In this session, I will discuss the details of a security-management
program that we established in our organization to build security and
risk management aspects into all phases of the product-development life
cycle. As part of this new program, we defined an agile, iterative, and
repeatable security-architecture process that included touchpoints with
security architecture and software-development processes at all levels
of the Agile projects (feature, sprint, release, project, and product
I will talk about the security-architecture assessments introduced to perform a high-level risk assessment of all the new products and services. I will also cover the security-architecture elements such as architecture framework components in the areas of security architecture, design, architecture governance, standards, identity and access management, system and information integrity, and security-information event management.