Information security meets scaled Agile


By Anthony Langsworth

Information security teams (InfoSec) suffer the curse and blessing of working with others. All InfoSec teams need to ensure others’ work, like infrastructure changes and product development, is secure and meets standards. Many InfoSec teams also need to farm out security-related work to others because the information security team lacks skills, capacity or authority.

If a project team within the information security team’s organisation adopts or standardises on agile practices (commonly abbreviated to Agile), integrating security into Agile is not a new subject. However, traditional agile does not scale well, presenting challenges and opportunities to both the organisation and InfoSec.

An Agile Primer

There are few people in the IT industry that have not heard about Agile. Based on a now almost two-decade-old manifesto, Agile focuses on delivering real value and minimises unnecessary work.

A full discussion of Agile would consume many hefty tomes. However, Agile boils down to two main areas: (1) the mindset around delivering working systems, collaborating and building trust and (2) the practises and “rituals” to achieve this…Click here to read full article.