AI-Driven Cyber Threat Intelligence as a Management Information System: Integrating Cybersecurity Governance and IT Project Management for Organizational Resilience
Article Sidebar
Main Article Content
Abstract
As organizations quickly become increasingly digital, they are experiencing escalating, complex cyber threats. These challenges make cybersecurity an important area for managers and governance, and not just a technical problem. Even if you are a heavy investor in security tech, it still happens to many companies to suffer from cyber. The reasons are broken information flows, a lack of clear visibility among managers, and misalignment between the security operations and the overall decision-making. This research rethinks Artificial Intelligence (AI) based Cyber Threat Intelligence (CTI) as a Management Information System (MIS). It combines the approach of cybersecurity governance and IT project management to increase the resilience of organizations. Using MIS theory, cybersecurity governance models, and studies of IT project management, the paper derives one cohesive model for translating raw threat data into useful managerial insight. Through a design science methodology, the research chooses a lot of scholarly sources and demonstrates a layered AI-enabled CTI-MIS architecture. This is good architecture for strategic oversight, risk-based governance, and flexible project execution. The paper extends the theory of MIS to Artificial Intelligence (AI) driven cybersecurity intelligence and provides practical knowledge for companies seeking to achieve resilient digital transformation in a time of evolving cyber threats.
Article Details
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
References
A. Bharadwaj, O. A. El Sawy, P. A. Pavlou, and N. Venkatraman, “Digital business strategy,” MIS Q., vol. 37, no. 2, pp. 471–482, 2013, [Online]. Available: https://doi.org/10.25300/MISQ/2013/37.2.09
H. Chen, R. H. L. Chiang, and V. C. Storey, “Business intelligence and analytics,” MIS Q., vol. 36, no. 4, pp. 1165–1188, 2012, [Online]. Available: https://doi.org/10.2307/41703503
A. Behl and K. Behl, “Cyberwar: The next threat to national security,” Int. J. Bus. Contin. Risk Manag., vol. 7, no. 1, pp. 31–45, 2017, [Online]. Available: https://doi.org/10.1504/IJBCRM.2017.082972
R. Von Solms and B. Von Solms, “From policies to culture,” Comput. Secur., vol. 23, no. 4, pp. 275–279, 2004, [Online]. Available: https://doi.org/10.1016/S0167-4048(04)00071-1
F. Farahmand, S. B. Navathe, G. P. Sharp, and P. H. Enslow, “Managing vulnerability of information systems,” Inf. Syst. Res., vol. 14, no. 3, pp. 247–267, 2003, [Online]. Available: https://doi.org/10.1287/isre.14.3.247.16560
S. Jajodia, P. Liu, V. Swarup, and C. Wang, “Cyber situational awareness,” Springer, 2011.
E. Karanja and M. A. Rosso, “Stakeholder involvement in information systems security,” Inf. Syst. J., vol. 27, no. 5, pp. 243–255, 2017, [Online]. Available: https://doi.org/10.1111/isj.12132
I. Benbasat and R. W. Zmud, “The identity crisis within the IS discipline,” MIS Q., vol. 27, no. 2, pp. 183–194, 2003, [Online]. Available: https://doi.org/10.2307/30036520
D. W. Straub and R. J. Welke, “Coping with systems risk,” MIS Q., vol. 22, no. 4, pp. 441–469, 1998, [Online]. Available: https://doi.org/10.2307/249551
ISO/IEC, “ISO/IEC 27001: Information security management systems,” 2018.
P. Weill and J. W. Ross, “IT governance,” Harvard Bus. Sch. Press, 2004.
M. Alshaikh, “Cybersecurity governance: A component of corporate governance,” Comput. Secur., vol. 93, p. 101773, 2020, [Online]. Available: https://doi.org/10.1016/j.cose.2020.101773
PMI, PMBOK® Guide, 7th ed. Project Management Institute, 2021.
A. Dutta and K. McCrohan, “Management’s role in information security,” Calif. Manage. Rev., vol. 45, no. 1, pp. 67–87, 2002, [Online]. Available: https://doi.org/10.2307/41166164
S. Sarker, S. Chatterjee, X. Xiao, and A. Elbanna, “The sociotechnical axis of IS development,” MIS Q., vol. 46, no. 5, pp. 695–720, 2019, [Online]. Available: https://doi.org/10.25300/MISQ/2019/13780
G. Killcrece, K.-P. Kossakowski, R. Ruefle, and M. Zajicek, “State of the practice of CSIRTs,” SEI, 2003.
P. Wang, “On defining artificial intelligence,” J. Artif. Intell. Res., vol. 63, pp. 1–37, 2021, [Online]. Available: https://doi.org/10.1613/jair.1.12295
A. L. Buczak and E. Guven, “A survey of data mining and machine learning methods for cybersecurity intrusion detection,” IEEE Commun. Surv. Tutorials, vol. 18, no. 2, pp. 1153–1176, 2016, [Online]. Available: https://doi.org/10.1109/COMST.2015.2494502
Z. Tufekci, “Algorithmic harms beyond Facebook and Google,” Color. Technol. Law J., vol. 13, pp. 203–218, 2015, [Online]. Available: https://doi.org/10.2139/ssrn.2464111
I. Nonaka, “A dynamic theory of organizational knowledge creation,” Organ. Sci., vol. 5, no. 1, pp. 14–37, 1994, [Online]. Available: https://doi.org/10.1287/orsc.5.1.14
M. Siponen and R. Willison, “Information security management standards,” Inf. Manag., vol. 43, no. 5, pp. 267–270, 2009, [Online]. Available: https://doi.org/10.1016/j.im.2008.12.007
R. K. Yin, “Case study research and applications,” Sage, 2018.
A. R. Hevner, S. T. March, J. Park, and S. Ram, “Design science in information systems research,” MIS Q., vol. 28, no. 1, pp. 75–105, 2004, [Online]. Available: https://doi.org/10.2307/25148625
R. J. Wieringa, “Design science methodology for information systems,” Springer, 2014.
S. Gregor and A. R. Hevner, “Positioning and presenting design science research,” MIS Q., vol. 37, no. 2, pp. 337–355, 2013, [Online]. Available: https://doi.org/10.25300/MISQ/2013/37.2.01
K. Peffers, T. Tuunanen, M. A. Rothenberger, and S. Chatterjee, “A design science research methodology for information systems research,” J. Manag. Inf. Syst., vol. 24, no. 3, pp. 45–77, 2007.
R. Sharda, D. Delen, and E. Turban, “Analytics, data science, & artificial intelligence,” Pearson, 2020.
A. L. Buczak and E. Guven, “A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection,” IEEE Commun. Surv. Tutorials, vol. 18, no. 2, pp. 1153–1176, 2016, doi: 10.1109/COMST.2015.2494502.
R. S. Kaplan and D. P. Norton, “The balanced scorecard,” Harvard Bus. Sch. Press, 1996.
C. A. Lengnick-Hall, T. E. Beck, and M. L. Lengnick-Hall, “Developing a capacity for organizational resilience,” Hum. Resour. Manag. Rev., vol. 21, no. 3, pp. 243–255, 2011, [Online]. Available: https://doi.org/10.1016/j.hrmr.2010.07.001
E. Hollnagel, D. D. Woods, and N. Leveson, “Resilience engineering,” Ashgate, 2006.
E. H. Schein, “Organizational culture and leadership,” Jossey-Bass, 2010.