A case analysis of information systems and security incident responses

Our case analysis presents and identifies significant and systemic shortcomings of the incident response practices of an Australian financial organization. Organizational Incident Response Teams accumulate considerable experience in addressing information security failures and attacks. Their first-h...

Full description

Saved in:
Bibliographic Details
Published in:International journal of information management 2015-12, Vol.35 (6), p.717-723
Main Authors: Ahmad, Atif, Maynard, Sean B, Shanks, Graeme
Format: Article
Language:English
Subjects:
Australia
Computer information security
Cooperation
Data integrity
Incident Response Teams
Information management
Information Security Management
Information systems
Learning
Management
Mathematical models
Organizational learning
Organizations
Security learning
Security management
Studies
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Our case analysis presents and identifies significant and systemic shortcomings of the incident response practices of an Australian financial organization. Organizational Incident Response Teams accumulate considerable experience in addressing information security failures and attacks. Their first-hand experiences provide organizations with a unique opportunity to draw security lessons and insights towards improving enterprise-wide security management processes. However, previous research shows a distinct lack of communication and collaboration between the functions of incident response and security management, suggesting organizations are not learning from their incident experiences. We subsequently propose a number of lessons learned and a novel security-learning model.
ISSN:0268-4012
1873-4707
DOI:10.1016/j.ijinfomgt.2015.08.001