Information systems security resilience as a dynamic capability
Journal of Enterprise Information Management
ISSN: 1741-0398
Article publication date: 28 February 2023
Issue publication date: 13 June 2023
Abstract
Purpose
While the idea of the resilience of information systems security exists, there is a lack of research that conceptualizes, defines and specifies a way to measure it as a dynamic capability. Drawing on relevant cybersecurity and dynamic capabilities literature, this study aims to define Information Systems Security Resilience (ISSR) as a “dynamic capability of a firm to respond to, and recover from, a security attack” and test it as a new construct.
Design/methodology/approach
The authors employ a methodology including multiple phases to develop and test this construct of ISSR. The authors first interview senior managers from various organizations to establish the face validity of the construct; then develop and analyze a pilot survey for internal validity and reliability; and finally, design and deploy a field survey to test and externally validate the construct.
Findings
The authors conceptualize and define the construct of ISSR as a dynamic capability, develop a scale for its measurement and test it in a pilot and field survey. The construct is valid, and the measurement tool works. It demonstrates that resilience is something that is done, rather than had. As a capability, organizations need to track and measure ISSR, which is what this tool provides the ability to do.
Originality/value
This research contributes to the information systems and cybersecurity literature and offers valuable insights for organizations to manage their security effectively.
Keywords
Citation
Goel, L., Russell, D., Williamson, S. and Zhang, J.Z. (2023), "Information systems security resilience as a dynamic capability", Journal of Enterprise Information Management, Vol. 36 No. 4, pp. 906-924. https://doi.org/10.1108/JEIM-07-2022-0228
Publisher
:Emerald Publishing Limited
Copyright © 2023, Emerald Publishing Limited