Affiliation:
1. University of Turku, Finland
2. Tampere University of Technology, Finland
Abstract
This chapter describes a case of a large ICT service provider building a secure identity management system for a government customer. Security concerns are a guiding factor in the design of software-intensive products and services. They also affect the processes of their development. In regulated environments, development of products requires special security for the development processes, product release, maintenance and hosting, and also require security-oriented management and governance. Integrating the security engineering processes into an agile development model is argued to have the effect of mitigating the agile methods' intended benefits. The project case was an effort of multi-team, multi-site, security engineering, and development work, executed using the Scrum framework and regulated by governmental security standards and guidelines. In this case research, the experiences in combining security engineering with agile development are reported, challenges discussed, and certain security enhancements to Scrum are proposed.
Reference32 articles.
1. Agile development with security engineering activities.;D.Baca;Proceedings of the 2011 International Conference on Software and Systems Process, ICSSP ’11,2011
2. Beznosov, K., & Kruchten, P. (2004). Towards agile security assurance. NSPW '04 Proceedings of the 2004 workshop on New security paradigms, 47-54.
3. Extending XP practices to support security requirements engineering
4. Agile Security Using an Incremental Security Architecture
Cited by
2 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. A survey on security and human-related challenges in agile software deployment;2021 International Conference on Computational Science and Computational Intelligence (CSCI);2021-12
2. Identification and integration of security activities for secure agile development;International Journal of Information Technology;2020-03-05