🤖 AI Summary
This study addresses the absence of a systematic, cross-disciplinary framework for organizing knowledge about factors influencing cybersecurity incident response. Through a comprehensive systematic literature review synthesizing 417 academic and 40 non-academic sources, the authors integrate perspectives from technical domains, human-computer interaction, organizational theory, and human factors to develop the Cybersecurity Incident Response Influencing Factors Taxonomy (CIR-IF)—the first structured and holistic classification scheme in this area. Empirical comparison demonstrates that the CIR-IF taxonomy substantially outperforms seven existing frameworks, including the NIST Cybersecurity Framework, in both breadth of coverage and structural rigor, thereby establishing a foundational knowledge base for advancing both research and practice in incident response.
📝 Abstract
Cybersecurity incident response has emerged as a critical area of interest for both researchers and practitioners. The corpus of literature on cybersecurity incident response is expanding, yet a unified framework for systematically organizing the accumulated knowledge remains absent. The aspects of incident response span multiple domains, including technology, human-computer interaction, organizational theory, and human factors. A comprehensive, integrative perspective on these factors can enable researchers to identify underexplored areas and more effectively target their empirical and theoretical investigations. Our study systematizes the factors that influence organizational preparedness for and response to cybersecurity incidents. Through a systematic review of academic literature (n = 417) and non-scientific publications (n = 40), we derived the "Cybersecurity Incident Response Influencing Factor Taxonomy" (\textit{CIR-IF Taxonomy}). Existing empirical findings were classified within this taxonomy, providing a comprehensive and up-to-date overview of knowledge from the period 1999 to mid-2024. The taxonomy categories were systematically compared with seven established scientific frameworks and with the \textit{NIST Cyber Security Framework} elements referenced in the \textit{NIST Special Publication 800-61r3} incident response profile. The results of this comparison show that the \textit{CIR-IF Taxonomy} delivers a richer, more rigorous, and more systematically organized view of the factors that drive and shape incident response.