Examining the suitability of industrial safety management approaches for information security incident management

摘要

Purpose - This paper aims to discuss whether recent theoretical and practical approaches within industrial safety management might be applicable to, and solve challenges experienced in, the field of information security, specifically related to incident management. Design/methodology/approach - A literature review was carried out. Findings - Principles, research and experiences on the issues of plans, training and learning in the context of industrial safety management would be suitable for adoption into the field of information security incident management and aid in addressing current challenges. Research limitations/implications - There are a number of reasons why approaches from industrial safety management have something to offer to information security incident management: the former field is more mature and has longer traditions, there is more organizational research on industrial safety issues than on information security issues so far, individual awareness is higher for industrial safety risks and worker participation in systematic industrial safety work is ensured by law. More organizational research on information security issues and continuous strengthening of individual security awareness would push information security to further maturity levels where current challenges are solved. Practical implications - This paper shows that the field of information security incident management would gain from closer collaborations with industrial safety management, both in research and in practical loss prevention in organizations. The ideas discussed in this paper form a basis for further research on practical implementations and case studies. Originality/value - The main audience of this paper includes information security researchers and practitioners, as they will find inspirational theories and experiences to bring into their daily work and future projects.