Show simple item record

dc.contributor.authorBaskerville, Richard
dc.contributor.authorSpagnoletti, P.
dc.contributor.authorKim, J.
dc.date.accessioned2017-01-30T15:01:20Z
dc.date.available2017-01-30T15:01:20Z
dc.date.created2015-05-12T20:00:39Z
dc.date.issued2014
dc.identifier.citationBaskerville, R. and Spagnoletti, P. and Kim, J. 2014. Incident-centered information security: Managing a strategic balance between prevention and response. Information and Management. 51: pp. 138-151.
dc.identifier.urihttp://hdl.handle.net/20.500.11937/42670
dc.identifier.doi10.1016/j.im.2013.11.004
dc.description.abstract

Information security strategies employ principles and practices grounded in both the prevention andresponse paradigms. The prevention paradigm aims at managing predicted threats. Although theprevention paradigm may dominate in contemporary commercial organizations, the response paradigm (aimed at managing unpredicted threats) retains an important role in protecting information security in today’s dynamic threat environment. This study provides an overarching security framework that focuses on managing the proper balance between prevention and response paradigms. We conduct a comparative case study with three European organizations. This study analyzes and empirically confirms how and why organizations balance between their prevention and response strategies.

dc.publisherElsevier
dc.subjectase study
dc.subjectIncident-centered analysis
dc.subjectInformation security management
dc.subjectResponse paradigm
dc.subjectPrevention paradigm
dc.subjectSecurity balance
dc.titleIncident-centered information security: Managing a strategic balance between prevention and response
dc.typeJournal Article
dcterms.source.volume51
dcterms.source.startPage138
dcterms.source.endPage151
dcterms.source.issn0378-7206
dcterms.source.titleInformation and Management
curtin.accessStatusFulltext not available


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record