The establishment of security policies and constant monitoring by stakeholders for the implementation of security policies is what security governance is all about.
In this article at Help Net Security, Altaz Valani explains that to be effective, security governance must maintain alignment between IT’s competencies and business needs. Also, it must define security roles, processes, and controls to the end of delivering programs that are valuable to the business.
Security Governance Gaps
However, to justify the security governance needs, often some unfortunate gaps emerge like the business value to security competency gap and the security policy to the agile execution gap. These gaps are the biggest roadblock faced by CIOs while adopting agile development.
Tips to Bridge the Gap
To fill the security governance gap, the CIOs must start thinking at a higher level. Regardless of the chosen methodology, the CIOs must focus on essential services required by the business. They must identify the competencies required to enable essential services. Some of the essential services need security competencies within the IT business unit. Strategic thinking will enable the CIOs to pick leverage on existing competencies and start delivering immediate value to the business.
As soon as the security competencies have been built, execute them to build an agile pipeline that incorporates security, right from the beginning. A more consistent approach is to use clauses from security standards or frameworks that are auditable. The CIOs must leverage these standards and frameworks by translating clauses into clear functional and non-functional security requirements, based on the type of applications in hand.
The author believes that focusing on agile at the lowest level of project execution leaves a CIO vulnerable with no clear, strategic definition of security competencies required to provide business value. Click on the following link to read the original article: https://www.helpnetsecurity.com/2019/04/02/security-governance-roadblock-to-agile-development/