search menu icon-carat-right cmu-wordmark

Establishing Enterprise Security and a Risk Management Program in an Agile Software Development Organization

May 2012 Presentation
Srini Penchikala

A presentation from the Enterprise Architecture track at SATURN 2012, May 7-11, 2012, St Petersburg, FL.


Software Engineering Institute


In this session, I will discuss the details of a security-management program that we established in our organization to build security and risk management aspects into all phases of the product-development life cycle. As part of this new program, we defined an agile, iterative, and repeatable security-architecture process that included touchpoints with security architecture and software-development processes at all levels of the Agile projects (feature, sprint, release, project, and product levels).

I will talk about the security-architecture assessments introduced to perform a high-level risk assessment of all the new products and services. I will also cover the security-architecture elements such as architecture framework components in the areas of security architecture, design, architecture governance, standards, identity and access management, system and information integrity, and security-information event management.