Incident-centered information security: Managing a strategic balance between prevention and response

Incident-centered information security: Managing a strategic balance between prevention and response

Information security strategies employ principles and practices grounded in both the prevention andresponse paradigms. The prevention paradigm aims at managing predicted threats. Although theprevention paradigm may dominate in contemporary commercial organizations, the response paradigm (aimed at ma...

Full description

Bibliographic Details
Main Authors: Baskerville, Richard, Spagnoletti, P., Kim, J.
Format: Journal Article
Published: Elsevier 2014
Subjects:
ase study
Incident-centered analysis
Information security management
Response paradigm
Prevention paradigm
Security balance
Online Access:http://hdl.handle.net/20.500.11937/42670
Description
Summary:Information security strategies employ principles and practices grounded in both the prevention andresponse paradigms. The prevention paradigm aims at managing predicted threats. Although theprevention paradigm may dominate in contemporary commercial organizations, the response paradigm (aimed at managing unpredicted threats) retains an important role in protecting information security in today’s dynamic threat environment. This study provides an overarching security framework that focuses on managing the proper balance between prevention and response paradigms. We conduct a comparative case study with three European organizations. This study analyzes and empirically confirms how and why organizations balance between their prevention and response strategies.

Similar Items