A case analysis of information systems and security incident responses

“…Ineffective knowledge gathering tends to result in the waste of the knowledge generated in the incident handling process [24]. The findings were consistent with Ahmad's case studies in financial organisations [24,25]. However, our study was placed in a healthcare context and the target group included not only IT professionals but also healthcare professionals.…”

“…This indicated poor collaborations between the incident handler and the incident reporter. This findings is also shared by Ahmad [24,25] and Tondel [31] According to Cook, critical incidents were caused by ignorance of low impact incidents and all incidents should be used for incident learning [51]. This was not occurring in the redacted hospital.…”

“…The case studies performed by Ahmad showed that the organisation had focused on improving the technical aspects and did not leverage opportunities to learn about incidents [24,25]. He then proposed a double-loop model for incident learning [24] and a dynamic security learning (DSL) process model elaborating different learning activities in different learning stages, key stakeholders involved and its linkage with broader organisational aims [25].…”

“…The case studies performed by Ahmad showed that the organisation had focused on improving the technical aspects and did not leverage opportunities to learn about incidents [24,25]. He then proposed a double-loop model for incident learning [24] and a dynamic security learning (DSL) process model elaborating different learning activities in different learning stages, key stakeholders involved and its linkage with broader organisational aims [25]. Tondel [31] had identified the key challenges of incident learning which included the lack of willingness to share incident learning with other organisations [32] ineffective communication between IT professionals and other stakeholders [32] the lack of incident learning motivations [32] as well as the insufficient sharing of security lessons within the organisation [23].…”

“…The response to these lessons learned should ideally cycle relevant knowledge and changes into the procedures that guide incident response and result in changes in the training processes and incident response policies. However, case studies [23][24][25] showed that incident learning is ineffective in the organisations.…”

Challenges of information security incident learning: An industrial case study in a Chinese healthcare organization

“…Ineffective knowledge gathering tends to result in the waste of the knowledge generated in the incident handling process [24]. The findings were consistent with Ahmad's case studies in financial organisations [24,25]. However, our study was placed in a healthcare context and the target group included not only IT professionals but also healthcare professionals.…”

“…This indicated poor collaborations between the incident handler and the incident reporter. This findings is also shared by Ahmad [24,25] and Tondel [31] According to Cook, critical incidents were caused by ignorance of low impact incidents and all incidents should be used for incident learning [51]. This was not occurring in the redacted hospital.…”

“…The case studies performed by Ahmad showed that the organisation had focused on improving the technical aspects and did not leverage opportunities to learn about incidents [24,25]. He then proposed a double-loop model for incident learning [24] and a dynamic security learning (DSL) process model elaborating different learning activities in different learning stages, key stakeholders involved and its linkage with broader organisational aims [25].…”

“…The case studies performed by Ahmad showed that the organisation had focused on improving the technical aspects and did not leverage opportunities to learn about incidents [24,25]. He then proposed a double-loop model for incident learning [24] and a dynamic security learning (DSL) process model elaborating different learning activities in different learning stages, key stakeholders involved and its linkage with broader organisational aims [25]. Tondel [31] had identified the key challenges of incident learning which included the lack of willingness to share incident learning with other organisations [32] ineffective communication between IT professionals and other stakeholders [32] the lack of incident learning motivations [32] as well as the insufficient sharing of security lessons within the organisation [23].…”

“…The response to these lessons learned should ideally cycle relevant knowledge and changes into the procedures that guide incident response and result in changes in the training processes and incident response policies. However, case studies [23][24][25] showed that incident learning is ineffective in the organisations.…”

Challenges of information security incident learning: An industrial case study in a Chinese healthcare organization

How integration of cyber security management and incident response enables organizational learning

The Effectiveness of Outsourcing Cybersecurity Practices: A Study of the Italian Context