Real-time analytics, incident response process agility and enterprise cybersecurity performance: A contingent resource-based analysis

Abstract Emerging paradigms of attack challenge enterprise cybersecurity with sophisticated custom-built tools, unpredictable patterns of exploitation, and an increasing ability to adapt to cyber defenses. As a result, organizations continue to experience incidents and suffer losses. The responsibility to respond to cybersecurity incidents lies with the incident response (IR) function. We argue that (1) organizations must develop ‘agility’ in their IR process to respond swiftly and efficiently to sophisticated and potent cyber threats, and (2) Real-time analytics (RTA) gives organizations a unique opportunity to drive their IR process in an agile manner by detecting cybersecurity incidents quickly and responding to them proactively. To better understand how organizations can use RTA to enable IR agility, we analyzed in-depth data from twenty expert interviews using a contingent resource-based view. The results informed a framework explaining how organizations enable agile characteristics (swiftness, flexibility, and innovation) in the IR process using the key features of the RTA capability (complex event processing, decision automation, and on-demand and continuous data analysis) to detect and respond to cybersecurity incidents as-they-occur which, in turn, improves their overall enterprise cybersecurity performance.

[1]  Kevin G. Corley,et al.  Seeking Qualitative Rigor in Inductive Research , 2013 .

[2]  Paul P. Tallon,et al.  Competing Perspectives on the Link Between Strategic Information Technology Alignment and Organizational Agility: Insights from a Mediation Model , 2011, MIS Q..

[3]  Yi Wang,et al.  IT capability and organizational performance: the roles of business process agility and environmental factors , 2014, Eur. J. Inf. Syst..

[4]  M. Wade,et al.  Review: the resource-based view and information systems research: review, extension, and suggestions for future research , 2004 .

[5]  William H. DeLone,et al.  IT resources, organizational capabilities, and value creation in public-sector organizations: a public-value management perspective , 2014, J. Inf. Technol..

[6]  Paul P. Tallon Inside the adaptive enterprise: an information technology capabilities perspective on business process agility , 2008, Inf. Technol. Manag..

[7]  Guangming Cao,et al.  The link between information processing capability and competitive advantage mediated through decision-making effectiveness , 2019, Int. J. Inf. Manag..

[8]  I. Barreto Dynamic Capabilities: A Review of Past Research and an Agenda for the Future , 2010 .

[9]  Rajeev Sharma,et al.  Transforming Decision-Making Processes Transforming decision-making processes : a research agenda for understanding the impact of business analytics on organizations , 2017 .

[10]  Jongwoo Kim,et al.  Incident-centered information security: Managing a strategic balance between prevention and response , 2014, Inf. Manag..

[11]  Lakshmi S. Iyer,et al.  Business Analytics in the Context of Big Data: A Roadmap for Research , 2015, Commun. Assoc. Inf. Syst..

[12]  Graeme G. Shanks,et al.  Cybersecurity Risk Management Using Analytics: A Dynamic Capabilities Approach , 2018, ICIS.

[13]  Kevin C. Desouza,et al.  How can organizations develop situation awareness for incident response: A case study of management practice , 2021, Comput. Secur..

[14]  Kathleen M. Eisenhardt,et al.  Theory Building From Cases: Opportunities And Challenges , 2007 .

[15]  Graeme G. Shanks,et al.  A case analysis of information systems and security incident responses , 2015, Int. J. Inf. Manag..

[16]  Scott L. Newbert Empirical research on the resource‐based view of the firm: an assessment and suggestions for future research , 2007 .

[17]  Sanjay Sharma,et al.  A Contingent Resource-Based View of Proactive Corporate Environmental Strategy , 2003 .

[18]  Li Ling-yee,et al.  Marketing resources and performance of exhibitor firms in trade shows: A contingent resource perspective , 2007 .

[19]  Kevin C. Desouza,et al.  Weaponizing information systems for political disruption: The Actor, Lever, Effects, and Response Taxonomy (ALERT) , 2020, Comput. Secur..

[20]  D. Silverman Interpreting Qualitative Data , 1993 .

[21]  A. Wald,et al.  Levers of enterprise security control: a study on the use, measurement and value contribution , 2016 .

[22]  Ping Zhang,et al.  The Effects of Animation on Information Seeking Performance on the World Wide Web: Securing Attention or Interfering with Primary Tasks? , 2000, J. Assoc. Inf. Syst..

[23]  Kevin C. Desouza,et al.  How integration of cyber security management and incident response enables organizational learning , 2020, J. Assoc. Inf. Sci. Technol..

