Information security strategies employ principles and practices grounded in both the prevention and response paradigms. The prevention paradigm aims at managing predicted threats. Although the prevention paradigm may dominate in contemporary commercial organizations, the response paradigm (aimed at managing unpredicted threats) retains an important role in protecting information security in today's dynamic threat environment. This study provides an overarching security framework that focuses on managing the proper balance between prevention and response paradigms. We conduct a comparative case study with three European organizations. This study analyzes and empirically confirms how and why organizations balance between their prevention and response strategies.

Incident-Centered Information Security: Managing a Strategic Balance between Prevention and Response / R., Baskerville; Spagnoletti, Paolo; J., Kim. - In: INFORMATION & MANAGEMENT. - ISSN 0378-7206. - 51:1(2014), pp. 138-151. [10.1016/j.im.2013.11.004]

Incident-Centered Information Security: Managing a Strategic Balance between Prevention and Response

SPAGNOLETTI, PAOLO;
2014

Abstract

Information security strategies employ principles and practices grounded in both the prevention and response paradigms. The prevention paradigm aims at managing predicted threats. Although the prevention paradigm may dominate in contemporary commercial organizations, the response paradigm (aimed at managing unpredicted threats) retains an important role in protecting information security in today's dynamic threat environment. This study provides an overarching security framework that focuses on managing the proper balance between prevention and response paradigms. We conduct a comparative case study with three European organizations. This study analyzes and empirically confirms how and why organizations balance between their prevention and response strategies.
Information security management; Prevention paradigm; Response paradigm; Security balance; Case study; Incident-centered analysis
Incident-Centered Information Security: Managing a Strategic Balance between Prevention and Response / R., Baskerville; Spagnoletti, Paolo; J., Kim. - In: INFORMATION & MANAGEMENT. - ISSN 0378-7206. - 51:1(2014), pp. 138-151. [10.1016/j.im.2013.11.004]
File in questo prodotto:
File Dimensione Formato  
1-s2.0-S0378720613001171-main.pdf

Solo gestori archivio

Tipologia: Documento in Post-print
Licenza: DRM non definito
Dimensione 936.29 kB
Formato Adobe PDF
936.29 kB Adobe PDF   Visualizza/Apri
Pubblicazioni consigliate

Caricamento pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: http://hdl.handle.net/11385/84709
Citazioni
  • Scopus 107
  • ???jsp.display-item.citation.isi??? 74
social impact