IT Best PracticesIT Governance

Security Governance: CIOs’ fear in Adopting Agile Development

The establishment of security policies and constant monitoring by stakeholders for the implementation of security policies is what security governance is all about.

In this article at Help Net Security, Altaz Valani explains that to be effective, security governance must maintain alignment between IT’s competencies and business needs. Also, it must define security roles, processes, and controls to the end of delivering programs that are valuable to the business.

Security Governance Gaps

However, to justify the security governance needs, often some unfortunate gaps emerge like the business value to security competency gap and the security policy to the agile execution gap. These gaps are the biggest roadblock faced by CIOs while adopting agile development.

Tips to Bridge the Gap

To fill the security governance gap, the CIOs must start thinking at a higher level. Regardless of the chosen methodology, the CIOs must focus on essential services required by the business. They must identify the competencies required to enable essential services. Some of the essential services need security competencies within the IT business unit. Strategic thinking will enable the CIOs to pick leverage on existing competencies and start delivering immediate value to the business.

As soon as the security competencies have been built, execute them to build an agile pipeline that incorporates security, right from the beginning. A more consistent approach is to use clauses from security standards or frameworks that are auditable. The CIOs must leverage these standards and frameworks by translating clauses into clear functional and non-functional security requirements, based on the type of applications in hand.

The author believes that focusing on agile at the lowest level of project execution leaves a CIO vulnerable with no clear, strategic definition of security competencies required to provide business value. Click on the following link to read the original article:

Show More
Back to top button

We use cookies on our website

We use cookies to give you the best user experience. Please confirm, if you accept our tracking cookies. You can also decline the tracking, so you can continue to visit our website without any data sent to third party services.