Mark-Paul Sallos, Alexeis Garcia Perez, Anca Bocanet
{"title":"组织网络复原力:连接基础与应用的启发式方法","authors":"Mark-Paul Sallos, Alexeis Garcia Perez, Anca Bocanet","doi":"10.1108/jeim-06-2023-0317","DOIUrl":null,"url":null,"abstract":"<h3>Purpose</h3>\n<p>The drive for digitalisation has increased the scope of cyber threats which can exploit the growing footprint of information and communication technology infrastructure supporting modern societies. Despite substantial interest and efforts in researching and building organisational cyber resilience, the resulting body of work is heterogeneous and has yet to reach maturity. This paper aims to address the gap in the conceptualisation of cyber resilience in academic and practice-oriented grey literature.</p><!--/ Abstract__block -->\n<h3>Design/methodology/approach</h3>\n<p>In this conceptual paper, we firstly seek to explore the available foundations of resilience as a construct and consider how these can be applied to organisational cybersecurity. To that aim, this study employs a targeted literature review approach, incorporating systematic elements to ensure rigour. Literature was identified through comprehensive searches in key academic databases, reference chaining and expert recommendations. Articles were selected based on relevance and contribution to the field, resulting in a thematic analysis to identify gaps and propose a heuristic model for cyber resilience. With this approach, we aim to position the emerging view of cyber resilience relative to risk analysis, while highlighting its domain of “conceptual comparative advantage” – the types of applications it is best suited to address. Finally, a high-level heuristic model for cyber resilience is proposed, which functions across the relevant policy, strategy and operational dimensions while also considering its relationship with cyber risk management.</p><!--/ Abstract__block -->\n<h3>Findings</h3>\n<p>A conceptual model for organisational cyber resilience is proposed which helps position and frame research contributions in this domain relative to risk analysis, highlighting its domain of comparative advantage. The model integrates policy, strategy and operational dimensions, in a manner conducive to bridging foundations and applications of the concept of cyber risk management. The proposed model provides a critical point of reference to evaluate individual models, frameworks and tools.</p><!--/ Abstract__block -->\n<h3>Originality/value</h3>\n<p>This paper is a pioneering effort to overcome the current gaps between conceptual and practical views of cyber resilience. It proposes a new, risk-aligned view of the concept of cyber resilience and provides a structural foundation for further research and practice in the field.</p><!--/ Abstract__block -->","PeriodicalId":47889,"journal":{"name":"Journal of Enterprise Information Management","volume":"24 1","pages":""},"PeriodicalIF":7.4000,"publicationDate":"2024-10-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Organisational cyber resilience: a heuristic for bridging foundations and applications\",\"authors\":\"Mark-Paul Sallos, Alexeis Garcia Perez, Anca Bocanet\",\"doi\":\"10.1108/jeim-06-2023-0317\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<h3>Purpose</h3>\\n<p>The drive for digitalisation has increased the scope of cyber threats which can exploit the growing footprint of information and communication technology infrastructure supporting modern societies. Despite substantial interest and efforts in researching and building organisational cyber resilience, the resulting body of work is heterogeneous and has yet to reach maturity. This paper aims to address the gap in the conceptualisation of cyber resilience in academic and practice-oriented grey literature.</p><!--/ Abstract__block -->\\n<h3>Design/methodology/approach</h3>\\n<p>In this conceptual paper, we firstly seek to explore the available foundations of resilience as a construct and consider how these can be applied to organisational cybersecurity. To that aim, this study employs a targeted literature review approach, incorporating systematic elements to ensure rigour. Literature was identified through comprehensive searches in key academic databases, reference chaining and expert recommendations. Articles were selected based on relevance and contribution to the field, resulting in a thematic analysis to identify gaps and propose a heuristic model for cyber resilience. With this approach, we aim to position the emerging view of cyber resilience relative to risk analysis, while highlighting its domain of “conceptual comparative advantage” – the types of applications it is best suited to address. Finally, a high-level heuristic model for cyber resilience is proposed, which functions across the relevant policy, strategy and operational dimensions while also considering its relationship with cyber risk management.</p><!