Information Technology Consulting Firms’ Readiness for Managing Information Security Incidents


No matching items found.

Research Areas

No matching items found.

Publication Details

Author list: Große, Christine

Publisher: Springer Publishing Company

Publication year: 2020

Book title (if part of a book): Information Systems Security and Privacy

Start page: 48

End page: 73

Number of pages: 26

ISBN: 978-3-030-49442-1;978-3-030-49443-8




Because of the increase in the number and scope of information security incidents, proper management has recently gained importance for public and private organizations. Further challenges in this area have resulted from new regulations, such as the General Data Protection Regulation (GDPR) and the Directive on Security of Network and Information Systems (NIS), as well as a tendency to outsource vital services to subcontractors. This study addresses the lack of empirical studies in the field and focuses on information security incident management at information technology (IT) consulting firms.Specifically, it examines challenges due to their exposed position and newregulations. The contribution of the paper is twofold. First, it provides valuable insight into the experiences and challenges of Swedish IT consulting firms.Second, it proposes criteria for classifying an information security incident that can equip decision-makers with a solid and assessable basis for incident management. The results emphasize further improvements in employee awareness, incident classification, and systemic governance, thereby integrating corporate policy making, information security incident management, and information system leadership.


No matching items found.


No matching items found.


No matching items found.