Enhancing Strategic Information Security Management in Organizations through Information Warfare Practices
This addresses the need for improved strategic security management in organizations facing APTs, but it is incremental as it adapts existing military concepts to the corporate domain.
The paper tackles the problem of combating advanced persistent threats (APTs) in organizations by advocating a shift from prevention-centered to response-centered security management, proposing a framework that integrates conventional incident response with information warfare capabilities to enhance enterprise security performance.
In this short paper we argue that to combat APTs, organizations need a strategic level shift away from a traditional prevention centered approach to that of a response centered one. Drawing on the information warfare (IW) paradigm in military studies, and using Dynamic Capability Theory (DCT), this research examines the applicability of IW capabilities in the corporate domain. We propose a research framework to argue that conventional prevention centred response capabilities; such as incident response capabilities and IW centred security capabilities can be integrated into IW enabled dynamic response capabilities that improve enterprise security performance.