Tampere University of Technology

TUTCRIS Research Portal

Challenges in Agile Security Engineering: A Case Study

Research output: Chapter in Book/Report/Conference proceedingChapterScientificpeer-review


Original languageEnglish
Title of host publicationExploring Security in Software Architecture and Design
PublisherIGI Global
Number of pages26
ISBN (Print)9781522563136
Publication statusPublished - Jan 2019
Publication typeA3 Part of a book or another research book


This chapter describes a case of a large ICT service provider building a secure identity management system for a government customer. Security concerns are a guiding factor in the design of software-intensive products and services. They also affect the processes of their development. In regulated environments, development of products requires special security for the development processes, product release, maintenance and hosting, and also require security-oriented management and governance. Integrating the security engineering processes into an agile development model is argued to have the effect of mitigating the agile methods' intended benefits. The project case was an effort of multi-team, multi-site, security engineering, and development work, executed using the Scrum framework and regulated by governmental security standards and guidelines. In this case research, the experiences in combining security engineering with agile development are reported, challenges discussed, and certain security enhancements to Scrum are proposed.

Publication forum classification

Field of science, Statistics Finland