Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type


Publication Date


Establishing Enterprise Security and a Risk Management Program in an Agile Software Development Organization

  • May 2012
  • By Srini Penchikala
  • A presentation from the Enterprise Architecture track at SATURN 2012, May 7-11, 2012, St Petersburg, FL.
  • Publisher: Software Engineering Institute
  • Abstract

    In this session, I will discuss the details of a security-management program that we established in our organization to build security and risk management aspects into all phases of the product-development life cycle. As part of this new program, we defined an agile, iterative, and repeatable security-architecture process that included touchpoints with security architecture and software-development processes at all levels of the Agile projects (feature, sprint, release, project, and product levels).

    I will talk about the security-architecture assessments introduced to perform a high-level risk assessment of all the new products and services. I will also cover the security-architecture elements such as architecture framework components in the areas of security architecture, design, architecture governance, standards, identity and access management, system and information integrity, and security-information event management.

  • Download