IDEAS home Printed from https://ideas.repec.org/a/bla/jinfst/v71y2020i8p939-953.html
   My bibliography  Save this article

How integration of cyber security management and incident response enables organizational learning

Author

Listed:
  • Atif Ahmad
  • Kevin C. Desouza
  • Sean B. Maynard
  • Humza Naseer
  • Richard L. Baskerville

Abstract

Digital assets of organizations are under constant threat from a wide assortment of nefarious actors. When threats materialize, the consequences can be significant. Most large organizations invest in a dedicated information security management (ISM) function to ensure that digital assets are protected. The ISM function conducts risk assessments, develops strategy, provides policies and training to define roles and guide behavior, and implements technological controls such as firewalls, antivirus, and encryption to restrict unauthorized access. Despite these protective measures, incidents (security breaches) will occur. Alongside the security management function, many organizations also retain an incident response (IR) function to mitigate damage from an attack and promptly restore digital services. However, few organizations integrate and learn from experiences of these functions in an optimal manner that enables them to not only respond to security incidents, but also proactively maneuver the threat environment. In this article we draw on organizational learning theory to develop a conceptual framework that explains how the ISM and IR functions can be better integrated. The strong integration of ISM and IR functions, in turn, creates learning opportunities that lead to organizational security benefits including: increased awareness of security risks, compilation of threat intelligence, removal of flaws in security defenses, evaluation of security defensive logic, and enhanced security response.

Suggested Citation

  • Atif Ahmad & Kevin C. Desouza & Sean B. Maynard & Humza Naseer & Richard L. Baskerville, 2020. "How integration of cyber security management and incident response enables organizational learning," Journal of the Association for Information Science & Technology, Association for Information Science & Technology, vol. 71(8), pages 939-953, August.
    • Handle: RePEc:bla:jinfst:v:71:y:2020:i:8:p:939-953
    DOI: 10.1002/asi.24311
    as

    Download full text from publisher

    File URL: https://doi.org/10.1002/asi.24311
    Download Restriction: no
    File URL: https://libkey.io/10.1002/asi.24311?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    References listed on IDEAS

    as
    1. Marko Pahor & Miha Škerlavaj & Vlado Dimovski, 2007. "The Network Perspective To Organizational Learning — A Comparison Of Two Companies," World Scientific Book Chapters, in: Christian Stary & Franz Barachini & Suliman Hawamdeh (ed.), Knowledge Management Innovation, Technology and Cultures, chapter 6, pages 65-79, World Scientific Publishing Co. Pte. Ltd..
    2. Kevin E. Dow & Gary Hackbarth & Jeffrey Wong, 2013. "Data architectures for an organizational memory information system," Journal of the Association for Information Science & Technology, Association for Information Science & Technology, vol. 64(7), pages 1345-1356, July.
    3. Jaatun, Martin Gilje & Albrechtsen, Eirik & Line, Maria B. & Tøndel, Inger Anne & Longva, Odd Helge, 2009. "A framework for incident response management in the petroleum industry," International Journal of Critical Infrastructure Protection, Elsevier, vol. 2(1), pages 26-37.
    4. E. Dale Thompson & Michelle L. Kaarst‐Brown, 2005. "Sensitive information: A review and research agenda," Journal of the American Society for Information Science and Technology, Association for Information Science & Technology, vol. 56(3), pages 245-257, February.
    5. Marko Pahor & Miha Škerlavaj & Vlado Dimovski, 2008. "Evidence for the network perspective on organizational learning," Journal of the American Society for Information Science and Technology, Association for Information Science & Technology, vol. 59(12), pages 1985-1994, October.
    6. Paul Shrivastava, 1983. "A Typology Of Organizational Learning Systems," Journal of Management Studies, Wiley Blackwell, vol. 20(1), pages 7-28, January.
    7. George P. Huber, 1991. "Organizational Learning: The Contributing Processes and the Literatures," Organization Science, INFORMS, vol. 2(1), pages 88-115, February.
    8. Sveen, Finn Olav & Torres, Jose M. & Sarriegi, Jose M., 2009. "Blind information security strategy," International Journal of Critical Infrastructure Protection, Elsevier, vol. 2(3), pages 95-109.
    9. Kevin E. Dow & Gary Hackbarth & Jeffrey Wong, 2013. "Data architectures for an organizational memory information system," Journal of the American Society for Information Science and Technology, Association for Information Science & Technology, vol. 64(7), pages 1345-1356, July.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Rajan, Rishabh & Rana, Nripendra P. & Parameswar, Nakul & Dhir, Sanjay & Sushil, & Dwivedi, Yogesh K., 2021. "Developing a modified total interpretive structural model (M-TISM) for organizational strategic cybersecurity management," Technological Forecasting and Social Change, Elsevier, vol. 170(C).

