Australian Information Security Management Conference

Document Type

Conference Proceeding

Publisher

School of Computer and Information Science, Edith Cowan University, Perth, Western Australia

Comments

Originally published in the Proceedings of the 8th Australian Information Security Mangement Conference, Edith Cowan University, Perth Western Australia, 30th November 2010

Abstract

Effective response to information security incidents is a critical function of modern organisations. However, recent studies have indicated that organisations have adopted a narrow and technical view of incident response (IR), focusing on the immediate concern of detection and subsequent corrective actions. Although some reflection on the IR process may be involved, it is typically limited to technical issues and does not leverage opportunities to learn about the organisational security threat environment and to adapt incident response capabilities. Given the science of incident response is rooted in practice, it is not surprising that the same criticisms can be applied to much of IR literature. However, a review of literature in the area of organisational learning suggests that improvements can be made to the incident response process. This paper proposes that future incident response research must incorporate a learning focus, improve feedback timing on learning activities, facilitate double-loop learning and incorporate an informal learning perspective within both formal, procedural incident response processes as well as unstructured, informal environments.

DOI

10.4225/75/57b6771734788

Share

 
COinS