Loading...

Media is loading
 

Paper Type

Complete

Abstract

To date, research on incident response has predominantly focused on system resilience in terms of recovery mechanisms, falling short of discussing how systems improve post-disruption. This work offers a novel conceptual investigation into systems that improve because of disruption experienced within the cybersecurity context – antifragile systems. Chaos engineering represents a prominent method for resilience engineering, accomplished by exposing systems to short-term stressors in a controlled environment to establish long-term sustainability. This paper contributes to the cybersecurity incident response literature by reframing how resilient systems are defined. The main contribution is the Resilient Systems Model, defining five system classifications: fragile, reliable, robust, recovery, and antifragile. This is necessary as these systems are oftentimes incorrectly defined and applied in an inconsistent manner. Organizational systems must strive to be as close to the top of the model as possible – fostering anticipatory practices, system improvement, and controlled experiments that stimulate learning.

Paper Number

1666

Author Connect URL

https://authorconnect.aisnet.org/conferences/AMCIS2024/papers/1666

Comments

SIGSEC

Author Connect Link

Share

COinS
 
Aug 16th, 12:00 AM

Cybersecurity in the Age of Uncertainty: A Call for Resilient and Antifragile Systems

To date, research on incident response has predominantly focused on system resilience in terms of recovery mechanisms, falling short of discussing how systems improve post-disruption. This work offers a novel conceptual investigation into systems that improve because of disruption experienced within the cybersecurity context – antifragile systems. Chaos engineering represents a prominent method for resilience engineering, accomplished by exposing systems to short-term stressors in a controlled environment to establish long-term sustainability. This paper contributes to the cybersecurity incident response literature by reframing how resilient systems are defined. The main contribution is the Resilient Systems Model, defining five system classifications: fragile, reliable, robust, recovery, and antifragile. This is necessary as these systems are oftentimes incorrectly defined and applied in an inconsistent manner. Organizational systems must strive to be as close to the top of the model as possible – fostering anticipatory practices, system improvement, and controlled experiments that stimulate learning.

When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.