Security governance is one of the biggest roadblocks to agile development. It is the formation of security policies and constant monitoring by stakeholders of its implementation in the organization.
In this article at Help Net Security, Altaz Valani explains that there are two essential accomplishments of security governance. The first is alignment in business needs and IT competencies. While the other is clearly for security roles, processes, and controls that are valuable to the business.
However, to achieve these objectives, gaps of business value to security competency gap, and security policy to agile execution gap need to be fixed. Here is how:
Closing the Security Gap
Agile adoption is feasible at ground level or nascent stage of project development. At this level, the emphasis is clearly on performing activities to attain project goals and stakeholder’s confidence. The CIOs or project leads gather enough advice from multiple resources, but the integration of security in the agile development remains amiss.
Thus, the biggest challenge for the CIOs is to close the security gap. They need to consider the security competencies required within the IT business unit. A strategic mindset will help the CIOs to identify the necessary tools to create a strong security network.
A Solution to Fix the Gap
As you plan the security competencies, seamless execution is a must. Build these competencies on an agile framework to incorporate IT security right from the start. A practical approach is to use articles from the security frameworks. These standards typically clarify project or program-level actions.
The CIOs can leverage these norms by translating the clauses into functional or non-functional security needs. It will help them create a repository for each application they are using.
Driving related tasks into the agile pipeline with a perceptible security needs will help them establish a clear understanding of security deployment. Similarly, they can keep track of security threats through a visible threat model. Click on the following link to read the original article: https://www.helpnetsecurity.com/2019/04/02/security-governance-roadblock-to-agile-development/