Agile Security, Recalibrating Information Security for Agile Development Projects

More and more systems are being developed using an agile approach. Benefits are that the time-to-market of a new feature can be short, and that in complex projects it reduces the impact of changes. No wonder that Agile is popular with the business owners. Classic information security, using classic top-down frameworks, however has trouble keeping up with this agile way of system development.

 

How can we change this?

 

This presentation explores ways in which information security can be adequately addressed in an agile environment. It starts at the basis of the security management process, and advises new ways of working with respect to agile development in order to reach the ultimate goal: an environment with systems at acceptable risk.

 

Main points covered:

 

• Agile development from a security viewpoint (what are the major aspects of agile that have an impact on management of information security?)

• Why does ISO 27001 not fit properly in agile development?

• How to perform agile security management (a new use of the PDCA cycle)?

• Conclusions and recommendations

 

Presenters:
 

This webinar was presented by Arthur Donkers and Pascal de Koning.

 

Arthur Donkers - arthur@1secure.nl

Is qualified as an Information Security, and Technology professional; he is a Critical Security Architect and certified PECB Trainer for ISO 27001, 27005, 31000. Arthur is convinced that Information Security is a means to an end, not a purpose in itself.

 

Pascal de Koning - p.de.koning@i-to-i.nl 

Is qualified as an Information Security professional and Cybersecurity with a wide experience as a consultant. Among many, he holds a CISSP qualification and currently working as a Chairman of Security Services at The Open Group and SABSA Institute.

 

Date: May 25, 2016

 

Organizer: Gezim Zeneli

 

Agile Security, Recalibrating Information Security for Agile Development Projects from PECB