Incident-centered information security: Managing a strategic balance between prevention and response
Information security strategies employ principles and practices grounded in both the prevention andresponse paradigms. The prevention paradigm aims at managing predicted threats. Although theprevention paradigm may dominate in contemporary commercial organizations, the response paradigm (aimed at ma...
| Main Authors: | , , |
|---|---|
| Format: | Journal Article |
| Published: |
Elsevier
2014
|
| Subjects: | |
| Online Access: | http://hdl.handle.net/20.500.11937/42670 |
| _version_ | 1848756484742053888 |
|---|---|
| author | Baskerville, Richard Spagnoletti, P. Kim, J. |
| author_facet | Baskerville, Richard Spagnoletti, P. Kim, J. |
| author_sort | Baskerville, Richard |
| building | Curtin Institutional Repository |
| collection | Online Access |
| description | Information security strategies employ principles and practices grounded in both the prevention andresponse paradigms. The prevention paradigm aims at managing predicted threats. Although theprevention paradigm may dominate in contemporary commercial organizations, the response paradigm (aimed at managing unpredicted threats) retains an important role in protecting information security in today’s dynamic threat environment. This study provides an overarching security framework that focuses on managing the proper balance between prevention and response paradigms. We conduct a comparative case study with three European organizations. This study analyzes and empirically confirms how and why organizations balance between their prevention and response strategies. |
| first_indexed | 2025-11-14T09:12:56Z |
| format | Journal Article |
| id | curtin-20.500.11937-42670 |
| institution | Curtin University Malaysia |
| institution_category | Local University |
| last_indexed | 2025-11-14T09:12:56Z |
| publishDate | 2014 |
| publisher | Elsevier |
| recordtype | eprints |
| repository_type | Digital Repository |
| spelling | curtin-20.500.11937-426702017-09-13T14:24:48Z Incident-centered information security: Managing a strategic balance between prevention and response Baskerville, Richard Spagnoletti, P. Kim, J. ase study Incident-centered analysis Information security management Response paradigm Prevention paradigm Security balance Information security strategies employ principles and practices grounded in both the prevention andresponse paradigms. The prevention paradigm aims at managing predicted threats. Although theprevention paradigm may dominate in contemporary commercial organizations, the response paradigm (aimed at managing unpredicted threats) retains an important role in protecting information security in today’s dynamic threat environment. This study provides an overarching security framework that focuses on managing the proper balance between prevention and response paradigms. We conduct a comparative case study with three European organizations. This study analyzes and empirically confirms how and why organizations balance between their prevention and response strategies. 2014 Journal Article http://hdl.handle.net/20.500.11937/42670 10.1016/j.im.2013.11.004 Elsevier restricted |
| spellingShingle | ase study Incident-centered analysis Information security management Response paradigm Prevention paradigm Security balance Baskerville, Richard Spagnoletti, P. Kim, J. Incident-centered information security: Managing a strategic balance between prevention and response |
| title | Incident-centered information security: Managing a strategic balance between prevention and response |
| title_full | Incident-centered information security: Managing a strategic balance between prevention and response |
| title_fullStr | Incident-centered information security: Managing a strategic balance between prevention and response |
| title_full_unstemmed | Incident-centered information security: Managing a strategic balance between prevention and response |
| title_short | Incident-centered information security: Managing a strategic balance between prevention and response |
| title_sort | incident-centered information security: managing a strategic balance between prevention and response |
| topic | ase study Incident-centered analysis Information security management Response paradigm Prevention paradigm Security balance |
| url | http://hdl.handle.net/20.500.11937/42670 |