Abstract Organized, sophisticated and persistent cyber-threat-actors pose a significant challenge to large, high-value organizations. They are capable of disrupting and destroying cyber infrastructures, denying organizations access to IT services, and stealing sensitive information including intellectual property, trade secrets and customer data. Past research points to Situation Awareness as critical to effective response. However, most research has focused on the technological perspective with comparatively less focus on the practice perspective. We therefore present an in-depth case study of a leading financial organization with a well-resourced and mature incident response capability that has evolved as a result of experiences with past attacks. Our contribution is a process model that explains how organizations can practice situation awareness of the cyber-threat landscape and the broad business context in incident response.

中文翻译：

---

组织中的网络安全事件响应：态势感知的探索性案例研究和过程模型

摘要 有组织、复杂且持久的网络威胁参与者对大型、高价值的组织构成了重大挑战。它们能够扰乱和破坏网络基础设施，拒绝组织访问 IT 服务，并窃取敏感信息，包括知识产权、商业机密和客户数据。过去的研究表明，态势感知对于有效响应至关重要。然而，大多数研究都集中在技术视角，而对实践视角的关注相对较少。因此，我们对一家领先的金融组织进行了深入的案例研究，该组织拥有资源丰富且成熟的事件响应能力，该能力随着过去攻击的经验而发展。