Research Repository

Agile incident response (AIR): Improving the incident response process in healthcare

He, Ying and Zamani, Efpraxia and Lloyd, Stefan and Luo, Cunjin (2022) 'Agile incident response (AIR): Improving the incident response process in healthcare.' International Journal of Information Management, 62. p. 102435. ISSN 0268-4012

[img] Text
IJIM Manuscript_R4 (1).pdf - Accepted Version
Restricted to Repository staff only until 19 April 2023.
Available under License Creative Commons Attribution Non-commercial No Derivatives.

Download (1MB) | Request a copy


Recent industrial reports show an increased number of cybersecurity incidents, which inflict significant financial losses. Although organisations have been increasing their investments towards information security, incidents continue to occur. Most organisations adopt traditional linear incident response (IR) frameworks to prevent, detect, contain, eradicate and learn lessons from information security incidents. However, due to their rigidness, such linear frameworks are often ineffective. In this study, inspired by the Agile Manifesto, we propose the Agile IR Framework to refine, adjust, and improve the current linear IR process. We use the IR framework of UK's National Health Service (NHS) as an illustrative case, critically analysing the current linear IR framework and demonstrating how it can be transformed into a hybrid IR framework. Using an illustrative case study from the healthcare domain, this study contributes to the incident response literature by showcasing how the integration of Agile principles in archetypical linear IR processes can improve incident response.

Item Type: Article
Uncontrolled Keywords: Security Incident; Incident Response; Agile methodologies; Healthcare; Information Security
Divisions: Faculty of Science and Health
Faculty of Science and Health > Computer Science and Electronic Engineering, School of
SWORD Depositor: Elements
Depositing User: Elements
Date Deposited: 11 Nov 2021 13:42
Last Modified: 15 Jan 2022 01:38

Actions (login required)

View Item View Item