Organizational Security Learning from Incident Response
The security-related experiences of Incident Response Teams provide Enterprise Information Security Management with a unique opportunity to draw lessons and insights. However, research has shown that there is often inadequate information-sharing between the security and response functions of organiz...
| Main Authors: | , , , , |
|---|---|
| Format: | Conference Paper |
| Published: |
2018
|
| Online Access: | http://hdl.handle.net/20.500.11937/66469 |
| Summary: | The security-related experiences of Incident Response Teams provide Enterprise Information Security Management with a unique opportunity to draw lessons and insights. However, research has shown that there is often inadequate information-sharing between the security and response functions of organizations. In this paper we apply a general theory of organizational learning to interpret findings from a case study of IR practices at a major Australian financial institution, and then propose a learning process model that can be used to bridge IR and ISM functions in organizations. Findings from focus group research carried out for preliminary evaluation of the model are presented, followed by a discussion of the project’s next steps. |
|---|