Further Strategy Analysis of Cybersecurity Incidents

Investor logo


This publication doesn't include Institute of Computer Science. It includes Faculty of Law. Official publication website can be found on muni.cz.



Year of publication 2021
Type Article in Periodical
Magazine / Source Land Forces Academy Review
MU Faculty or unit

Faculty of Law

Web https://www.sciendo.com/article/10.2478/raft-2021-0032
Doi http://dx.doi.org/10.2478/raft-2021-0032
Keywords cybersecurity; incidents
Description In current socio-economic processes, info-communication services play a determining role, modifying the activities of certain actors. The growing dependence that has developed over the past two decades has imposed the need to give political will to security, which has led to an iterative evolution of the regulatory environment. Therefore, the regulatory framework requires certain entities to develop safeguards including controls that enhance both prevention and response in a manner commensurate with the business value of the information to be protected. However, due to the nature of cybersecurity, developing such countermeasures is not the task of a standalone organization but all entities in cyberspace in a wide range, from individuals to the public sector. Therefore, each entity involved must design protection capabilities in a manner commensurate with the risk, which requires strategic tools and methods and drives organizations to learn from their security incidents. Following our previous paper “Business strategy analysis of cybersecurity incidents” (Bederna et al.) on the topic, this paper reviews the essential formal security strategy formulation tools applied in the cases of Yahoo! and Estonia. Both are based on publicly available information. The analysis confirms the importance of managements’ or the government’s attitude and support for solving cybersecurity challenges.
Related projects:

You are running an old browser version. We recommend updating your browser to its latest version.

More info