Cybersecurity management
Cybersecurity management is an organisation’s strategic-level capability to protect information resources and competitive advantage in a complex and evolving threat landscape. Today’s highly dynamic and fast-paced business environment shapes the way in which enterprises use their assets such as digital processes, information and IT systems to gain a competitive advantage. These assets are increasingly exposed to security threats, both external and internal, such as theft, fraud, sabotage, embezzlement, and industrial espionage. Cybersecurity management mitigates the risk exposure of organisations using a range of managerial, legal, technological, process and social controls.
This interdisciplinary group of researchers focus on:
Incident response and crisis management
How organisations can adapt their defensive posture to the changing threat landscape by developing situation awareness and by learning from past experiences.
Key research projects
- Organisational Learning from Incident Response
- Security Analytics for Situation Awareness
- Tomorrow’s Cyber Security Function
Secure information and knowledge management
How to protect information and knowledge assets in the organisational habitat such as intellectual property and trade secrets.
Key research projects
- Leakage of Intellectual Property and Trade Secrets in Organisations
- Sensitivity Classification of Information and Knowledge
- Information Leakage through Social Media and BYOD
- Information and Knowledge Asset Identification for Security
Security strategy and risk
Exploring new paradigms of risk and strategy, as well as the role and influence of decision-makers, in order to address the escalating challenge posed by sophisticated threats such as Advanced Persistent Threat (APT).
Key research projects
- Prevention and Response paradigms in Information Security
- Security Analytics for Risk Management
- Contingency-based Strategy Models in Information Security
- Security Governance Models
- Influence of Risk Perception of the Senior Executive on Strategy-as-Practice
Security policy, training, and behaviour
Looks broadly at the quality and effectiveness of formal and informal security controls in organisations. We investigate means of setting up standards of accountability and responsibility for security in organisations.
Key research projects
- Cyber Security training for the Senior Executive
- Security Management Practices in Organisations
- Quality Assessment of Strategic Information Security Policy
- Security Management Behaviours
