PacktLib: Agile IT Security Implementation Methodology

Agile IT Security Implementation Methodology

Credits

About the Author

www.PacktPub.com

Preface

Why Agile IT Security?

Security built on insecurity

Perimeter security model

Security landscape

Summary

New Security Threats

Evolving risks

Cloud computing risks

Agile Security Team

Getting started with Agile

Agile focus

Agile team approach

Of´╗┐fsetting resistance

Agile coaching

Trust exercise

Degree of change

Agile ceremony

Summary

Agile Principles

Need to evolve

Risk-driven security

Hiring an agile professional

Pairwise

Refractoring

Small deliverables

Decomposition

Collective ownership

Agile Spike

Simple design

Minimizing waste

Done means done

Project divergence rate

Project Velocity rate

Yesterday's weather

Collaboration

Summary

Agile Risk-Driven Security

Data value

Risk-driven security

The bullpen

DREAD modeling

Bullpe´╗┐n solutions

Summary

Agile Blueprint

Agile blueprinting

Summary

Lean Implementation Principles

Eliminating waste

Amplify learning

Decide as late as possible

Deliver as fast as possible

Empowering the team

See the Whole

Summary

Agile IT Security Governance and Policy

Developing security policy

Governance basics

Articulate security value

Agile second policy

Summary

Security Policy and Agile Awareness Programs

Security awareness

Ebbinghaus effect

Policy awareness

Attack recognition awareness

Awareness certification

Memory retention

Summary

Impact on IT Security

Agile structure

Spreading risk

Compliance and privacy

Supply chain

Summary

Barriers to Agile

Agile culture

Agile training

Agile fears

Summary

Agile Planning Techniques

Mind-map example

Mind-map tools

Summary

Compliance and Agile

Agile compliance

Summary

Effective Agile IT Security

Agile team success factors

Agile risk success factors

Factors in the success of Agile countermeasures

Summary