text.skipToContent text.skipToNavigation

Agile Information Security Using Scrum to Survive in and Secure a Rapidly Changing Environment von Fitzer, James R. (eBook)

  • Erscheinungsdatum: 22.06.2015
  • Verlag: BookBaby
eBook (ePUB)
10,69 €
inkl. gesetzl. MwSt.
Sofort per Download lieferbar

Online verfügbar

Agile Information Security

In Agile Information Security, James Fitzer provides sound guidance and examples on working agility into your information security process, using Scrum as a framework, and lessons learned from the Northern Border Integration Demonstration, a high-profile U.S. Border Security project. You will find advice, examples, and team-building concepts designed to make your information security program more effective by trimming the fat from your security process and learning to thrive on change. More importantly, you'll find ways to return your information security program to the basics: protecting your organization's assets and supporting the enterprise. In a world of increasing bloat and bureaucracy, the simple approach to a 'working product' is a welcome breath of fresh air.


    Format: ePUB
    Kopierschutz: none
    Seitenzahl: 111
    Erscheinungsdatum: 22.06.2015
    Sprache: Englisch
    ISBN: 9781483556185
    Verlag: BookBaby
    Größe: 832 kBytes
Weiterlesen weniger lesen

Agile Information Security



One of the chief difficulties of the information security discipline is the need to balance the business or product with information security and assurance goals. All too often, particularly in government and financial sectors, information security personnel, developers, and system administrators and engineers are seen as competing interests, with divergent goals. This problem is compounded by the increasing prevalence of agile software development methodologies, which are seen by outsiders as a way to circumvent established processes with respect to system security and stability. Unfortunately in many environments, this misconception about agile development has resulted in an increase in the divide between development staff and the system engineers, security administrators, and IT staff charged with supporting their systems.

Rectifying this divide requires a return to the basics of information security and protection, from a philosophical perspective. The core goal of information security is summed up quite well in Information Security Fundamentals , by Thomas Peltier, Justin Peltier, and John Blackley:

Information protection should support the business objective or mission of the enterprise. This idea cannot be stressed enough. All too often, information security personnel lose track of their goals and responsibilities. The position of ISSO (Information Systems Security Officer) has been created to support the enterprise, not the other way around. 1

Their text is used in information security coursework throughout the country, and the statement above should be viewed as a guiding principle for all information security professionals, who need to understand that operational requirements and security guidelines can collide. Highly visible breaches, advancement of regulations and laws for the protection of data, and the explosion of internet-connected devices and services have brought an enormous amount of attention to the field of information security, resulting in not only a greatly increased focus on countermeasures, but "bureaucratic bloat" within organizations, particularly within the Department of Defense, where information assurance (IA) often ignores that very basic first tenet of supporting the mission rather than becoming it.

During my time at the Northern Border Integration Demonstration (NBID), I witnessed first-hand the clash between security standards and mission focus, between endless documentation and rapid change. While these problems were significant, they were not insurmountable, and over the years the NBID team found workable solutions, by distancing ourselves from traditional mindsets and working agility into our security process.

With all the books and articles on agile development, Scrum, and the larger topic of information security, you may find yourself wondering why this book matters.

Who Should Read This Book

This book is intended for information security engineers, information assurance officers, system engineers, or anyone who has been thrust into the arduous task of securing and maintaining a rapidly changing system. Throughout my experiences at the Northern Border Integration Demonstration, the challenges of maintaining adequate security posture (and complying with tomes of government regulations) became clear; when there's a new software build every few weeks, those charged with maintaining the system's security are always behind the power curve.

This book is not meant to be an exhaustive source of information on agile development, Scrum, or information security in general. The reader should feel free to take what's useful and discard the rest. This isn't meant to be a method strictly adhered to, but a rough framework and collection of ideas that you should modify as you see fit.

It is my hope that this book prevents you from experiencing the con

Weiterlesen weniger lesen