Designing information systems security
Designing information systems security
IEEE Spectrum
Information warfare and security
Information warfare and security
Communications of the ACM
Better-than-nothing security practices
Communications of the ACM
War Driving and WLAN Security Issues-Attacks, Security Design and Remedies
Information Systems Management
IT Governance based on Cobit 4.1 - A Management Guide
IT Governance based on Cobit 4.1 - A Management Guide
Information security management standards: Problems and solutions
Information and Management
Human Relationships: A Never-Ending Security Education Challenge?
IEEE Security and Privacy
Information technology outsourcing through a configurational lens
The Journal of Strategic Information Systems
Vulnerability Discovery with Attack Injection
IEEE Transactions on Software Engineering
Does deterrence work in reducing information security policy abuse by employees?
Communications of the ACM
Cybercrime: Dissecting the State of Underground Enterprise
IEEE Internet Computing
Journal of Theoretical and Applied Electronic Commerce Research
Hi-index | 0.00 |
Information security strategies employ principles and practices grounded in both the prevention and response paradigms. The prevention paradigm aims at managing predicted threats. Although the prevention paradigm may dominate in contemporary commercial organizations, the response paradigm (aimed at managing unpredicted threats) retains an important role in protecting information security in today's dynamic threat environment. This study provides an overarching security framework that focuses on managing the proper balance between prevention and response paradigms. We conduct a comparative case study with three European organizations. This study analyzes and empirically confirms how and why organizations balance between their prevention and response strategies.