--/ Abstract__block -->\\n<h3>Findings</h3>\\n<p>A conceptual model for organisational cyber resilience is proposed which helps position and frame research contributions in this domain relative to risk analysis, highlighting its domain of comparative advantage. The model integrates policy, strategy and operational dimensions, in a manner conducive to bridging foundations and applications of the concept of cyber risk management. The proposed model provides a critical point of reference to evaluate individual models, frameworks and tools.</p><!--/ Abstract__block -->\\n<h3>Originality/value</h3>\\n<p>This paper is a pioneering effort to overcome the current gaps between conceptual and practical views of cyber resilience. It proposes a new, risk-aligned view of the concept of cyber resilience and provides a structural foundation for further research and practice in the field.</p><!--/ Abstract__block -->\",\"PeriodicalId\":47889,\"journal\":{\"name\":\"Journal of Enterprise Information Management\",\"volume\":\"24 1\",\"pages\":\"\"},\"PeriodicalIF\":7.4000,\"publicationDate\":\"2024-10-09\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Enterprise Information Management\",\"FirstCategoryId\":\"91\",\"ListUrlMain\":\"https://doi.org/10.1108/jeim-06-2023-0317\",\"RegionNum\":3,\"RegionCategory\":\"管理学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"INFORMATION SCIENCE & LIBRARY SCIENCE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Enterprise Information Management","FirstCategoryId":"91","ListUrlMain":"https://doi.org/10.1108/jeim-06-2023-0317","RegionNum":3,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"INFORMATION SCIENCE & LIBRARY SCIENCE","Score":null,"Total":0}
Organisational cyber resilience: a heuristic for bridging foundations and applications
Purpose
The drive for digitalisation has increased the scope of cyber threats which can exploit the growing footprint of information and communication technology infrastructure supporting modern societies. Despite substantial interest and efforts in researching and building organisational cyber resilience, the resulting body of work is heterogeneous and has yet to reach maturity. This paper aims to address the gap in the conceptualisation of cyber resilience in academic and practice-oriented grey literature.
Design/methodology/approach
In this conceptual paper, we firstly seek to explore the available foundations of resilience as a construct and consider how these can be applied to organisational cybersecurity. To that aim, this study employs a targeted literature review approach, incorporating systematic elements to ensure rigour. Literature was identified through comprehensive searches in key academic databases, reference chaining and expert recommendations. Articles were selected based on relevance and contribution to the field, resulting in a thematic analysis to identify gaps and propose a heuristic model for cyber resilience. With this approach, we aim to position the emerging view of cyber resilience relative to risk analysis, while highlighting its domain of “conceptual comparative advantage” – the types of applications it is best suited to address. Finally, a high-level heuristic model for cyber resilience is proposed, which functions across the relevant policy, strategy and operational dimensions while also considering its relationship with cyber risk management.
Findings
A conceptual model for organisational cyber resilience is proposed which helps position and frame research contributions in this domain relative to risk analysis, highlighting its domain of comparative advantage. The model integrates policy, strategy and operational dimensions, in a manner conducive to bridging foundations and applications of the concept of cyber risk management. The proposed model provides a critical point of reference to evaluate individual models, frameworks and tools.
Originality/value
This paper is a pioneering effort to overcome the current gaps between conceptual and practical views of cyber resilience. It proposes a new, risk-aligned view of the concept of cyber resilience and provides a structural foundation for further research and practice in the field.
期刊介绍:
The Journal of Enterprise Information Management (JEIM) is a significant contributor to the normative literature, offering both conceptual and practical insights supported by innovative discoveries that enrich the existing body of knowledge.
Within its pages, JEIM presents research findings sourced from globally renowned experts. These contributions encompass scholarly examinations of cutting-edge theories and practices originating from leading research institutions. Additionally, the journal features inputs from senior business executives and consultants, who share their insights gleaned from specific enterprise case studies. Through these reports, readers benefit from a comparative analysis of different environmental contexts, facilitating valuable learning experiences.
JEIM's distinctive blend of theoretical analysis and practical application fosters comprehensive discussions on commercial discoveries. This approach enhances the audience's comprehension of contemporary, applied, and rigorous information management practices, which extend across entire enterprises and their intricate supply chains.