Emerald Login
   

Welcome guest

Article Request:
Developing expertise for network intrusion detection

Article Information:

Title:

Developing expertise for network intrusion detection

Author(s):

John R. Goodall, Wayne G. Lutters, Anita Komlodi

Journal:

Information Technology & People

Year:

2009

Volume:

22

Issue:

2

Page:

92 - 108


ISSN:

0959-3845


DOI:

10.1108/09593840910962186

Publisher:

Emerald Group Publishing Limited

Document Access:

Existing customers:

Please login above.

Purchase this document:
Price payable: GBP £13.00
plus handling charge of GBP £1.50 and VAT where applicable.
Purchase

Request this document:
Print or e-mail a document request to your librarian.
Request

Reprints & permissions:
Image: Rightslink Request

Abstract:

Purpose – The paper seeks to provide a foundational understanding of the socio-technical system that is computer network intrusion detection, including the nature of the knowledge work, situated expertise, and processes of learning as supported by information technology.

Design/methodology/approach – The authors conducted a field study to explore the work of computer network intrusion detection using multiple data collection methods, including semi-structured interviews, examination of security tools and resources, analysis of information security mailing list posts, and attendance at several domain-specific user group meetings.

Findings – The work practice of intrusion detection analysts involves both domain expertise of networking and security and a high degree of situated expertise and problem-solving activities that are not predefined and evolve with the dynamically changing context of the analyst's environment. This paper highlights the learning process needed to acquire these two types of knowledge, contrasting this work practice with that of computer systems administrators.

Research limitations/implications – The research establishes a baseline for future research into the domain and practice of intrusion detection, and, more broadly, information security.

Practical implications – The results presented here provide a critical examination of current security practices that will be useful to developers of intrusion detection support tools, information security training programs, information security management, and for practitioners themselves.

Originality/value – There has been no research examining the work or expertise development processes specific to the increasingly important information security practice of intrusion detection. The paper provides a foundation for future research into understanding this highly complex, dynamic work.

Keywords:

Computer networks, Data security, Working practices


Article Type:

Research paper


Article URL:

http://www.emeraldinsight.com/10.1108/09593840910962186

Top