How integration of cyber security management and incident response enables organizational learning

How integration of cyber security management and incident response enables organizational learning

Digital assets of organizations are under constant threat from a wide assortment of nefarious actors. When threats materialize, the consequences can be significant. Most large organizations invest in a dedicated information security management (ISM) function to ensure that digital assets are protect...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Journal of the American Society for Information Science and Technology 2020-08, Vol.71 (8), p.939-953
Hauptverfasser: Ahmad, Atif, Desouza, Kevin C., Maynard, Sean B., Naseer, Humza, Baskerville, Richard L.
Format: Artikel
Sprache:eng
Schlagworte:
Cybersecurity
Encryption
Firewalls
Information management
Information Security
Intelligence gathering
Learning theories
Learning theory
Organizational aspects
Organizational learning
Organizations
Risk assessment
Security management
Service restoration
Threat evaluation
Verbal aggression
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 953
container_issue 8
container_start_page 939
container_title Journal of the American Society for Information Science and Technology
container_volume 71
creator Ahmad, Atif
Desouza, Kevin C.
Maynard, Sean B.
Naseer, Humza
Baskerville, Richard L.
description Digital assets of organizations are under constant threat from a wide assortment of nefarious actors. When threats materialize, the consequences can be significant. Most large organizations invest in a dedicated information security management (ISM) function to ensure that digital assets are protected. The ISM function conducts risk assessments, develops strategy, provides policies and training to define roles and guide behavior, and implements technological controls such as firewalls, antivirus, and encryption to restrict unauthorized access. Despite these protective measures, incidents (security breaches) will occur. Alongside the security management function, many organizations also retain an incident response (IR) function to mitigate damage from an attack and promptly restore digital services. However, few organizations integrate and learn from experiences of these functions in an optimal manner that enables them to not only respond to security incidents, but also proactively maneuver the threat environment. In this article we draw on organizational learning theory to develop a conceptual framework that explains how the ISM and IR functions can be better integrated. The strong integration of ISM and IR functions, in turn, creates learning opportunities that lead to organizational security benefits including: increased awareness of security risks, compilation of threat intelligence, removal of flaws in security defenses, evaluation of security defensive logic, and enhanced security response.
doi_str_mv 10.1002/asi.24311
format Article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2420656984</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2420656984</sourcerecordid><originalsourceid>FETCH-LOGICAL-c3801-c6263b63e991dc71d03f8b4698f45e02c646f93a54a9d87fa1a8121fefaf562a3</originalsourceid><addsrcrecordid>eNp1kE1Lw0AQhoMoWGoP_oMFTx7S7le2ybEUtYWCB_UcJpvZsCXdrbspJf56UyPePM0MPO_L8CTJPaNzRilfQLRzLgVjV8mEC0FTpqS4_ttFdpvMYtxTShkt8oyzSVJt_JlY12EToLPeEW-I7isMJKI-Bdv15AAOGjyg6wi4eoC1rS9HwHj0LiJBB1WLkfjQgLNfPz3QkhYhOOuau-TGQBtx9junycfz0_t6k-5eX7br1S7VIqcs1YorUSmBRcFqvWQ1FSavpCpyIzOkXCupTCEgk1DU-dIAg5xxZtCAyRQHMU0ext5j8J8njF2596cwfBJLLjlV2VAlB-pxpHTwMQY05THYA4S-ZLS8WCwHi-WPxYFdjOzZttj_D5art-2Y-AZmcHSA</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2420656984</pqid></control><display><type>article</type><title>How integration of cyber security management and incident response enables organizational learning</title><source>Business Source Complete</source><source>Wiley Online Library All Journals</source><creator>Ahmad, Atif ; Desouza, Kevin C. ; Maynard, Sean B. ; Naseer, Humza ; Baskerville, Richard L.</creator><creatorcontrib>Ahmad, Atif ; Desouza, Kevin C. ; Maynard, Sean B. ; Naseer, Humza ; Baskerville, Richard L.</creatorcontrib><description>Digital assets of organizations are under constant threat from a wide assortment of nefarious actors. When threats materialize, the consequences can be significant. Most large organizations invest in a dedicated information security management (ISM) function to ensure that digital assets are protected. The ISM function conducts risk assessments, develops strategy, provides policies and training to define roles and guide behavior, and implements technological controls such as firewalls, antivirus, and encryption to restrict unauthorized access. Despite these protective measures, incidents (security breaches) will occur. Alongside the security management function, many organizations also retain an incident response (IR) function to mitigate damage from an attack and promptly restore digital services. However, few organizations integrate and learn from experiences of these functions in an optimal manner that enables them to not only respond to security incidents, but also proactively maneuver the threat environment. In this article we draw on organizational learning theory to develop a conceptual framework that explains how the ISM and IR functions can be better integrated. The strong integration of ISM and IR functions, in turn, creates learning opportunities that lead to organizational security benefits including: increased awareness of security risks, compilation of threat intelligence, removal of flaws in security defenses, evaluation of security defensive logic, and enhanced security response.