SoK: A Taxonomy for Cybersecurity Incident Response Influence Factors

📅 2026-07-02
📈 Citations: 0
Influential: 0
📄 PDF
🤖 AI Summary
This study addresses the absence of a systematic, cross-disciplinary framework for organizing knowledge about factors influencing cybersecurity incident response. Through a comprehensive systematic literature review synthesizing 417 academic and 40 non-academic sources, the authors integrate perspectives from technical domains, human-computer interaction, organizational theory, and human factors to develop the Cybersecurity Incident Response Influencing Factors Taxonomy (CIR-IF)—the first structured and holistic classification scheme in this area. Empirical comparison demonstrates that the CIR-IF taxonomy substantially outperforms seven existing frameworks, including the NIST Cybersecurity Framework, in both breadth of coverage and structural rigor, thereby establishing a foundational knowledge base for advancing both research and practice in incident response.
📝 Abstract
Cybersecurity incident response has emerged as a critical area of interest for both researchers and practitioners. The corpus of literature on cybersecurity incident response is expanding, yet a unified framework for systematically organizing the accumulated knowledge remains absent. The aspects of incident response span multiple domains, including technology, human-computer interaction, organizational theory, and human factors. A comprehensive, integrative perspective on these factors can enable researchers to identify underexplored areas and more effectively target their empirical and theoretical investigations. Our study systematizes the factors that influence organizational preparedness for and response to cybersecurity incidents. Through a systematic review of academic literature (n = 417) and non-scientific publications (n = 40), we derived the "Cybersecurity Incident Response Influencing Factor Taxonomy" (\textit{CIR-IF Taxonomy}). Existing empirical findings were classified within this taxonomy, providing a comprehensive and up-to-date overview of knowledge from the period 1999 to mid-2024. The taxonomy categories were systematically compared with seven established scientific frameworks and with the \textit{NIST Cyber Security Framework} elements referenced in the \textit{NIST Special Publication 800-61r3} incident response profile. The results of this comparison show that the \textit{CIR-IF Taxonomy} delivers a richer, more rigorous, and more systematically organized view of the factors that drive and shape incident response.
Problem

Research questions and friction points this paper is trying to address.

cybersecurity incident response
influence factors
taxonomy
knowledge organization
systematic framework
Innovation

Methods, ideas, or system contributions that make the work stand out.

Cybersecurity Incident Response
Taxonomy
Systematic Literature Review
Influencing Factors
NIST Framework
🔎 Similar Papers
No similar papers found.
T
Thomas Biege
FH Münster University of Applied Sciences, Steinfurt, Germany
M
Marius Brockhoff
Fraunhofer SIT and National Research Center for Applied Cybersecurity ATHENE, Steinfurt, Germany
J
Jonas Kaspereit
FH Münster University of Applied Sciences, Steinfurt, Germany
Fabian Ising
Fabian Ising
Fraunhofer SIT, ATHENE, FH Münster
IT Security
Lea Gröber
Lea Gröber
Lahore University of Management Sciences (LUMS)
Usable Security and Privacy
Sebastian Schinzel
Sebastian Schinzel
Münster University of Applied Sciences, Fraunhofer SIT, Athene
Computer Security