The Advanced Persistent Threat (APT) presents an ever present and more growing threat to organizations across the globe. Traditional Information Technology (IT) incident response falls short in effectively addressing this threat. This researcher investigated the use of single-loop and double-loop learning in two organizations with internal incident response processes designed to combat the APT. Two cases were examined within organizations employing an internal incident response team. The third case was examined from an organization providing incident response as a service in addressing APT compromises. The study developed four themes: the inefficacy of single-loop learning in addressing APT, the need for better visibility within corporate infrastructure, the need for continuous improvement and bi-directional knowledge flow, and the need for effective knowledge management. Based on these themes, a conceptual model was developed modifying the traditional incident response process. Three implications were derived from the research. First, perimeter defense falls short when addressing the APT. Second, the preparation phase of incident response requires modification along with the addition of a new baseline loop phase running contiguously with the entire process. Finally, opportunistic learning needs to be encouraged in addressing the APT.
|Commitee:||Scott, Jennifer, Singh, Raj K.|
|Department:||School of Business and Technology|
|School Location:||United States -- Minnesota|
|Source:||DAI-B 75/04(E), Dissertation Abstracts International|
|Subjects:||Information Technology, Information science|
|Keywords:||Advanced Persistent Threat, Double-loop learning, Incident response, Organizational learning, Single-loop learning|
Copyright in each Dissertation and Thesis is retained by the author. All Rights Reserved
The supplemental file or files you are about to download were provided to ProQuest by the author as part of a
dissertation or thesis. The supplemental files are provided "AS IS" without warranty. ProQuest is not responsible for the
content, format or impact on the supplemental file(s) on our system. in some cases, the file type may be unknown or
may be a .exe file. We recommend caution as you open such files.
Copyright of the original materials contained in the supplemental file is retained by the author and your access to the
supplemental files is subject to the ProQuest Terms and Conditions of use.
Depending on the size of the file(s) you are downloading, the system may take some time to download them. Please be