A framework of dynamic cybersecurity incident response to improve incident response agility
AffiliationComputing and Information Systems
Document TypePhD thesis
Access StatusOpen Access
© 2018 Dr. Humza Naseer
The modern enterprise uses risk-driven and control-centered security management systems to protect information resources and sustain competitive advantage. Such systems have proven to be quite effective in the prevention of threats such as those exploiting common vulnerabilities. However, they are not very well suited to response against threats that are unpredictable, complex and evolving such as Advanced Persistent Threats. The complex and dynamic nature of these threats demands a sophisticated, timely and agile response capability to collect, integrate and analyse information to direct strategic and operational security measures. Real-time analytics is a specialized business analytics capability that helps organizations to collect, integrate, and analyse business events as they occur. While the ability of real-time analytics to deliver instant business insights has gained much attention in the literature, there has been limited research on how it can help enterprises improve agility in their cybersecurity incident response. This study addresses the aforementioned research gap through investigating the research question: How can organizations improve agility in their cybersecurity incident response process using real-time analytics? Drawing from dynamic capabilities theory, the study collected qualitative data from three large financial organizations and used a process of data comparison that engages in simultaneous analysis and exploration. The results informed a framework of dynamic cybersecurity incident response that explains how organizations using real-time analytics are able to develop higher order real-time analytics-enabled dynamic capabilities in incident response such as real-time situation awareness, dynamic risk assessment, and cyber threat intelligence generation. These dynamic capabilities help organizations to execute dynamic incident response strategies including active defence, continuous monitoring, and active reconnaissance. The real-time analytics enabled dynamic capabilities together with dynamic incident response strategies infuse agile characteristics such as swiftness, flexibility and innovation in the cybersecurity incident response process, which in turn, lead to positive outcomes in enterprise security performance and delivers both strategic and economic benefits. The framework also provides a comprehensive view of the factors that support and hinder the development of dynamic capabilities in the cybersecurity incident response process and execution of dynamic incident response strategies. The details of the framework contribute to the literature on business analytics capabilities, dynamic capabilities, cybersecurity incident response strategies, and business process agility. The findings of the study provide a useful stepping stone for future studies on how to improve agility in cybersecurity incident response process.
Keywordsreal-time analytics; cybersecurity incident response; agility; dynamic capabilities
- Click on "Export Reference in RIS Format" and choose "open with... Endnote".
- Click on "Export Reference in RIS Format". Login to Refworks, go to References => Import References