Rethinking Security Incident Response: The Integration of Agile Principles
This addresses security incident response challenges for organizations, but appears incremental as it applies existing agile principles to a new domain.
The paper tackles the problem of ineffective linear plan-driven security incident response approaches in organizations, proposing that integrating disciplined agile principles and practices can strengthen security incident response posture.
In today's globally networked environment, information security incidents can inflict staggering financial losses on organizations. Industry reports indicate that fundamental problems exist with the application of current linear plan-driven security incident response approaches being applied in many organizations. Researchers argue that traditional approaches value containment and eradication over incident learning. While previous security incident response research focused on best practice development, linear plan-driven approaches and the technical aspects of security incident response, very little research investigates the integration of agile principles and practices into the security incident response process. This paper proposes that the integration of disciplined agile principles and practices into the security incident response process is a practical solution to strengthening an organization's security incident response posture.