Why traditional information security fails in an agile environment

Matching information security and agile

While agile development is going mainstream, information security is having difficulties to keep up. The result of this struggle is that new systems are insecure, or that they are loaded with point solutions for security.

What is so hard about security in agile environments? In this article we examine what makes infosec fail with agile, in future articles we will propose solutions for that and present a model to integrate information security into an agile development process.

Door |2024-02-17T06:32:38+00:00augustus 16, 2018|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor Why traditional information security fails in an agile environment

Being An Agile Security Officer: Spread Your Knowledge

This is my fifth and last part of my blog series about 'Being an Agile Officer'. Before you read on, be sure you have read part onepart twopart three and part four in this series. In this blog post I will go deeper into the details of how user stories are created and what role security stakeholders should play in that.

In the previous parts I showed how Security Officers can align with the Agile process and let security become a standard considered quality attribute again. Unfortunately many teams not only need to be made aware of security requirements, but also need technical advise and guidance in designing and implementing them. As an Agile Security Officer you therefor need not only to act as a Stakeholder, but also as a Domain Expert for Security.

Door |2024-08-26T14:35:04+00:00november 9, 2017|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor Being An Agile Security Officer: Spread Your Knowledge

Agile & Informatiebeveiliging – Deel 1

Agile en DevOps zien we steeds meer worden toegepast binnen organisaties, zelfs als ze geen applicaties of webservices ontwikkelen. Via Agile en DevOps proberen organisaties in kleine stukjes (steeds meer) waarde te leveren aan klanten, terwijl organisaties wel flexibiliteit behouden en open blijven staan voor verandering.

Door |2024-02-17T06:32:36+00:00september 7, 2017|Artikel, Nederlands|Reacties uitgeschakeld voor Agile & Informatiebeveiliging – Deel 1

Being an Agile Security Officer: user stories

This is the fourth part of my 'Being an Agile Security Officer series'. Before you read on, read part onepart two and part three in this series. In this blog post I will go deeper into the details of how user stories are created and what role security stakeholders should play in that.

Door |2024-08-26T14:33:01+00:00juni 15, 2017|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor Being an Agile Security Officer: user stories

Being an Agile Security Officer: pwn the process

This is the third part of my 'Being an Agile Security Officer series'. Before you read on, read part one and part two in this series. As mentioned in my previous blog, in the Agile world the Product Owner is the person who translates business and customer desires into work items for the teams. To do this, product owners have several techniques and means at their disposal. In this blog I will focus on the backlog and the definition of done. As a security officer it's important to understand their purpose and to learn how they can help you achieve your goals.

Door |2024-08-26T14:42:43+00:00juni 1, 2017|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor Being an Agile Security Officer: pwn the process

Being an agile security officer

Whenever I give a presentation, training, or just talk to security teams, it becomes clear that over the years a gap has been created between application security and development. A gap we created consciously and with intent and that became painfully visible with the introduction of Agile and DevOps. Suddenly exhaustive information security policies with checklists and penetration tests became serious impediments. The challenge we are facing now is how to bridge this gap again.

Fortunately this challenge is easier to solve as it appears to be. The key to success is to split the security officer function more Agile minded roles with different responsibilities and duties. In the coming blogs I will dive deeper into the different aspects of these roles and the differences in the responsibilities and duties. But first we need to take a little trip down to memory lane to understand how we ended up in this situation.

Door |2024-02-17T06:32:36+00:00januari 4, 2017|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor Being an agile security officer
Ga naar de bovenkant