Abstract
In today's globally networked environment, information security incidents can inflict staggering financial losses on organizations. Industry reports indicate that fundamental problems exist with the application of current linear plan-driven security incident response approaches being applied in many organizations. Researchers argue that traditional approaches value containment and eradication over incident learning. While previous security incident response research focused on best practice development, linear plandriven approaches and the technical aspects of security incident response, very little research investigates the integration of agile principles and practices into the security incident response process. This paper proposes that the integration of disciplined agile principles and practices into the security incident response process is a practical solution to strengthening an organization's security incident response posture.
| Original language | English (US) |
|---|---|
| State | Published - 2014 |
| Externally published | Yes |
| Event | 20th Americas Conference on Information Systems, AMCIS 2014 - Savannah, GA, United States Duration: Aug 7 2014 → Aug 9 2014 |
Conference
| Conference | 20th Americas Conference on Information Systems, AMCIS 2014 |
|---|---|
| Country/Territory | United States |
| City | Savannah, GA |
| Period | 8/7/14 → 8/9/14 |
Keywords
- Agile incident response
- Agile manifesto
- Agile principles
- Incident response
- Information security
ASJC Scopus subject areas
- Computer Networks and Communications
- Computer Science Applications
- Information Systems
- Library and Information Sciences