Enhancing Strategic Information Security Management in Organizations through Information Warfare Practices

TL;DR

This paper proposes shifting organizational cybersecurity strategies from prevention to response by integrating military information warfare practices, aiming to enhance security performance through dynamic capabilities.

Contribution

It introduces a novel framework applying information warfare concepts and Dynamic Capability Theory to improve corporate cybersecurity response strategies.

Findings

IW capabilities can be integrated into corporate response strategies

A new framework for IW-enabled dynamic response capabilities

Potential for improved enterprise security performance

Abstract

In this short paper we argue that to combat APTs, organizations need a strategic level shift away from a traditional prevention centered approach to that of a response centered one. Drawing on the information warfare (IW) paradigm in military studies, and using Dynamic Capability Theory (DCT), this research examines the applicability of IW capabilities in the corporate domain. We propose a research framework to argue that conventional prevention centred response capabilities; such as incident response capabilities and IW centred security capabilities can be integrated into IW enabled dynamic response capabilities that improve enterprise security performance.