Paper Number

2554

Paper Type

short

Description

Cloud computing has become an integral part of modern corporate IT infrastructures. However, conventional IT-security measures cannot cope with its specific technical needs resulting from complexity, virtualization, or multi-tenancy as well as the need for holistic security approaches incorporating both technological and organizational perspectives on security. Security Chaos Engineering (SCE) constitutes a promising approach to overcome these shortcomings. Unfortunately, existing literature focuses on technical aspects of SCE and neglects the organizational perspective, i.e., which organizational success factors need to be addressed for a successful implementation. To close this gap, we conducted an interview study following the approach of Gioia et al. (2013) and identified seven success factors related to goals, social structure, participants, and technology within a company following Scott (1981). Furthermore, we found that these organizational success factors are not only the basis for the introduction of SCE but represent common requirements for holistic security approaches in general, too.

Comments

06-Security

Share

COinS
 
Dec 11th, 12:00 AM

From Observing to Understanding: Empirical Insights on the Organizational Foundations of Security Chaos Engineering

Cloud computing has become an integral part of modern corporate IT infrastructures. However, conventional IT-security measures cannot cope with its specific technical needs resulting from complexity, virtualization, or multi-tenancy as well as the need for holistic security approaches incorporating both technological and organizational perspectives on security. Security Chaos Engineering (SCE) constitutes a promising approach to overcome these shortcomings. Unfortunately, existing literature focuses on technical aspects of SCE and neglects the organizational perspective, i.e., which organizational success factors need to be addressed for a successful implementation. To close this gap, we conducted an interview study following the approach of Gioia et al. (2013) and identified seven success factors related to goals, social structure, participants, and technology within a company following Scott (1981). Furthermore, we found that these organizational success factors are not only the basis for the introduction of SCE but represent common requirements for holistic security approaches in general, too.

When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.