf.2011.15"},{"key":"e_1_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1108\/09685221211235616"},{"key":"e_1_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1145\/3347709.3347774"},{"key":"e_1_2_1_66_1","unstructured":"NCSC 2018. Phishing attacks: dealing with suspicious emails and messages. http:\/\/bit.ly\/3tTwQpC. Accessed Aug. 2019."},{"key":"e_1_2_1_67_1","volume-title":"Phishing attacks: defending your organisation. https:\/\/www.ncsc.gov.uk\/guidance\/phishing. Accessed","author":"NCSC","year":"2019","unstructured":"NCSC guidance 2018. Phishing attacks: defending your organisation. https:\/\/www.ncsc.gov.uk\/guidance\/phishing. Accessed Feb. 2019."},{"key":"e_1_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1088\/1757--899x\/306\/1\/012110"},{"key":"e_1_2_1_69_1","doi-asserted-by":"publisher","DOI":"10.1145\/1718918.1718976"},{"key":"e_1_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICAC49085.2019.9103388"},{"key":"e_1_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.1016\/B978--155860808--5\/50008--3"},{"key":"e_1_2_1_72_1","doi-asserted-by":"publisher","DOI":"10.1080\/10580530902797540"},{"key":"e_1_2_1_73_1","volume-title":"18th Annual conference of the national advisory committee on computing qualifications. CiteSeerX, CiteSeerX, Tauranga, NZ, 423--427","author":"Potgieter BC","year":"2005","unstructured":"BC Potgieter, JH Botha, and C Lew. 2005. Evidence that use of the ITIL framework is effective. In 18th Annual conference of the national advisory committee on computing qualifications. CiteSeerX, CiteSeerX, Tauranga, NZ, 423--427."},{"key":"e_1_2_1_74_1","doi-asserted-by":"publisher","DOI":"10.1145\/295665.295692"},{"key":"e_1_2_1_75_1","doi-asserted-by":"publisher","DOI":"10.1108\/09685221211286548"},{"key":"e_1_2_1_76_1","unstructured":"PwC. 2015. Managing cyber risks in an interconnected world: Key findings from the global state of information security. Technical Report. The Global State of Information Security. Also available as https:\/\/www.pwc.com\/gx\/en\/consulting-services\/information-security-survey\/assets\/the-global-state-of-information-security-survey-2015.pdf. Accessed Aug. 2020."},{"key":"e_1_2_1_77_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978307"},{"key":"e_1_2_1_78_1","unstructured":"ProofPoint Phishing Report. 2019. State Of The Phish. Technical Report 1. Proofpoint Inc. 22 pages. https:\/\/doi.org\/10.1038\/sj.jp.7211019 Also available as https:\/\/bit.ly\/2O1n18O. Accessed May. 2019."},{"key":"e_1_2_1_79_1","unstructured":"ProofPoint Phishing Report. 2020. State Of The Phish-- An in-depth look at user awareness vulnerability and resilience. Technical Report 1. Proofpoint Inc. 48 pages. Also available as https:\/\/www.proofpoint.com\/sites\/default\/files\/gtd-pfpt-us-tr-state-of-the-phish-2020.pdf. Accessed Jan. 2021."},{"key":"e_1_2_1_80_1","doi-asserted-by":"publisher","DOI":"10.1023\/a:1011902718709"},{"key":"e_1_2_1_81_1","doi-asserted-by":"publisher","DOI":"10.1145\/1027802.1027848"},{"key":"e_1_2_1_82_1","doi-asserted-by":"publisher","DOI":"10.1109\/tifs.2018.2871744"},{"key":"e_1_2_1_83_1","doi-asserted-by":"publisher","DOI":"10.1002\/meet.2008.1450450234"},{"key":"e_1_2_1_84_1","doi-asserted-by":"publisher","DOI":"10.4225\/75\/57b6771734788"},{"key":"e_1_2_1_85_1","doi-asserted-by":"publisher","DOI":"10.1145\/1280680.1280692"},{"key":"e_1_2_1_86_1","volume-title":"Measuring the Effectiveness of Embedded Phishing Exercises. In 10th USENIX Workshop on Cyber Security Experimentation and Test, CSET 2017","author":"Siadati Hossein","year":"2017","unstructured":"Hossein Siadati, Sean Palka, Avi Siegel, and Damon McCoy. 