Incident-centered information security: Managing a strategic balance between prevention and response
نویسندگان
چکیده
Information security strategies employ principles and practices grounded in both the prevention and response paradigms. The prevention paradigm aims at managing predicted threats. Although the prevention paradigm may dominate in contemporary commercial organizations, the response paradigm (aimed at managing unpredicted threats) retains an important role in protecting information security in today’s dynamic threat environment. This study provides an overarching security framework that focuses on managing the proper balance between prevention and response paradigms. We conduct a comparative case study with three European organizations. This study analyzes and empirically confirms how and why organizations balance between their prevention and response strategies. 2013 Elsevier B.V. All rights reserved.
منابع مشابه
Cognitive Strategic Model applied to a Port System
Port organizations have focused their efforts on physical or tangible assets, generating profitability and value. However, it is recognized that the greatest sustainable competitive advantage is the creation of knowledge using the intangible assets of the organization. The Balanced ScoreCard, as a performance tool, has incorporated intangible assets such as intellectual, structural and social c...
متن کاملPediatric Mass Casualty Incident: A Real Crisis Mandating Inter-Disciplinary Coordination, Considering Ethical Issues
Interdisciplinary coordination of the director of crisis committee with emergency and other department's staff, financial support team, public relations, rehabilitation team,and police are required to successfully manage mass casualty incidents (MCIs). Prevention, staff training, equipment availability, clear-cut responsibilities and predicting all requirements are crucial aspects to be prepare...
متن کاملIncident response teams - Challenges in supporting the organisational security function
Incident response is a critical security function in organisations that aims to manage incidents in a timely and cost-effective manner. This research was motivated by previous case studies that suggested that the practice of incident response frequently did not result in the improvement of strategic security processes such as policy development and risk assessment. An exploratory in-depth case ...
متن کاملSearching for Preventive-Corrective Security Balance
Organizations are becoming more aware about the importance of economic, financial and risk management aspects of information system security. As a result, the balance between preventive and corrective security strategies must be studied. We understand Preventive Security as the ability of organizations to avoid the impact of an incident and Corrective Security as the ability of the firm to reco...
متن کاملExpert opinions on information security governance factors: an exploratory study
Information Security Governance (ISG) is an important discipline that addresses information security at a strategic level providing strategic direction, optimized use of information resources and proper security incident management. ISG and the impact of poor security incident management have attracted much attention in the literature but unfortunately there is little empirical evidence regardi...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- Information & Management
دوره 51 شماره
صفحات -
تاریخ انتشار 2014