Paper Type
Short
Paper Number
PACIS2025-1817
Description
Organizations face increasingly sophisticated cyber threats, yet struggle to operationalize Cyber Threat Intelligence (CTI) within Incident Response (IR) functions. Despite CTI's potential to transform reactive security into proactive defense, significant challenges persist: implementation complexity, overwhelming data volumes, resource constraints, and integration barriers. The discourse remains heavily dominated by technological perspectives, with limited understanding of effective implementation across organizational contexts. This research addresses how organizations can operationalize CTI to support IR. Through comprehensive literature synthesis, a preliminary process model is developed that maps critical stakeholder interactions across the intelligence cycle. The model identifies significant knowledge gaps while providing a socio-technical framework that extends beyond technology-centric approaches. The research contributes a structured framework for CTI practices to support IR functions, addressing the asymmetry between attackers and defenders. Future validation through case studies will refine this model to enhance organizational cybersecurity posture and guide strategic intelligence-driven security transformation in practice.
Recommended Citation
Alsubaie, Mohammed; Ahmad, Atif; and Maynard, Sean B., "How Can Organizations Operationalize CTI Practices to Support Incident Response?" (2025). PACIS 2025 Proceedings. 16.
https://aisel.aisnet.org/pacis2025/security/security/16
How Can Organizations Operationalize CTI Practices to Support Incident Response?
Organizations face increasingly sophisticated cyber threats, yet struggle to operationalize Cyber Threat Intelligence (CTI) within Incident Response (IR) functions. Despite CTI's potential to transform reactive security into proactive defense, significant challenges persist: implementation complexity, overwhelming data volumes, resource constraints, and integration barriers. The discourse remains heavily dominated by technological perspectives, with limited understanding of effective implementation across organizational contexts. This research addresses how organizations can operationalize CTI to support IR. Through comprehensive literature synthesis, a preliminary process model is developed that maps critical stakeholder interactions across the intelligence cycle. The model identifies significant knowledge gaps while providing a socio-technical framework that extends beyond technology-centric approaches. The research contributes a structured framework for CTI practices to support IR functions, addressing the asymmetry between attackers and defenders. Future validation through case studies will refine this model to enhance organizational cybersecurity posture and guide strategic intelligence-driven security transformation in practice.
Comments
Security