Paper Type
Short
Paper Number
PACIS2025-1189
Description
Despite increased cybersecurity awareness and investments in preventive controls, organizations remain vulnerable to cybersecurity incidents driven by increasingly sophisticated threats, such as Advanced Persistent Threats and AI-powered attacks. To navigate the evolving threat landscape, organizations should establish Incident Response (IR) management and develop strategies for it. However, existing IR research predominantly focuses on operational-level processes, people, and technologies, often neglecting the strategy that underpins the entire IR function. In this research-in-progress paper, we utilize the Activity theory and Strategy-as-Practice research to develop a practice-oriented framework that explains how strategic IR praxis emerges from organizational activities. This shifts IR strategy development toward practice-oriented frameworks, emphasizing the IR activity system (IR Practitioners, IR Artefacts, IR Practices, Organizational Context, Collective Structure and Cyber IR), IR outcome, and Strategic IR Praxis, rather than conventionally prioritizing performance metrics. The framework also provides a basis for future empirical work including case studies and focus groups.
Recommended Citation
Li, Jian, "Strategic Cybersecurity Incident Response: A Practice-Oriented Framework Using Activity Theory and Strategy-as-Practice" (2025). PACIS 2025 Proceedings. 5.
https://aisel.aisnet.org/pacis2025/is_praction/is_praction/5
Strategic Cybersecurity Incident Response: A Practice-Oriented Framework Using Activity Theory and Strategy-as-Practice
Despite increased cybersecurity awareness and investments in preventive controls, organizations remain vulnerable to cybersecurity incidents driven by increasingly sophisticated threats, such as Advanced Persistent Threats and AI-powered attacks. To navigate the evolving threat landscape, organizations should establish Incident Response (IR) management and develop strategies for it. However, existing IR research predominantly focuses on operational-level processes, people, and technologies, often neglecting the strategy that underpins the entire IR function. In this research-in-progress paper, we utilize the Activity theory and Strategy-as-Practice research to develop a practice-oriented framework that explains how strategic IR praxis emerges from organizational activities. This shifts IR strategy development toward practice-oriented frameworks, emphasizing the IR activity system (IR Practitioners, IR Artefacts, IR Practices, Organizational Context, Collective Structure and Cyber IR), IR outcome, and Strategic IR Praxis, rather than conventionally prioritizing performance metrics. The framework also provides a basis for future empirical work including case studies and focus groups.
Comments
Practitioner