</description><identifier>ISSN: 2330-1635</identifier><identifier>EISSN: 2330-1643</identifier><identifier>DOI: 10.1002/asi.24311</identifier><language>eng</language><publisher>Hoboken, USA: John Wiley &amp; Sons, Inc</publisher><subject>Cybersecurity ; Encryption ; Firewalls ; Information management ; Information Security ; Intelligence gathering ; Learning theories ; Learning theory ; Organizational aspects ; Organizational learning ; Organizations ; Risk assessment ; Security management ; Service restoration ; Threat evaluation ; Verbal aggression</subject><ispartof>Journal of the American Society for Information Science and Technology, 2020-08, Vol.71 (8), p.939-953</ispartof><rights>2019 ASIS&amp;T</rights><rights>2020 ASIS&amp;T</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c3801-c6263b63e991dc71d03f8b4698f45e02c646f93a54a9d87fa1a8121fefaf562a3</citedby><cites>FETCH-LOGICAL-c3801-c6263b63e991dc71d03f8b4698f45e02c646f93a54a9d87fa1a8121fefaf562a3</cites><orcidid>0000-0003-2044-8163</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktopdf>$$Uhttps://onlinelibrary.wiley.com/doi/pdf/10.1002%2Fasi.24311$$EPDF$$P50$$Gwiley$$H</linktopdf><linktohtml>$$Uhttps://onlinelibrary.wiley.com/doi/full/10.1002%2Fasi.24311$$EHTML$$P50$$Gwiley$$H</linktohtml><link.rule.ids>314,780,784,1416,27923,27924,45573,45574</link.rule.ids></links><search><creatorcontrib>Ahmad, Atif</creatorcontrib><creatorcontrib>Desouza, Kevin C.</creatorcontrib><creatorcontrib>Maynard, Sean B.</creatorcontrib><creatorcontrib>Naseer, Humza</creatorcontrib><creatorcontrib>Baskerville, Richard L.</creatorcontrib><title>How integration of cyber security management and incident response enables organizational learning</title><title>Journal of the American Society for Information Science and Technology</title><description>Digital assets of organizations are under constant threat from a wide assortment of nefarious actors. When threats materialize, the consequences can be significant. Most large organizations invest in a dedicated information security management (ISM) function to ensure that digital assets are protected. The ISM function conducts risk assessments, develops strategy, provides policies and training to define roles and guide behavior, and implements technological controls such as firewalls, antivirus, and encryption to restrict unauthorized access. Despite these protective measures, incidents (security breaches) will occur. Alongside the security management function, many organizations also retain an incident response (IR) function to mitigate damage from an attack and promptly restore digital services. However, few organizations integrate and learn from experiences of these functions in an optimal manner that enables them to not only respond to security incidents, but also proactively maneuver the threat environment. In this article we draw on organizational learning theory to develop a conceptual framework that explains how the ISM and IR functions can be better integrated. The strong integration of ISM and IR functions, in turn, creates learning opportunities that lead to organizational security benefits including: increased awareness of security risks, compilation of threat intelligence, removal of flaws in security defenses, evaluation of security defensive logic, and enhanced security response.</description><subject>Cybersecurity</subject><subject>Encryption</subject><subject>Firewalls</subject><subject>Information management</subject><subject>Information Security</subject><subject>Intelligence gathering</subject><subject>Learning theories</subject><subject>Learning theory</subject><subject>Organizational aspects</subject><subject>Organizational learning</subject><subject>Organizations</subject><subject>Risk assessment</subject><subject>Security management</subject><subject>Service restoration</subject><subject>Threat evaluation</subject><subject>Verbal aggression</subject><issn>2330-1635</issn><issn>2330-1643</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2020</creationdate><recordtype>article</recordtype><recordid>eNp1kE1Lw0AQhoMoWGoP_oMFTx7S7le2ybEUtYWCB_UcJpvZsCXdrbspJf56UyPePM0MPO_L8CTJPaNzRilfQLRzLgVjV8mEC0FTpqS4_ttFdpvMYtxTShkt8oyzSVJt_JlY12EToLPeEW-I7isMJKI-Bdv15AAOGjyg6wi4eoC1rS9HwHj0LiJBB1WLkfjQgLNfPz3QkhYhOOuau-TGQBtx9junycfz0_t6k-5eX7br1S7VIqcs1YorUSmBRcFqvWQ1FSavpCpyIzOkXCupTCEgk1DU-dIAg5xxZtCAyRQHMU0ext5j8J8njF2596cwfBJLLjlV2VAlB-pxpHTwMQY05THYA4S-ZLS8WCwHi-WPxYFdjOzZttj_D5art-2Y-AZmcHSA</recordid><startdate>202008</startdate><enddate>202008</enddate><creator>Ahmad, Atif</creator><creator>Desouza, Kevin C.</creator><creator>Maynard, Sean B.</creator><creator>Naseer, Humza</creator><creator>Baskerville, Richard L.