cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Krisboike
Newcomer II

Security integration into Agile, Scrum,

Has anyone had any success integrating Security controls approval into Agile, Kanbon, Scrum, etc.  Pic your flavor of accelerated, sprint-based application development?  Especially when cloud-based architectures require new/major redefinition?  If so, any advise on how to do it knowing the culture would prefer to eliminate security controls in the first place? 

12 Replies
danyo
Newcomer II

I started in my shop under waterfall however we have since changed to agile. In both scenarios, our information protection and change management teams were the key security enforcers across the corp. It is difficult for me to say Agile methodology integrates security by nature because it really is up to the development and business teams making it a priority in the form of Epic/Features/User Stories. Fortunately for us, our Information Protection team has started enforcing business and IT stakeholder sign-off on significant risks. We still use the same security assessment processes regardless of methodology. This has helped the development and business teams stay engaged with security in mind as it applies to everyone not only developers/IT.

Badfilemagic
Contributor II

I bought that O'Reilly book last week and read most of it. It definitely helped me think about things within the context of agile, that's for sure.
-- wdf//CISSP, CSSLP
Kempy
Newcomer III

You could scrape job boards for types of roles such as developer or devops and build a word cloud to show no one gives a hoot for secure anything, and if enterprises are not demanding it, then they surely are not building it securely.