Paper Info
Title
Incident response teams in IT operations centers: the T-TOCs model of team functionality.
Abstract
We studied the nature of incident response teams in seven Operations Centers of varying size and types including service providers, a Security Operations Center, a Data Center, and two military training Operations Centers. All responded to incidents by forming teams. We asked: what is the context of incident response work? how can we model incident response work? and what are the implications for tool developers? Activity theory guided our research throughout. Using an ethnographic approach to data collection, we shadowed 129 individuals for a total of 250 h of observations, conducted 38 interviews, and facilitated 11 meetings with executives of Operations Centers. We produced rich descriptions of the work of operators and a model of incident team formation called the Tailor-made Teams in Operations Centers (T-TOCs). We position our results relative to other ethnographic studies and standards in the industry, showing how incident team formation has changed over time. Today's incident response team is ad hoc, i.e., tailor-made to the circumstances, and responsive to changing circumstances. Our model draws parallels between the incident response work of teams and human cognition. We conclude by pointing out that tools for tailor-made teams are in their infancy.
Year
DOI
Venue
2016
10.1007/s10111-016-0374-2
Cognition, Technology & Work
Keywords
Field
DocType
Ethnography of work, IT operations centers, Incident response teams
Information technology operations,Data collection,Parallels,Security operations center,Incident response,Simulation,Knowledge management,Service provider,Engineering,Cognition,Data center
Journal
Volume
Issue
ISSN
18
4
1435-5566
Citations 
PageRank 
References 
0
0.34
12
Authors
3
Name
Order
Citations
PageRank
Judith Brown1464.96
Greenspan, S.241.50
Robert Biddle352845.50