TY - JOUR
T1 - How can organizations develop situation awareness for incident response
T2 - a case study of management practice
AU - Ahmad, Atif
AU - Maynard, Sean B.
AU - Desouza, Kevin C.
AU - Kotsias, James
AU - Whitty, Monica T.
AU - Baskerville, Richard L.
N1 - Funding Information:
This work is supported by the Australian Research Council through the Discovery Projects scheme ( DP160102277 ) “Enhancing Information Security Management through Organizational Learning”.
Publisher Copyright:
© 2020
PY - 2021/2
Y1 - 2021/2
N2 - Organized, sophisticated and persistent cyber-threat-actors pose a significant challenge to large, high-value organizations. They are capable of disrupting and destroying cyber infrastructures, denying organizations access to IT services, and stealing sensitive information including intellectual property, trade secrets and customer data. Past research points to Situation Awareness as critical to effective response. However, most research has focused on the technological perspective with comparatively less focus on the practice perspective. We therefore present an in-depth case study of a leading financial organization with a well-resourced and mature incident response capability that has evolved as a result of experiences with past attacks. Our contribution is a process model that explains how organizations can practice situation awareness of the cyber-threat landscape and the broad business context in incident response.
AB - Organized, sophisticated and persistent cyber-threat-actors pose a significant challenge to large, high-value organizations. They are capable of disrupting and destroying cyber infrastructures, denying organizations access to IT services, and stealing sensitive information including intellectual property, trade secrets and customer data. Past research points to Situation Awareness as critical to effective response. However, most research has focused on the technological perspective with comparatively less focus on the practice perspective. We therefore present an in-depth case study of a leading financial organization with a well-resourced and mature incident response capability that has evolved as a result of experiences with past attacks. Our contribution is a process model that explains how organizations can practice situation awareness of the cyber-threat landscape and the broad business context in incident response.
KW - Case study
KW - Cybersecurity
KW - Cybersecurity management
KW - Incident response
KW - Information security management
KW - Process model
KW - Situation awareness
UR - http://www.scopus.com/inward/record.url?scp=85097328522&partnerID=8YFLogxK
U2 - 10.1016/j.cose.2020.102122
DO - 10.1016/j.cose.2020.102122
M3 - Article
AN - SCOPUS:85097328522
SN - 0167-4048
VL - 101
JO - Computers and Security
JF - Computers and Security
M1 - 102122
ER -