Patterson, Clare M., Nurse, Jason R. C., Franqueira, Virginia N. L. (2023) Learning from cyber security incidents: A systematic review and future research agenda. Computers & Security, 132 . Article Number 103309. ISSN 0167-4048. (doi:10.1016/j.cose.2023.103309) (KAR id:101556)
PDF
Publisher pdf
Language: English
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
|
|
Download this file (PDF/1MB) |
Preview |
Request a format suitable for use with assistive technology e.g. a screenreader | |
PDF
Author's Accepted Manuscript
Language: English Restricted to Repository staff only |
|
Contact us about this Publication
|
|
Official URL: https://doi.org/10.1016/j.cose.2023.103309 |
Abstract
Cyber security incidents are now prevalent in many organisations. Arguably, those who can learn from security incidents and address the underlying causes will reduce the prevalence of similar ones in the future. This research provides a new examination of how organisations learn from incidents by systematically reviewing academic research on organisational learning from cyber security incidents and identifies further research needed in this area. To do this, it considers three research questions: what research has been conducted on learning from cyber security incidents, what learning practices in organisations have been found by research and what improvements have been recommended, and what further research is needed as organisations learn from such incidents. Using the PRISMA method, a total of 3,986 articles were extracted and, from these, a relevant set of 30 were selected for analysis to map the body of research, and to identify future research avenues. Despite learning lessons being recommended by both researchers and industry standards, our findings suggest that this advice is not being fully adopted by organisations. Importantly, these studies have found inadequate participation in learning activities, with superficial causal investigations, scarce effort on ensuring lessons are implemented and no evaluation if the actions taken actually reduce future security incidents. More research is needed to understand the right level and which learning practices to invest in for the greatest impact. For practitioners, this review discusses the essential elements of an effective process to learn from incidents. This review provides academics with a novel synthesis of the research undertaken on this topic, enabling them to incorporate the significant findings into their work and potentially explore the research agenda suggested.
Item Type: | Article |
---|---|
DOI/Identification number: | 10.1016/j.cose.2023.103309 |
Uncontrolled keywords: | Cyber security; incident investigation; incident response; lessons learned; learning process; organisational learning; post-incident review; security incident; systematic; literature review; research agenda |
Subjects: |
B Philosophy. Psychology. Religion > BF Psychology H Social Sciences > HF Commerce > HF5351 Business Q Science > QA Mathematics (inc Computing science) T Technology T Technology > T Technology (General) |
Divisions: |
Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing University-wide institutes > Institute of Cyber Security for Society |
Funders: | University of Kent (https://ror.org/00xkeyj56) |
Depositing User: | Jason Nurse |
Date Deposited: | 05 Jun 2023 19:13 UTC |
Last Modified: | 10 Jan 2024 01:29 UTC |
Resource URI: | https://kar.kent.ac.uk/id/eprint/101556 (The current URI for this page, for reference purposes) |
- Link to SensusAccess
- Export to:
- RefWorks
- EPrints3 XML
- BibTeX
- CSV
- Depositors only (login required):