Challenges in Agile Security Engineering: A Case Study
Research output: Chapter in Book/Report/Conference proceeding › Chapter › Scientific › peer-review
|Title of host publication||Exploring Security in Software Architecture and Design|
|Number of pages||26|
|Publication status||Published - Jan 2019|
|Publication type||A3 Part of a book or another research book|
This chapter describes a case of a large ICT service provider building a secure identity management system for a government customer. Security concerns are a guiding factor in the design of software-intensive products and services. They also affect the processes of their development. In regulated environments, development of products requires special security for the development processes, product release, maintenance and hosting, and also require security-oriented management and governance. Integrating the security engineering processes into an agile development model is argued to have the effect of mitigating the agile methods' intended benefits. The project case was an effort of multi-team, multi-site, security engineering, and development work, executed using the Scrum framework and regulated by governmental security standards and guidelines. In this case research, the experiences in combining security engineering with agile development are reported, challenges discussed, and certain security enhancements to Scrum are proposed.