Cybersecurity Incident Response in Organisations: A Meta-level Framework for Scenario-based Training

Cybersecurity incident response teams mitigate the impact of adverse cyber-related events in organisations. Field studies of IR teams suggest that at present the process of IR is under-developed with a focus on the technological dimension with little consideration of practice capability. To address this gap, we develop a scenario-based training approach to assist organisations to overcome socio-technical barriers to incident response. The training approach is informed by a comprehensive list of socio-technical barriers compiled from a comprehensive review of the literature. Our primary contribution is a novel meta-level framework to generate scenarios specifically targeting socio-technical issues. To demonstrate the utility of the framework, a proof-of-concept scenario is presented.