File(s) under permanent embargo
Adopting and Integrating Cyber-Threat Intelligence in a Commercial Organisation
journal contribution
posted on 2022-10-04, 01:15 authored by J Kotsias, A Ahmad, Rens ScheepersRens ScheepersCyber-attacks are increasingly perpetrated by organised, sophisticated and persistent entities such as crime syndicates and paramilitary forces. Even commercial firms that fully comply with industry “best practice” cyber security standards cannot cope with military-style cyber-attacks. We posit that the primary reason is the increasing asymmetry between the cyber-offensive capability of attackers and the cyber-defensive capability of commercial organisations. A key avenue to resolve this asymmetry is for organisations to leverage cyber-threat intelligence (CTI) to direct their cyber-defence. How can commercial organisations adopt and integrate CTI to routinely defend their information systems and resources from increasingly advanced cyber-attacks? There is limited know-how on how to package CTI to inform the practices of enterprise-wide stakeholders. This clinical research describes a practitioner-researcher’s experiences in directing a large multinational finance corporation to adopt and integrate CTI to transform cybersecurity-related practice and behaviour. The research contributes practical know-how on the organisational adoption and integration of CTI, enacted through the transformation of cybersecurity practice, and enterprise-wide implementation of a novel solution to package CTI for commercial contexts. The study illustrates the inputs, processes, and outputs in clinical research as a genre of action research.
History
Journal
European Journal of Information SystemsPublisher DOI
ISSN
0960-085XeISSN
1476-9344Usage metrics
Keywords
Science & TechnologySocial SciencesTechnologyComputer Science, Information SystemsInformation Science & Library ScienceManagementComputer ScienceBusiness & EconomicsCybersecurityinformation security managementcyber defenceincident responsethreat intelligenceclinical information systems practiceINFORMATION-SYSTEMSIMPLEMENTATIONInformation Systems
Licence
Exports
RefWorks
BibTeX
Ref. manager
Endnote
DataCite
NLM
DC