Rethinking Security Incident Response: The Integration of Agile Principles

TL;DR

This paper proposes integrating disciplined agile principles into security incident response to improve organizational resilience, addressing limitations of traditional linear, plan-driven approaches.

Contribution

It introduces a novel approach combining agile principles with security incident response, filling a research gap in integrating agile practices into cybersecurity.

Findings

Highlights limitations of traditional incident response methods

Proposes a framework for agile security incident response

Suggests improved adaptability and learning in response processes

Abstract

In today's globally networked environment, information security incidents can inflict staggering financial losses on organizations. Industry reports indicate that fundamental problems exist with the application of current linear plan-driven security incident response approaches being applied in many organizations. Researchers argue that traditional approaches value containment and eradication over incident learning. While previous security incident response research focused on best practice development, linear plan-driven approaches and the technical aspects of security incident response, very little research investigates the integration of agile principles and practices into the security incident response process. This paper proposes that the integration of disciplined agile principles and practices into the security incident response process is a practical solution to strengthening an organization's security incident response posture.