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Nachiketa Tripathi & Sonia Nongmaithem, 2007. "Differences in Organizational Learning Processes: A Study of Two Organizations," Management and Labour Studies, XLRI Jamshedpur, School of Business Management & Human Resources, vol. 32(3), pages 301-320, August.
    2. Julien Batac & Olivier de La Villarmois, 2003. "Les Interactions Controle / Apprentissage Organisationnel : Proposition D'Une Grille D'Analyse," Post-Print halshs-00582732, HAL.
    3. Böhling, Kathrin, 2009. "Symbolic knowledge at work: Comitology and learning from experts in European technology policy [Symbolisches Wissen in der europäischen Technologiepolitik: Experten, Lernen und das Ausschusswesen]," Discussion Papers, Research Unit: Global Governance SP IV 2009-301, WZB Berlin Social Science Center.
    4. Tsang, Eric W. K., 2002. "Learning from overseas venturing experience: The case of Chinese family businesses," Journal of Business Venturing, Elsevier, vol. 17(1), pages 21-40, January.
    5. Peter Gordon Roetzel, 2019. "Information overload in the information age: a review of the literature from business administration, business psychology, and related disciplines with a bibliometric approach and framework developmen," Business Research, Springer;German Academic Association for Business Research, vol. 12(2), pages 479-522, December.
    6. Laura Castaldi & Claudio Turi & Clelia Mazzoni & Angela Delli Paoli, 2015. "Antecedents and constituents of alliance management capability: the role of valuable alliance experience and governance mechanisms for learning," Journal of Management & Governance, Springer;Accademia Italiana di Economia Aziendale (AIDEA), vol. 19(4), pages 797-823, November.
    7. Carol X. J. Ou & Robert M. Davison, 2016. "Shaping guanxi networks at work through instant messaging," Journal of the Association for Information Science & Technology, Association for Information Science & Technology, vol. 67(5), pages 1153-1168, May.
    8. Nancy Beauregard & Louise Lemyre & Jacques Barrette, 2015. "The Domains of Organizational Learning Practices: An Agency-Structure Perspective," Societies, MDPI, vol. 5(4), pages 1-21, October.
    9. Agulles, Remei & Prats, Mª Julia, 2011. "Learning in practice: What organizational and management literature can contribute to professional and occupational development," IESE Research Papers D/938, IESE Business School.
    10. Florence Allard-Poesi, 1998. "Representations And Influence Processes In Groups: Towards A Socio-Cognitive Perspective On Cognition In Organization," Post-Print hal-01490579, HAL.
    11. Joanne M. Lye, 2006. "Performance Measurement in the Public Sector: A Clarification and Agenda for Research," Australian Accounting Review, CPA Australia, vol. 16(39), pages 25-33, July.
    12. Chenhall, Robert H., 2005. "Integrative strategic performance measurement systems, strategic alignment of manufacturing, learning and strategic outcomes: an exploratory study," Accounting, Organizations and Society, Elsevier, vol. 30(5), pages 395-422, July.
    13. Eftychia Kessopoulou & Katerina Gotzamani & Styliani Xanthopoulou & George Tsiotras, 2023. "Conceptualizing and Validating a Model for Benchlearning Capability: Results from the Greek Public Sector," Sustainability, MDPI, vol. 15(2), pages 1-17, January.
    14. Siyuan Yu & Yang Zhang & Jin Yu & Xuanzhi Yang & Abbas Mardani, 2021. "The Moderating Impact of Organizational Identity Strength between Strategic Improvisation and Organizational Memory and Their Effects on Competitive Advantage," Sustainability, MDPI, vol. 13(6), pages 1-19, March.
    15. Devaki Rau & Thorvald Haerem, 2010. "Applying an organizational learning perspective to new technology deployment by technological gatekeepers: A theoretical model and key issues for future research," Information Systems Frontiers, Springer, vol. 12(3), pages 287-297, July.
    16. Alexandra Luciana GUȚĂ, 2018. "Organizational learning: cognitive and behavioural changes and implications in higher education institutions," CES Working Papers, Centre for European Studies, Alexandru Ioan Cuza University, vol. 10(2), pages 198-212, August.
    17. Dimitratos, Pavlos & Plakoyiannaki, Emmanuella & Thanos, Ioannis C. & Förbom, Yrjö Kristian, 2014. "The overlooked distinction of multinational enterprise subsidiary learning: Its managerial and entrepreneurial learning modes," International Business Review, Elsevier, vol. 23(1), pages 102-114.
    18. Thakur-Wernz, Pooja & Bruyaka, Olga & Contractor, Farok, 2020. "Antecedents and relative performance of sourcing choices for new product development projects," Technovation, Elsevier, vol. 90.
    19. Joanne Lye & Zahirul Hoque & Lee Parker, 2021. "How do employees learn from performance measures? Evidence from a local government entity," Accounting and Finance, Accounting and Finance Association of Australia and New Zealand, vol. 61(2), pages 3443-3480, June.
    20. Yan (Mandy) Dang & Yulei (Gavin) Zhang & Susan A. Brown & Hsinchun Chen, 2020. "Examining the impacts of mental workload and task-technology fit on user acceptance of the social media search system," Information Systems Frontiers, Springer, vol. 22(3), pages 697-718, June.

    More about this item

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:bla:jinfst:v:71:y:2020:i:8:p:939-953. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Wiley Content Delivery (email available below). General contact details of provider: http://www.asis.org .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.