Establishing Enterprise Security and a Risk Management Program in an Agile Software Development Organization
May 2012 • Presentation
A presentation from the Enterprise Architecture track at SATURN 2012, May 7-11, 2012, St Petersburg, FL.
Software Engineering Institute
In this session, I will discuss the details of a security-management
program that we established in our organization to build security and
risk management aspects into all phases of the product-development life
cycle. As part of this new program, we defined an agile, iterative, and
repeatable security-architecture process that included touchpoints with
security architecture and software-development processes at all levels
of the Agile projects (feature, sprint, release, project, and product
I will talk about the security-architecture assessments introduced to perform a high-level risk assessment of all the new products and services. I will also cover the security-architecture elements such as architecture framework components in the areas of security architecture, design, architecture governance, standards, identity and access management, system and information integrity, and security-information event management.