الملخص الإنجليزي
Cybersecurity and organizational learning are two key issues that modern organizations can no
longer ignore. Cybersecurity involves protecting computer systems and networks from
unauthorized access, use, disclosure, disruption, modification, or destruction. Organizational
learning, on the other hand, refers to the process by which organizations acquire knowledge,
skills, and capabilities that enable them to improve their performance and adapt to changes in
their environment.
In this research project, we have examined the incident response practices of an Omani
financial organization. In doing so, we have identified significant and systemic shortcomings
in the approach adopted by the financial organization. Incident Response Teams (IRTs) are
typically responsible for addressing information security failures and attacks, and their
experience can provide valuable lessons for organizations looking to improve their security
management processes. This research project thus aims to understand how financial institutions
in Oman learn from their experiences of cybersecurity incidents and their responses to such
incidents using the 4I framework of organizational learning. A qualitative research method has
been used to conduct an in-depth case study of a well-known Omani financial sector
organization's experience with resolving cyberattacks. By comparing the learning processes of
the participating Omani financial organization with those reported in a previous study of an
Australian financial institution, new insights have been gained.
The findings of this project provide a cybersecurity learning model for the context of an Oman
based financial institution; a number of lessons learned are highlighted. The implications of
organizational learning from cybersecurity incident responses for this particularly financial
sector are offered. The study provides a valuable contribution to improve understanding about
how financial organizations can enhance their cybersecurity management practices by learning
from their experiences dealing with cybersecurity incidents through (Intuiting, Attending,
Interpreting, Experimenting, Integrating, and Institutionalizing) processes. Future researchers
are recommended to undertake empirical research covering the entire finance sector of Oman.
