Organisational cyber resilience: a heuristic for bridging foundations and applications

IF 7.4 3区管理学 Q1 INFORMATION SCIENCE & LIBRARY SCIENCE Journal of Enterprise Information Management Pub Date : 2024-10-09 DOI:10.1108/jeim-06-2023-0317

Mark-Paul Sallos, Alexeis Garcia Perez, Anca Bocanet

{"title":"Organisational cyber resilience: a heuristic for bridging foundations and applications","authors":"Mark-Paul Sallos, Alexeis Garcia Perez, Anca Bocanet","doi":"10.1108/jeim-06-2023-0317","DOIUrl":null,"url":null,"abstract":"<h3>Purpose</h3>\n<p>The drive for digitalisation has increased the scope of cyber threats which can exploit the growing footprint of information and communication technology infrastructure supporting modern societies. Despite substantial interest and efforts in researching and building organisational cyber resilience, the resulting body of work is heterogeneous and has yet to reach maturity. This paper aims to address the gap in the conceptualisation of cyber resilience in academic and practice-oriented grey literature.</p>\n<h3>Design/methodology/approach</h3>\n<p>In this conceptual paper, we firstly seek to explore the available foundations of resilience as a construct and consider how these can be applied to organisational cybersecurity. To that aim, this study employs a targeted literature review approach, incorporating systematic elements to ensure rigour. Literature was identified through comprehensive searches in key academic databases, reference chaining and expert recommendations. Articles were selected based on relevance and contribution to the field, resulting in a thematic analysis to identify gaps and propose a heuristic model for cyber resilience. With this approach, we aim to position the emerging view of cyber resilience relative to risk analysis, while highlighting its domain of “conceptual comparative advantage” – the types of applications it is best suited to address. Finally, a high-level heuristic model for cyber resilience is proposed, which functions across the relevant policy, strategy and operational dimensions while also considering its relationship with cyber risk management.</p>\n<h3>Findings</h3>\n<p>A conceptual model for organisational cyber resilience is proposed which helps position and frame research contributions in this domain relative to risk analysis, highlighting its domain of comparative advantage. The model integrates policy, strategy and operational dimensions, in a manner conducive to bridging foundations and applications of the concept of cyber risk management. The proposed model provides a critical point of reference to evaluate individual models, frameworks and tools.</p>\n<h3>Originality/value</h3>\n<p>This paper is a pioneering effort to overcome the current gaps between conceptual and practical views of cyber resilience. It proposes a new, risk-aligned view of the concept of cyber resilience and provides a structural foundation for further research and practice in the field.</p>","PeriodicalId":47889,"journal":{"name":"Journal of Enterprise Information Management","volume":null,"pages":null},"PeriodicalIF":7.4000,"publicationDate":"2024-10-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Enterprise Information Management","FirstCategoryId":"91","ListUrlMain":"https://doi.org/10.1108/jeim-06-2023-0317","RegionNum":3,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"INFORMATION SCIENCE & LIBRARY SCIENCE","Score":null,"Total":0}

引用次数: 0

Abstract

Purpose

The drive for digitalisation has increased the scope of cyber threats which can exploit the growing footprint of information and communication technology infrastructure supporting modern societies. Despite substantial interest and efforts in researching and building organisational cyber resilience, the resulting body of work is heterogeneous and has yet to reach maturity. This paper aims to address the gap in the conceptualisation of cyber resilience in academic and practice-oriented grey literature.

Design/methodology/approach

In this conceptual paper, we firstly seek to explore the available foundations of resilience as a construct and consider how these can be applied to organisational cybersecurity. To that aim, this study employs a targeted literature review approach, incorporating systematic elements to ensure rigour. Literature was identified through comprehensive searches in key academic databases, reference chaining and expert recommendations. Articles were selected based on relevance and contribution to the field, resulting in a thematic analysis to identify gaps and propose a heuristic model for cyber resilience. With this approach, we aim to position the emerging view of cyber resilience relative to risk analysis, while highlighting its domain of “conceptual comparative advantage” – the types of applications it is best suited to address. Finally, a high-level heuristic model for cyber resilience is proposed, which functions across the relevant policy, strategy and operational dimensions while also considering its relationship with cyber risk management.

Findings

A conceptual model for organisational cyber resilience is proposed which helps position and frame research contributions in this domain relative to risk analysis, highlighting its domain of comparative advantage. The model integrates policy, strategy and operational dimensions, in a manner conducive to bridging foundations and applications of the concept of cyber risk management. The proposed model provides a critical point of reference to evaluate individual models, frameworks and tools.

Originality/value

This paper is a pioneering effort to overcome the current gaps between conceptual and practical views of cyber resilience. It proposes a new, risk-aligned view of the concept of cyber resilience and provides a structural foundation for further research and practice in the field.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

组织网络复原力：连接基础与应用的启发式方法

目的数字化的推动扩大了网络威胁的范围，这些威胁可以利用支持现代社会的信息和通信技术基础设施不断增长的足迹。尽管人们对研究和建设组织网络复原力表现出浓厚的兴趣，并做出了巨大的努力，但由此产生的研究成果却五花八门，尚未达到成熟的程度。本文旨在解决学术界和以实践为导向的灰色文献中网络复原力概念化方面的空白。设计/方法/途径在这篇概念性论文中，我们首先试图探索复原力作为一种建构的现有基础，并考虑如何将这些基础应用于组织网络安全。为此，本研究采用了一种有针对性的文献综述方法，其中包含确保严谨性的系统要素。通过在主要学术数据库中进行全面搜索、参考文献链和专家建议来确定文献。我们根据文章的相关性和对该领域的贡献进行了筛选，并进行了专题分析，以找出差距并提出网络复原力启发式模型。通过这种方法，我们旨在将新出现的网络复原力观点定位为相对于风险分析的观点，同时突出其 "概念比较优势 "领域--最适合解决的应用类型。最后，提出了一个高层次的网络复原力启发式模型，该模型在相关的政策、战略和操作层面发挥作用，同时还考虑了其与网络风险管理的关系。研究结果提出了一个组织网络复原力概念模型，该模型有助于将该领域的研究成果与风险分析相对比，并对其进行定位和构架，同时突出其比较优势领域。该模型整合了政策、战略和操作层面，有利于连接网络风险管理概念的基础和应用。所提出的模型为评估各个模型、框架和工具提供了重要的参照点。它提出了一种新的、与风险相一致的网络复原力概念，为该领域的进一步研究和实践奠定了结构基础。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Journal of Enterprise Information Management Multiple-

CiteScore

14.80

自引率

6.20%

发文量

期刊介绍： The Journal of Enterprise Information Management (JEIM) is a significant contributor to the normative literature, offering both conceptual and practical insights supported by innovative discoveries that enrich the existing body of knowledge. Within its pages, JEIM presents research findings sourced from globally renowned experts. These contributions encompass scholarly examinations of cutting-edge theories and practices originating from leading research institutions. Additionally, the journal features inputs from senior business executives and consultants, who share their insights gleaned from specific enterprise case studies. Through these reports, readers benefit from a comparative analysis of different environmental contexts, facilitating valuable learning experiences. JEIM's distinctive blend of theoretical analysis and practical application fosters comprehensive discussions on commercial discoveries. This approach enhances the audience's comprehension of contemporary, applied, and rigorous information management practices, which extend across entire enterprises and their intricate supply chains.