Paper Number
2554
Paper Type
short
Description
Cloud computing has become an integral part of modern corporate IT infrastructures. However, conventional IT-security measures cannot cope with its specific technical needs resulting from complexity, virtualization, or multi-tenancy as well as the need for holistic security approaches incorporating both technological and organizational perspectives on security. Security Chaos Engineering (SCE) constitutes a promising approach to overcome these shortcomings. Unfortunately, existing literature focuses on technical aspects of SCE and neglects the organizational perspective, i.e., which organizational success factors need to be addressed for a successful implementation. To close this gap, we conducted an interview study following the approach of Gioia et al. (2013) and identified seven success factors related to goals, social structure, participants, and technology within a company following Scott (1981). Furthermore, we found that these organizational success factors are not only the basis for the introduction of SCE but represent common requirements for holistic security approaches in general, too.
Recommended Citation
Strobel, Jacqueline; Weiß, Florian; and Bitzer, Michael, "From Observing to Understanding: Empirical Insights on the Organizational Foundations of Security Chaos Engineering" (2023). ICIS 2023 Proceedings. 10.
https://aisel.aisnet.org/icis2023/cyber_security/cyber_security/10
From Observing to Understanding: Empirical Insights on the Organizational Foundations of Security Chaos Engineering
Cloud computing has become an integral part of modern corporate IT infrastructures. However, conventional IT-security measures cannot cope with its specific technical needs resulting from complexity, virtualization, or multi-tenancy as well as the need for holistic security approaches incorporating both technological and organizational perspectives on security. Security Chaos Engineering (SCE) constitutes a promising approach to overcome these shortcomings. Unfortunately, existing literature focuses on technical aspects of SCE and neglects the organizational perspective, i.e., which organizational success factors need to be addressed for a successful implementation. To close this gap, we conducted an interview study following the approach of Gioia et al. (2013) and identified seven success factors related to goals, social structure, participants, and technology within a company following Scott (1981). Furthermore, we found that these organizational success factors are not only the basis for the introduction of SCE but represent common requirements for holistic security approaches in general, too.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.
Comments
06-Security