Advanced search
Publication Cover
European Journal of Information Systems Volume 32, 2023 - Issue 1: Clinical Research from Information Systems Practice
Submit an article Journal homepage
11,143
Views
4
CrossRef citations to date
0
Altmetric
Empirical Research

Adopting and integrating cyber-threat intelligence in a commercial organisation

James Kotsiasa Advantage Cyber, Melbourne, Victoria, AustraliaView further author information
,
Atif Ahmadb School of Computing & Information Systems, Faculty of Engineering and IT, University of Melbourne, Parkville, Victoria, AustraliaCorrespondence[email protected]
ORCID Iconhttps://orcid.org/0000-0002-8862-5755View further author information
ORCID Icon &
Rens Scheepersc Department of Information Systems and Business Analytics, Deakin Business School, Deakin University, 221 Burwood Highway, Burwood, VIC 3125, AustraliaView further author information
Pages 35-51 | Received 14 Sep 2020, Accepted 07 Jun 2022, Published online: 11 Jul 2022

References

  • Ahmad, A., Webb, J., Desouza, K. C., & Boorman, J. (2019). Strategically-motivated advanced persistent threat: Definition, process, tactics and a disinformation model of counterattack. Computers & Security, 86, 402–418. https://doi.org/10.1016/j.cose.2019.07.001
  • Ahmad, A., Maynard, S. B., Desouza, K. C., Kotsias, J., Whitty, M. T., & Baskerville, R. L. (2021). How can organizations develop situation awareness for incident response: A case study of management practice. Computers & Security, 101, 1–15. https://doi.org/10.1016/j.cose.2020.102122
  • Avison, D. E., Lau, F., Myers, M. D., & Nielsen, P. A. (1999). Action research. Communications of the ACM, 42(1), 94–97. https://doi.org/10.1145/291469.291479
  • Bank of England. (2016). Understanding cyber threat intelligence operations. https://www.bankofengland.co.uk/-/media/boe/files/financial-stability/financial-sector-continuity/understanding-cyber-threat-intelligence-operations.pdf
  • Baskerville, R., & Wood-Harper, A. T. (1998). Diversity in information systems action research methods. European Journal of Information Systems, 7(2), 90–107. https://doi.org/10.1057/palgrave.ejis.3000298
  • Baskerville, R. (2005). Information warfare: A comparative framework for business information security. Journal of Information System Security, 1(1), 23–50. https://www.jissec.org/Contents/V1/N1/V1N1-Baskerville.html
  • Baskerville, R., Spagnoletti, P., & Kim, J. (2014). Incident-centered information security: Managing a strategic balance between prevention and response. Information & Management, 51(1), 138–151. https://doi.org/10.1016/j.im.2013.11.004
  • Bostrom, R. P., Gupta, S., & Thomas, D. (2009). A meta-theory for understanding information systems within sociotechnical systems. Journal of Management Information Systems, 26(1), 17–48. https://doi.org/10.2753/MIS0742-1222260102
  • Cooper, R. B., & Zmud, R. W. (1990). Information technology implementation research: A technological diffusion approach. Management Science, 36(2), 123–139. https://doi.org/10.1287/mnsc.36.2.123
  • Crowdstrike. (2021). Threat intelligence: Cybersecurity’s best kept secret. https://go.crowdstrike.com/rs/281-OBQ-266/images/WhitepaperThreatIntelligence.pdf
  • Davenport, T. H., & Prusak, L. (1998). Working knowledge: How organizations manage what they know. Harvard Business Press.
  • Ettinger, J. (2019). Cyber intelligence tradecraft report: The state of cyber intelligence practices in the United States. Retrieved from Carnegie Mellon University: https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=546686
  • FM 2-0. (2010). Field manual 2-0: Intelligence. Headquarters, Department of the Army.
  • Giles, L. (1910). Sun Tzu on the art of war the oldest military treatise in the world translated from the Chinese is that is fixed. Sun Tzu On The Art Of War. Abingdon, Oxon: Routledge.