[24]  Jos van Hillegersberg,et al.  Change factors requiring agility and implications for IT , 2006, Eur. J. Inf. Syst..

[25]  Kevin C. Desouza,et al.  Strategically-motivated advanced persistent threat: Definition, process, tactics and a disinformation model of counterattack , 2019, Comput. Secur..

[26]  Margareth Stoll From Information Security Management to Enterprise Risk Management , 2015 .

[27]  Varun Grover,et al.  Shaping Agility through Digital Options: Reconceptualizing the Role of Information Technology in Contemporary Firms , 2003, MIS Q..

[28]  Varun Grover,et al.  Creating Strategic Business Value from Big Data Analytics: A Research Framework , 2018, J. Manag. Inf. Syst..

[29]  C. Salvato,et al.  The sources of dynamism in dynamic capabilities , 2018 .

[30]  R. Duane Ireland,et al.  Resource Orchestration to Create Competitive Advantage , 2010 .

[31]  Barbara Wixom,et al.  Maximizing Value from Business Analytics , 2013, MIS Q. Executive.

[32]  Rajeev Sharma,et al.  The role of IT application orchestration capability in improving agility and performance , 2017, J. Strateg. Inf. Syst..

[33]  J. Spender,et al.  The Resource-Based View: A Review and Assessment of Its Critiques , 2009 .

[34]  Kevin C. Desouza,et al.  Demystifying analytical information processing capability: The case of cybersecurity incident response , 2021, Decis. Support Syst..

[35]  Firm Resources and Sustained Competitive Advantage , 1991 .

[36]  Ying Lu,et al.  Understanding the Link Between Information Technology Capability and Organizational Agility: An Empirical Examination , 2011, MIS Q..

[37]  José M. Fernandez,et al.  Survey of publicly available reports on advanced persistent threat actors , 2018, Comput. Secur..

[38]  Borka Jerman-Blazic,et al.  An economic modelling approach to information security risk management , 2008, Int. J. Inf. Manag..

[39]  Rajeev Sharma,et al.  Information technology and the search for organizational agility: A systematic review with future research possibilities , 2019, J. Strateg. Inf. Syst..

[40]  Barbara Wixom,et al.  Real-Time Business Intelligence: Best Practices at Continental Airlines , 2005, Inf. Syst. Manag..

[41]  Atif Ahmad,et al.  Australasian Conference on Information Systems Naseer et al . 2016 , Wollongong Enhancing ISRM with Security Analytics 1 Enhancing Information Security Risk Management with Security Analytics : A Dynamic Capabilities Perspective , 2016 .

[42]  Maninder Singh,et al.  A Hybrid Real-time Zero-day Attack Detection and Analysis System , 2015 .

[43]  Omar El Sawy,et al.  The Role of Business Intelligence and Communication Technologies in Organizational Agility: A Configurational Approach , 2017, Journal of the Association for Information Systems.

[44]  Tim Storer,et al.  Rethinking Security Incident Response: The Integration of Agile Principles , 2014, AMCIS.

[45]  Sean B. Maynard,et al.  SECURITY RISK MANAGEMENT : THE CONTINGENT EFFECT ON SECURITY PERFORMANCE , 2017 .

[46]  Peter B. Seddon,et al.  How Does Business Analytics Contribute to Business Value? , 2012, ICIS.

[47]  Graeme G. Shanks,et al.  Towards an Analytics-Driven Information Security Risk Management: a contingent Resource based Perspective , 2017, ECIS.

[48]  Kevin McCormack,et al.  Improving performance aligning business analytics with process orientation , 2013, Int. J. Inf. Manag..

[49]  David L. Olson,et al.  The impact of advanced analytics and data accuracy on operational performance: A contingent resource based theory (RBT) perspective , 2014, Decis. Support Syst..

[50]  David W. Arnesen,et al.  Planning for the Known, Unknown and Impossible - Responsible Risk Management to Maximize Organizational Performance , 2016 .

[51]  Clyde W. Holsapple,et al.  A unified foundation for business analytics , 2014, Decis. Support Syst..

[52]  Selim Zaim,et al.  Business analytics and firm performance: The mediating role of business process performance , 2019, Journal of Business Research.

[53]  Hao Hu,et al.  Real-Time business data acquisition: How frequent is frequent enough? , 2017, Inf. Manag..

[54]  Michele Colajanni,et al.  Exploratory security analytics for anomaly detection , 2016, Comput. Secur..