To read this content please select one of the options below:

Information systems security resilience as a dynamic capability

Lakshmi Goel (Department of Management, Coggin College of Business, University of North Florida, Jacksonville, Florida, USA)
Dawn Russell (Department of Marketing and Logistics, Coggin College of Business, University of North Florida, Jacksonville, Florida, USA)
Steven Williamson (Department of Management, Coggin College of Business, University of North Florida, Jacksonville, Florida, USA)
Justin Zuopeng Zhang (Department of Management, Coggin College of Business, University of North Florida, Jacksonville, Florida, USA)

Journal of Enterprise Information Management

ISSN: 1741-0398

Article publication date: 28 February 2023

Issue publication date: 13 June 2023

394

Abstract

Purpose

While the idea of the resilience of information systems security exists, there is a lack of research that conceptualizes, defines and specifies a way to measure it as a dynamic capability. Drawing on relevant cybersecurity and dynamic capabilities literature, this study aims to define Information Systems Security Resilience (ISSR) as a “dynamic capability of a firm to respond to, and recover from, a security attack” and test it as a new construct.

Design/methodology/approach

The authors employ a methodology including multiple phases to develop and test this construct of ISSR. The authors first interview senior managers from various organizations to establish the face validity of the construct; then develop and analyze a pilot survey for internal validity and reliability; and finally, design and deploy a field survey to test and externally validate the construct.

Findings

The authors conceptualize and define the construct of ISSR as a dynamic capability, develop a scale for its measurement and test it in a pilot and field survey. The construct is valid, and the measurement tool works. It demonstrates that resilience is something that is done, rather than had. As a capability, organizations need to track and measure ISSR, which is what this tool provides the ability to do.

Originality/value

This research contributes to the information systems and cybersecurity literature and offers valuable insights for organizations to manage their security effectively.

Keywords

Citation

Goel, L., Russell, D., Williamson, S. and Zhang, J.Z. (2023), "Information systems security resilience as a dynamic capability", Journal of Enterprise Information Management, Vol. 36 No. 4, pp. 906-924. https://doi.org/10.1108/JEIM-07-2022-0228

Publisher

:

Emerald Publishing Limited

Copyright © 2023, Emerald Publishing Limited

Related articles