Enhancing information security management through organisational learning

Grant number: DP160102277 | Funding period: 2016 - 2020

Completed

Abstract

This project aims to help organisations to protect their information resources from complex and evolving information security threats. This is highly significant for organisations; evidence shows that despite financing information security programs, the incidence of information security breaches is still increasing. To address this issue, the project plans to use a security learning process model which will be refined through a series of action research cycles. The model incorporates security lessons and insights learnt from incidents into routine security practices. By institutionalising lessons learnt from security incidents, organisations may be able to apply more effective and adaptive s..

View full description

Related publications (5)

Scholarly works icon

Cybersecurity Incident Response in Organizations: An Exploratory Case Study and Process Model of Situation Awareness

Atif Ahmad, Sean B Maynard, Kevin C Desouza, James Kotsias, Monica T Whitty, Richard L Baskerville

2021-02-01

Organized, sophisticated and persistent cyber-threat-actors pose a significant challenge to large, high-value organizations. They ..

Scholarly works icon

How integration of cyber security management and incident response enables organizational learning

Atif Ahmad, Kevin C Desouza, Sean B Maynard, Humza Naseer, Richard L Baskerville

2020-08-01

Digital assets of organizations are under constant threat from a wide assortment of nefarious actors. When threats materialize, th..

Scholarly works icon

Strategically-motivated advanced persistent threat: Definition, process, tactics and a disinformation model of counterattack

Atif Ahmad, Jeb Webb, Kevin C Desouza, James Boorman

2019-09-01

Advanced persistent threat (APT) is widely acknowledged to be the most sophisticated and potent class of security threat. APT refe..

Scholarly works icon

Cybersecurity Risk Management Using Analytics: A Dynamic Capabilities Approach

Humza Naseer, A Ahmad, Sean Maynard, Graeme Shanks

2018-01-01

The modern enterprise uses risk-driven and control-centered security management systems to protect information resources and susta..

Scholarly works icon

Organizational Security Learning from Incident Response

J Webb, A Ahmad, SB Maynard, R Baskerville, G Shanks

2017-01-01

The security-related experiences of Incident Response Teams provide Enterprise Information Security Management with a unique oppor..