He, Y., Zamani, E.D. orcid.org/0000-0003-3110-7495, Lloyd, S. et al. (1 more author) (2022) Agile incident response (AIR) : improving the incident response process in healthcare. International Journal of Information Management, 62. 102435. ISSN 0268-4012
Abstract
Recent industrial reports show an increased number of cybersecurity incidents, which inflict significant financial losses. Although organisations have been increasing their investments towards information security, incidents continue to occur. Most organisations adopt traditional linear incident response (IR) frameworks to prevent, detect, contain, eradicate and learn lessons from information security incidents. However, due to their rigidness, such linear frameworks are often ineffective. In this study, inspired by the Agile Manifesto, we propose the Agile IR Framework to refine, adjust, and improve the current linear IR process. We use the IR framework of UK's National Health Service (NHS) as an illustrative case, critically analysing the current linear IR framework and demonstrating how it can be transformed into a hybrid IR framework. Using an illustrative case study from the healthcare domain, this study contributes to the incident response literature by showcasing how the integration of Agile principles in archetypical linear IR processes can improve incident response.
Metadata
Item Type: | Article |
---|---|
Authors/Creators: |
|
Copyright, Publisher and Additional Information: | © 2021 Elsevier Ltd. This is an author produced version of a paper subsequently published in International Journal of Information Management. Uploaded in accordance with the publisher's self-archiving policy. Article available under the terms of the CC-BY-NC-ND licence (https://creativecommons.org/licenses/by-nc-nd/4.0/). |
Keywords: | Security Incident; Incident Response; Agile methodologies; Healthcare; Information Security |
Dates: |
|
Institution: | The University of Sheffield |
Academic Units: | The University of Sheffield > Faculty of Social Sciences (Sheffield) > Information School (Sheffield) |
Depositing User: | Symplectic Sheffield |
Date Deposited: | 10 Nov 2021 11:10 |
Last Modified: | 19 Apr 2023 00:13 |
Status: | Published |
Publisher: | Elsevier BV |
Refereed: | Yes |
Identification Number: | 10.1016/j.ijinfomgt.2021.102435 |
Open Archives Initiative ID (OAI ID): | oai:eprints.whiterose.ac.uk:180256 |