2017. Measuring the Effectiveness of Embedded Phishing Exercises. In 10th USENIX Workshop on Cyber Security Experimentation and Test, CSET 2017, August 14, 2017. USENIX Association, Vancouver, BC, Canada, 8. https:\/\/www.usenix.org\/conference\/cset17\/workshop-program\/presentation\/siadatii"},{"key":"e_1_2_1_87_1","doi-asserted-by":"publisher","DOI":"10.1145\/1027802.1027884"},{"key":"e_1_2_1_88_1","doi-asserted-by":"publisher","DOI":"10.1080\/01611190701743724"},{"key":"e_1_2_1_89_1","doi-asserted-by":"publisher","DOI":"10.1007\/978--3--319--20550--2_5"},{"key":"e_1_2_1_90_1","doi-asserted-by":"publisher","DOI":"10.25300\/MISQ\/2015\/39.2.09"},{"key":"e_1_2_1_91_1","doi-asserted-by":"publisher","DOI":"10.4236\/ti.2013.43022"},{"key":"e_1_2_1_92_1","first-page":"476","article-title":"A CBR-based Approach to ITIL-based Service Desk","volume":"2","author":"Farjadi Tehrani Abtin Refahi","year":"2011","unstructured":"Abtin Refahi Farjadi Tehrani and Faras Zuheir Mustafa Mohamed. 2011. A CBR-based Approach to ITIL-based Service Desk. Journal of Emerging Trends in Computing and Information Sciences 2, 10 (2011), 476--484. http:\/\/www.doaj.org\/doaj?func=fulltext&aId=868208","journal-title":"Journal of Emerging Trends in Computing and Information Sciences"},{"key":"e_1_2_1_93_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2014.05.003"},{"key":"e_1_2_1_94_1","volume-title":"Cognitive Triaging of Phishing Attacks. In 28th USENIX Security Symposium, USENIX Security. USENIX Association","author":"van der Heijden Amber","year":"2019","unstructured":"Amber van der Heijden and Luca Allodi. 2019. Cognitive Triaging of Phishing Attacks. In 28th USENIX Security Symposium, USENIX Security. USENIX Association, Santa Clara, CA, USA, 1309--1326. https:\/\/www.usenix.org\/conference\/usenixsecurity19\/presentation\/van-der-heijden"},{"key":"e_1_2_1_95_1","doi-asserted-by":"publisher","DOI":"10.1109\/tpc.2007.902660"},{"key":"e_1_2_1_96_1","unstructured":"Verizon. 2018. 2018 Data Breach Investigations Report. Technical Report. Verizon Trademark Services LLC. Also available as https:\/\/vz.to\/2Rzk8Zw. Accessed Aug. 2019."},{"key":"e_1_2_1_97_1","unstructured":"Verizon. 2019. 2019 Data Enterprise Phishing Resiliency and Defense Report Breach Investigations Report. Technical Report. Verizon Trademark Services LLC. Also available as https:\/\/vz.to\/2RukvJC. Accessed Jun. 2020."},{"key":"e_1_2_1_98_1","doi-asserted-by":"crossref","unstructured":"Verizon. 2020. 2020 Data Breach Investigations Report. Technical Report. Verizon Trademark Services LLC. Also available as https:\/\/vz.to\/3vKNI1K. Accessed Jun. 2020.","DOI":"10.1016\/S1361-3723(20)30059-2"},{"key":"e_1_2_1_99_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2017.02.004"},{"key":"e_1_2_1_100_1","doi-asserted-by":"publisher","DOI":"10.1145\/3173574.3174066"},{"key":"e_1_2_1_101_1","doi-asserted-by":"publisher","DOI":"10.1145\/1358628.1358931"},{"key":"e_1_2_1_102_1","doi-asserted-by":"publisher","DOI":"10.1108\/09685220910944722"},{"key":"e_1_2_1_103_1","doi-asserted-by":"publisher","DOI":"10.1108\/09685221011035241"},{"key":"e_1_2_1_104_1","doi-asserted-by":"publisher","DOI":"10.1145\/1477973.1477977"},{"key":"e_1_2_1_105_1","doi-asserted-by":"publisher","DOI":"10.1109\/iciea.2016.7603735"},{"key":"e_1_2_1_106_1","doi-asserted-by":"publisher","DOI":"10.1145\/3055305.3055310"}],"container-title":["Proceedings of the ACM on Human-Computer Interaction"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3476079","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3476079","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,14]],"date-time":"2025-07-14T04:55:38Z","timestamp":1752468938000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3476079"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,10,13]]},"references-count":106,"journal-issue":{"issue":"CSCW2","published-print":{"date-parts":[[2021,10,13]]}},"alternative-id":["10.1145\/3476079"],"URL":"https:\/\/doi.org\/10.1145\/3476079","relation":{},"ISSN":["2573-0142"],"issn-type":[{"value":"2573-0142","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,10,13]]},"assertion":[{"value":"2021-10-18","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}