Cyber-security, Privacy, Legal and Ethical Issues in IS
Loading...
Paper Type
short
Paper Number
1210
Description
Organized, sophisticated and persistent cyber-threat agents pose a significant challenge to large high-value organizations. They are capable of disrupting and destroying cyber infrastructures, denying organizations access to their own IT services, and stealing sensitive information including intellectual property, trade secrets and customer data. Past research reveals that the recommended prevailing processes and practices of incident response (IR) are inadequate in addressing such attacks as they lack sufficient ‘situation awareness’ of the cyber-threat landscape and the broad business context. We therefore draw on situation awareness theory to interpret case study findings from a leading financial organization with a well-resourced and mature incident response capability that has evolved as a result of experiences from past attacks. We subsequently propose a generalized process model that explains how situation-awareness can be practiced in cybersecurity incident response.
Recommended Citation
Ahmad, Atif; Desouza, Kevin; Maynard, Sean B.; Whitty, Monica; Kotsias, James; and Baskerville, Richard, "Situation-Awareness in Incident Response: An In-depth Case Study and Process Model" (2020). ICIS 2020 Proceedings. 1.
https://aisel.aisnet.org/icis2020/cyber_security_privacy/cyber_security_privacy/1
Situation-Awareness in Incident Response: An In-depth Case Study and Process Model
Organized, sophisticated and persistent cyber-threat agents pose a significant challenge to large high-value organizations. They are capable of disrupting and destroying cyber infrastructures, denying organizations access to their own IT services, and stealing sensitive information including intellectual property, trade secrets and customer data. Past research reveals that the recommended prevailing processes and practices of incident response (IR) are inadequate in addressing such attacks as they lack sufficient ‘situation awareness’ of the cyber-threat landscape and the broad business context. We therefore draw on situation awareness theory to interpret case study findings from a leading financial organization with a well-resourced and mature incident response capability that has evolved as a result of experiences from past attacks. We subsequently propose a generalized process model that explains how situation-awareness can be practiced in cybersecurity incident response.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.