Title data
Bitzer, Michael ; Stahl, Bastian ; Strobel, Jaqueline:
Empathy for Hackers : An IT Security Risk Assessment Artifact for Targeted Hacker Attacks.
In:
Proceedings of the 29th European Conference on Information Systems (ECIS). -
Marrakech, Morocco
,
2021
Abstract in another language
Driven by the emergence of digital business models, targeted hacker attacks are becoming an increasing
threat to the business world. Especially for SMEs, these attacks are a top concern within IT Security.
Despite growing importance, most companies focus on measures against mass instead of targeted
attacks. To ensure effective IT Security, companies must understand hackers and their motivations. So
far, academia and practice lack an approach that links business and hacker perspective to address this
issue. Consequently, companies struggle to assess and manage the risk of targeted attacks. Based on
design science research, we provide an assessment tool that addresses 11 criteria that help companies
identify their company-specific risk for targeted attacks. Our academic contribution lies in the
amalgamation of the company and hacker perspectives. For practitioners, we offer a starting point to
view IT Security through a managerial lens that does not solely focus on technology and vulnerabilities.