He, Ying and Zamani, Efpraxia and Lloyd, Stefan and Luo, Cunjin (2022) Agile incident response (AIR): Improving the incident response process in healthcare. International Journal of Information Management, 62. p. 102435. DOI https://doi.org/10.1016/j.ijinfomgt.2021.102435
He, Ying and Zamani, Efpraxia and Lloyd, Stefan and Luo, Cunjin (2022) Agile incident response (AIR): Improving the incident response process in healthcare. International Journal of Information Management, 62. p. 102435. DOI https://doi.org/10.1016/j.ijinfomgt.2021.102435
He, Ying and Zamani, Efpraxia and Lloyd, Stefan and Luo, Cunjin (2022) Agile incident response (AIR): Improving the incident response process in healthcare. International Journal of Information Management, 62. p. 102435. DOI https://doi.org/10.1016/j.ijinfomgt.2021.102435
Abstract
Recent industrial reports show an increased number of cybersecurity incidents, which inflict significant financial losses. Although organisations have been increasing their investments towards information security, incidents continue to occur. Most organisations adopt traditional linear incident response (IR) frameworks to prevent, detect, contain, eradicate and learn lessons from information security incidents. However, due to their rigidness, such linear frameworks are often ineffective. In this study, inspired by the Agile Manifesto, we propose the Agile IR Framework to refine, adjust, and improve the current linear IR process. We use the IR framework of UK's National Health Service (NHS) as an illustrative case, critically analysing the current linear IR framework and demonstrating how it can be transformed into a hybrid IR framework. Using an illustrative case study from the healthcare domain, this study contributes to the incident response literature by showcasing how the integration of Agile principles in archetypical linear IR processes can improve incident response.
Item Type: | Article |
---|---|
Uncontrolled Keywords: | Security Incident; Incident Response; Agile methodologies; Healthcare; Information Security |
Divisions: | Faculty of Science and Health Faculty of Science and Health > Computer Science and Electronic Engineering, School of |
SWORD Depositor: | Unnamed user with email elements@essex.ac.uk |
Depositing User: | Unnamed user with email elements@essex.ac.uk |
Date Deposited: | 11 Nov 2021 13:42 |
Last Modified: | 16 May 2024 20:57 |
URI: | http://repository.essex.ac.uk/id/eprint/31356 |
Available files
Filename: IJIM Manuscript_R4 (1).pdf
Licence: Creative Commons: Attribution-Noncommercial-No Derivative Works 3.0