Abstract
Despite increasing data breach vulnerabilities, we know little about how organizations effectively identify and manage data breach incidents. To address this void, we conceptualize data breach risks and resolutions by drawing on risk management theory and a literature review. We conceptualize three areas of data breach risks (data breach cause, data breach locus, and data breach impact) and three forms of data breach resolutions (prevention, containment, and recovery) with detailed instances of each. As such, we provide a theoretical foundation for researchers to develop different types of risk management models in the context of data breaches. In addition, it provides insights for how practitioners can orchestrate actions for effective data breach management based on comprehensive profiles of risk items and resolution techniques.
Recommended Citation
Khan, Freeha S.; Kim, Jung Hwan; Moore, Robin L.; and Mathiassen, Lars, "Data Breach Risks and Resolutions: A Literature Synthesis" (2019). AMCIS 2019 Proceedings. 14.
https://aisel.aisnet.org/amcis2019/info_security_privacy/info_security_privacy/14
Data Breach Risks and Resolutions: A Literature Synthesis
Despite increasing data breach vulnerabilities, we know little about how organizations effectively identify and manage data breach incidents. To address this void, we conceptualize data breach risks and resolutions by drawing on risk management theory and a literature review. We conceptualize three areas of data breach risks (data breach cause, data breach locus, and data breach impact) and three forms of data breach resolutions (prevention, containment, and recovery) with detailed instances of each. As such, we provide a theoretical foundation for researchers to develop different types of risk management models in the context of data breaches. In addition, it provides insights for how practitioners can orchestrate actions for effective data breach management based on comprehensive profiles of risk items and resolution techniques.