</creator><general>John Wiley &amp; Sons, Inc</general><general>Wiley Periodicals Inc</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>E3H</scope><scope>F2A</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><orcidid>https://orcid.org/0000-0003-2044-8163</orcidid></search><sort><creationdate>202008</creationdate><title>How integration of cyber security management and incident response enables organizational learning</title><author>Ahmad, Atif ; Desouza, Kevin C. ; Maynard, Sean B. ; Naseer, Humza ; Baskerville, Richard L.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c3801-c6263b63e991dc71d03f8b4698f45e02c646f93a54a9d87fa1a8121fefaf562a3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2020</creationdate><topic>Cybersecurity</topic><topic>Encryption</topic><topic>Firewalls</topic><topic>Information management</topic><topic>Information Security</topic><topic>Intelligence gathering</topic><topic>Learning theories</topic><topic>Learning theory</topic><topic>Organizational aspects</topic><topic>Organizational learning</topic><topic>Organizations</topic><topic>Risk assessment</topic><topic>Security management</topic><topic>Service restoration</topic><topic>Threat evaluation</topic><topic>Verbal aggression</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Ahmad, Atif</creatorcontrib><creatorcontrib>Desouza, Kevin C.</creatorcontrib><creatorcontrib>Maynard, Sean B.</creatorcontrib><creatorcontrib>Naseer, Humza</creatorcontrib><creatorcontrib>Baskerville, Richard L.</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>Library &amp; Information Sciences Abstracts (LISA)</collection><collection>Library &amp; Information Science Abstracts (LISA)</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>Journal of the American Society for Information Science and Technology</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Ahmad, Atif</au><au>Desouza, Kevin C.</au><au>Maynard, Sean B.</au><au>Naseer, Humza</au><au>Baskerville, Richard L.</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>How integration of cyber security management and incident response enables organizational learning</atitle><jtitle>Journal of the American Society for Information Science and Technology</jtitle><date>2020-08</date><risdate>2020</risdate><volume>71</volume><issue>8</issue><spage>939</spage><epage>953</epage><pages>939-953</pages><issn>2330-1635</issn><eissn>2330-1643</eissn><abstract>Digital assets of organizations are under constant threat from a wide assortment of nefarious actors. When threats materialize, the consequences can be significant. Most large organizations invest in a dedicated information security management (ISM) function to ensure that digital assets are protected. The ISM function conducts risk assessments, develops strategy, provides policies and training to define roles and guide behavior, and implements technological controls such as firewalls, antivirus, and encryption to restrict unauthorized access. Despite these protective measures, incidents (security breaches) will occur. Alongside the security management function, many organizations also retain an incident response (IR) function to mitigate damage from an attack and promptly restore digital services. However, few organizations integrate and learn from experiences of these functions in an optimal manner that enables them to not only respond to security incidents, but also proactively maneuver the threat environment. In this article we draw on organizational learning theory to develop a conceptual framework that explains how the ISM and IR functions can be better integrated. The strong integration of ISM and IR functions, in turn, creates learning opportunities that lead to organizational security benefits including: increased awareness of security risks, compilation of threat intelligence, removal of flaws in security defenses, evaluation of security defensive logic, and enhanced security response.</abstract><cop>Hoboken, USA</cop><pub>John Wiley &amp; Sons, Inc</pub><doi>10.1002/asi.24311</doi><tpages>15</tpages><orcidid>https://orcid.org/0000-0003-2044-8163</orcidid><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 2330-1635
ispartof Journal of the American Society for Information Science and Technology, 2020-08, Vol.71 (8), p.939-953
issn 2330-1635
2330-1643
language eng
recordid cdi_proquest_journals_2420656984
source Business Source Complete; Wiley Online Library All Journals
subjects Cybersecurity
Encryption
Firewalls
Information management
Information Security
Intelligence gathering
Learning theories
Learning theory
Organizational aspects
Organizational learning
Organizations
Risk assessment
Security management
Service restoration
Threat evaluation
Verbal aggression
title How integration of cyber security management and incident response enables organizational learning
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-11T09%3A57%3A20IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=How%20integration%20of%20cyber%20security%20management%20and%20incident%20response%20enables%20organizational%20learning&rft.jtitle=Journal%20of%20the%20American%20Society%20for%20Information%20Science%20and%20Technology&rft.au=Ahmad,%20Atif&rft.date=2020-08&rft.volume=71&rft.issue=8&rft.spage=939&rft.epage=953&rft.pages=939-953&rft.issn=2330-1635&rft.eissn=2330-1643&rft_id=info:doi/10.1002/asi.24311&rft_dat=%3Cproquest_cross%3E2420656984%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2420656984&rft_id=info:pmid/&rfr_iscdi=true