  • Grover, V., Jeong, S. R., Kettinger, W. J., & Teng, J. T. (1995). The implementation of business process reengineering. Journal of Management Information Systems, 12(1), 109–144. https://doi.org/10.1080/07421222.1995.11518072
  • Holland, R. (2015). Forrester.https://www.forrester.com/report/Vendor+Landscape+SR+Pros+Turn+To+Cyberthreat+Intelligence+Providers+For+Help/-/E-RES113066
  • Hutchins, E. M., Cloppert, M. J., & Amin, R. M. (2011). Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains. Paper presented at the International Conference on Information Warfare and Security, Washington, DC, USA. Lockheed Martin Corporation.
  • Iversen, J. H., Mathiassen, L., & Nielsen, P. A. (2004). Managing risk in software process improvement: An action research approach. MIS Quarterly, 28(3), 395–433. https://doi.org/10.2307/25148645
  • Lawson, C., Contu, R., & Benson, R. (2019). Market guide for security threat intelligence products and services. Gartner. https://www.gartner.com/en/documents/3902168
  • Lemay, A., Calvet, J., Menet, F., & Fernandez, J. M. (2018). Survey of publicly available reports on advanced persistent threat actors. Computers & Security, 72, 26–59. https://doi.org/10.1016/j.cose.2017.08.005
  • McKay, J., & Marshall, P. (2001). The dual imperatives of action research. Information Technology & People.
  • Microsoft Corporation. (2020). Microsoft digital defense report. https://www.microsoft.com/en-us/download/details.aspx?id=101738
  • Mumford, E. (2006). The story of socio‐technical design: Reflections on its successes, failures and potential. Information Systems Journal, 16(4), 317–342. https://doi.org/10.1111/j.1365-2575.2006.00221.x
  • Rogers, E. M. (1995). Diffusion of innovations (4th ed.). Free Press.
  • Samtani, S., Abate, M., Benjamin, V., & Li, W. (2020). Cybersecurity as an Industry: A Cyber Threat Intelligence Perspective. In: Holt T., Bossler A. (Eds.),The Palgrave Handbook of International Cybercrime and Cyberdeviance. Palgrave Macmillan, Cham.135–154. https://doi.org/10.1007/978-3-319-78440-3_8
  • Scheepers, R. (2006). A conceptual framework for the implementation of enterprise information portals in large organizations. European Journal of Information Systems, 15(6), 635–647. https://doi.org/10.1057/palgrave.ejis.3000646
  • Schein, E. (1987). The clinical perspective in fieldwork. Sage.
  • Schlette, D., Böhm, F., Caselli, M., & Pernul, G. (2021). Measuring and visualizing cyber threat intelligence quality. International Journal of Information Security, 20, 21–38. https://doi.org/10.1007/s10207-020-00490-y
  • Schön, D. A. (1983). The reflective practitioner: How professionals think in action. Basic Books.
  • Shin, B., & Lowry, P. B. (2020). A review and theoretical explanation of the ‘cyberthreat-intelligence (cti) capability’that needs to be fostered in information security practitioners and how this can be accomplished. Computers & Security, 92, 101761. https://doi.org/10.1016/j.cose.2020.101761
  • Tornatzky, L. G., & Klein, K. J. (1982). Innovation characteristics and innovation adoption–implementation: A meta-analysis of findings. IEEE Transactions on Engineering Management, 29(1), 28–45. https://doi.org/10.1109/TEM.1982.6447463
  • Verizon Corporation. (2018). Data breach investigations report. https://www.verizonenterprise.com/verizon-insights-lab/dbir/
  • Webb, J., Ahmad, A., Maynard, S. B., & Shanks, G. (2014). A situation awareness model for information security risk management. Computers & Security, 44(July 2014), 1–15. https://doi.org/10.1016/j.cose.2014.04.005
  • Weill, P., & Broadbent, M. (1998). Leveraging the new infrastructure: How market leaders capitalize on information technology. Harvard Business Press.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.