TUTCRIS - Tampereen teknillinen yliopisto

TUTCRIS

Case Study of Agile Security Engineering: Building Identity Management for a Government Agency

Tutkimustuotosvertaisarvioitu

Standard

Case Study of Agile Security Engineering: Building Identity Management for a Government Agency. / Rindell, Kalle; Hyrynsalmi, Sami; Leppänen, Ville.

julkaisussa: International Journal of Secure Software Engineering, Vuosikerta 8, Nro 1, 3, 03.2017, s. 43-57.

Tutkimustuotosvertaisarvioitu

Harvard

Rindell, K, Hyrynsalmi, S & Leppänen, V 2017, 'Case Study of Agile Security Engineering: Building Identity Management for a Government Agency', International Journal of Secure Software Engineering, Vuosikerta. 8, Nro 1, 3, Sivut 43-57. https://doi.org/10.4018/IJSSE.2017010103

APA

Rindell, K., Hyrynsalmi, S., & Leppänen, V. (2017). Case Study of Agile Security Engineering: Building Identity Management for a Government Agency. International Journal of Secure Software Engineering, 8(1), 43-57. [3]. https://doi.org/10.4018/IJSSE.2017010103

Vancouver

Rindell K, Hyrynsalmi S, Leppänen V. Case Study of Agile Security Engineering: Building Identity Management for a Government Agency. International Journal of Secure Software Engineering. 2017 maalis;8(1):43-57. 3. https://doi.org/10.4018/IJSSE.2017010103

Author

Rindell, Kalle ; Hyrynsalmi, Sami ; Leppänen, Ville. / Case Study of Agile Security Engineering: Building Identity Management for a Government Agency. Julkaisussa: International Journal of Secure Software Engineering. 2017 ; Vuosikerta 8, Nro 1. Sivut 43-57.

Bibtex - Lataa

@article{e96b207776194f93948dcdb4b9de241c,
title = "Case Study of Agile Security Engineering: Building Identity Management for a Government Agency",
abstract = "Security concerns are increasingly guiding both the design and processes of software-intensive product development. In certain environments, the development of the product requires special security arrangements for development processes, product release, maintenance and hosting, and specific security-oriented processes and governance. Integrating the security engineering processes into agile development methods can have the effect of mitigating the agile methods’ intended benefits.This article describes a case of a large ICT service provider building a secure identity management system for a sizable government agency. The project was a subject to strict security regulations due to the end product’s critical role. The project was a multi-team, multi-site, standard-regulated security engineering and development work executed following the Scrum framework. The study reports the difficulties in combining security engineering with agile development, provides propositions to enhance Scrum for security engineering activities. Also, an evaluation of the effects of the security work on project cost presented.",
author = "Kalle Rindell and Sami Hyrynsalmi and Ville Lepp{\"a}nen",
year = "2017",
month = "3",
doi = "10.4018/IJSSE.2017010103",
language = "English",
volume = "8",
pages = "43--57",
journal = "International Journal of Secure Software Engineering",
issn = "1947-3036",
publisher = "IGI Global",
number = "1",

}

RIS (suitable for import to EndNote) - Lataa

TY - JOUR

T1 - Case Study of Agile Security Engineering: Building Identity Management for a Government Agency

AU - Rindell, Kalle

AU - Hyrynsalmi, Sami

AU - Leppänen, Ville

PY - 2017/3

Y1 - 2017/3

N2 - Security concerns are increasingly guiding both the design and processes of software-intensive product development. In certain environments, the development of the product requires special security arrangements for development processes, product release, maintenance and hosting, and specific security-oriented processes and governance. Integrating the security engineering processes into agile development methods can have the effect of mitigating the agile methods’ intended benefits.This article describes a case of a large ICT service provider building a secure identity management system for a sizable government agency. The project was a subject to strict security regulations due to the end product’s critical role. The project was a multi-team, multi-site, standard-regulated security engineering and development work executed following the Scrum framework. The study reports the difficulties in combining security engineering with agile development, provides propositions to enhance Scrum for security engineering activities. Also, an evaluation of the effects of the security work on project cost presented.

AB - Security concerns are increasingly guiding both the design and processes of software-intensive product development. In certain environments, the development of the product requires special security arrangements for development processes, product release, maintenance and hosting, and specific security-oriented processes and governance. Integrating the security engineering processes into agile development methods can have the effect of mitigating the agile methods’ intended benefits.This article describes a case of a large ICT service provider building a secure identity management system for a sizable government agency. The project was a subject to strict security regulations due to the end product’s critical role. The project was a multi-team, multi-site, standard-regulated security engineering and development work executed following the Scrum framework. The study reports the difficulties in combining security engineering with agile development, provides propositions to enhance Scrum for security engineering activities. Also, an evaluation of the effects of the security work on project cost presented.

U2 - 10.4018/IJSSE.2017010103

DO - 10.4018/IJSSE.2017010103

M3 - Article

VL - 8

SP - 43

EP - 57

JO - International Journal of Secure Software Engineering

JF - International Journal of Secure Software Engineering

SN - 1947-3036

IS - 1

M1 - 3

ER -