Organizational Security Learning from Incident Response

J Webb; A Ahmad; SB Maynard; R Baskerville; G Shanks

Conference Proceedings

Organizational Security Learning from Incident Response

J Webb, A Ahmad, SB Maynard, R Baskerville, G Shanks

Association of Information Systems | Published : 2017

Abstract

The security-related experiences of Incident Response Teams provide Enterprise Information Security Management with a unique opportunity to draw lessons and insights. However, research has shown that there is often inadequate information-sharing between the security and response functions of organizations. In this paper we apply a general theory of organizational learning to interpret findings from a case study of IR practices at a major Australian financial institution, and then propose a learning process model that can be used to bridge IR and ISM functions in organizations. Findings from focus group research carried out for preliminary evaluation of the model are presented, followed by a ..

View full abstract

University of Melbourne Researchers

Sean Maynard Author

Graeme Shanks Author

Atif Ahmad Author

Related Projects (1)

Enhancing information security management through organisational learning

This project aims to help organisations to protect their information resources from complex and evolving information security threats. This ..