Real-time analytics,incident response process agility and enterprise cybersecurity performance: A contingent resource-based analysis |
| |
| Institution: | 1. Univ. Lille, EA2694, Faculty of pharmaceutical and biological sciences, Lille F-59000, France;2. Higher School of industrial technologies, P.O. Box 218, Annaba 23000, Algeria;3. Electronic Document Management Laboratory (LabGED), Badji Mokhtar-Annaba University, P.O. Box 12, Annaba, Algeria;4. Univ. Lille, Inserm U908, Lille, F-59000, France;1. Department of Technologies of Computers and Communications, University of Extremadura, Escuela Politécnica, Campus Universitario S/N, Cáceres 10003, Spain;2. Instituto de Engenharia de Sistemas e Computadores - Investigação e Desenvolvimento em Lisboa (INESC-ID), Instituto Superior Técnico, Universidade de Lisboa, Lisboa 1000-029, Portugal |
| |
| Abstract: | Emerging paradigms of attack challenge enterprise cybersecurity with sophisticated custom-built tools, unpredictable patterns of exploitation, and an increasing ability to adapt to cyber defenses. As a result, organizations continue to experience incidents and suffer losses. The responsibility to respond to cybersecurity incidents lies with the incident response (IR) function. We argue that (1) organizations must develop ‘agility’ in their IR process to respond swiftly and efficiently to sophisticated and potent cyber threats, and (2) Real-time analytics (RTA) gives organizations a unique opportunity to drive their IR process in an agile manner by detecting cybersecurity incidents quickly and responding to them proactively. To better understand how organizations can use RTA to enable IR agility, we analyzed in-depth data from twenty expert interviews using a contingent resource-based view. The results informed a framework explaining how organizations enable agile characteristics (swiftness, flexibility, and innovation) in the IR process using the key features of the RTA capability (complex event processing, decision automation, and on-demand and continuous data analysis) to detect and respond to cybersecurity incidents as-they-occur which, in turn, improves their overall enterprise cybersecurity performance. |
| |
| Keywords: | Real-time analytics Incident response Agility Resource-based view Enterprise cybersecurity performance |
| 本文献已被 ScienceDirect 等数据库收录! |
|
