Agile incident response (AIR): Improving the incident response process in healthcare

Abstract

Recent industrial reports show an increased number of cybersecurity incidents, which inflict significant financial losses. Although organisations have been increasing their investments towards information security, incidents continue to occur. Most organisations adopt traditional linear incident response (IR) frameworks to prevent, detect, contain, eradicate and learn lessons from information security incidents. However, due to their rigidness, such linear frameworks are often ineffective. In this study, inspired by the Agile Manifesto, we propose the Agile IR Framework to refine, adjust, and improve the current linear IR process. We use the IR framework of UK's National Health Service (NHS) as an illustrative case, critically analysing the current linear IR framework and demonstrating how it can be transformed into a hybrid IR framework. Using an illustrative case study from the healthcare domain, this study contributes to the incident response literature by showcasing how the integration of Agile principles in archetypical linear IR processes can improve incident response.