Upload File

cyber security in an agile world - wavestone...ensure agile security runs at scale? cybersecurity in...

  • Home
  • Documents
  • Cyber Security in an agile world - Wavestone...ensure agile security runs at scale? CYBERSECURITY IN AN AGILE WORLD EVIL USER STORIES RISK IDENTIFICATION Translate security requirements
1
BUILD, TRAIN AND CONTROL WE WANT TO UNDERSTAND MORE ABOUT YOUR JOURNEY TOWARDS SECURELY DEPLOYING AGILE SO WE CAN HELP YOU TO SECURELY SUPPORT YOUR BUSINESS AND RECOMMEND THE BEST ROUTE FORWARD THROUGH YOUR TRANSFORMATION JOURNEY. To maintain security in this new landscape, security experts must train and empower product teams to identify and act on security risks within sprints, supported by experts. Once trained, security experts will focus on controlling critical releases. WHEN SCALING UP SECURITY FROM 1 AGILE PROJECT TO 100, THE AVAILABILTY AND ACCESS I BILITY OF SECURITY EXPERTISE BECOMES A MAJOR PAIN POINT SPRINT 5 SPRINT 6 SPRINT 7 SPRINT 4 SPRINT 8 SPRINT 9 SPRINT 10 SPRINT 11 SPRINT 12 SPRINT 15 SPRINT 16 SPRINT 17 SPRINT 13 SPRINT 14 SPRINT 3 PRIORITISATION CONCEPTION NEEDS DEFINITION PRIORITISATION SPRINT 1 SPRINT 2 BACKLOG SPRINT PLANNING DEMO CONTUINUAL SPRINTS TOWARDS DELIVERY AT SCALE... ...AND CONTINUIOUS SPRINTS Digital Transformation is happening. Organisations are deploying agile operating models and new ways of working in order to innovate faster, build better products and become customer-centric. This transformation towards agile raises new challenges for CISOs. How to support an agile journey from a cybersecurity perspective? How to structure and adapt security function and operating model to ensure agile security runs at scale? CYBERSECURITY IN AN AGILE WORLD EVIL USER STORIES RISK IDENTIFICATION Translate security requirements into project/product needs CONTROL Validate the mitigation of security risks through security testing SUPPORT Support dev and infra teams in the design and implementation of security measures SECURITY BASELINE PENETRATION TESTING AND CODE REVIEW ACCEPTANCE CRITERIA (GO / NO GO) SERIOUS GAMES INTEGRATED TOOLS AND AUTOMATION SECURITY TRAINING DEFINITION OF DONE Highlight the business impact of malicious activity targeting the product. Sprint after sprint, Evil User Stories enable incremental risk reduction Use the risks identified to support the development and infrastructure teams in the design and implementation of security measures Penetration testing should only be carried out on most critical areas, which are identified in EVIL user stories Call: +44 (0)20 3002 1760 Email: [email protected] ACT NOW EMBRACE CHANGE. THINK SAFE. ACT NOW. SUPPORTING YOUR AGILE PRODUCT DEVELOPMENT Organisations must adapt the traditional security pillars of Risk Identification, Support and Control to secure an agile development cycle AGILE AT SCALE Once you have mastered the Agile Product Development, next is to ensure agile security can run at scale.

Upload: others

Post on 06-Aug-2020

0 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Cyber Security in an agile world - Wavestone...ensure agile security runs at scale? CYBERSECURITY IN AN AGILE WORLD EVIL USER STORIES RISK IDENTIFICATION Translate security requirements

BUILD, TRAIN AND CONTROL

WE WANT TO UNDERSTAND MORE ABOUT YOUR JOURNEY TOWARDS SECURELY DEPLOYING AGILE SO WE CAN HELP YOU TO SECURELY SUPPORT YOUR BUSINESS AND RECOMMEND THE BEST ROUTE

FORWARD THROUGH YOUR TRANSFORMATION JOURNEY.

To maintain security in this new landscape, security

experts must train and empower product teams to

identify and act on security risks within sprints,

supported by experts. Once trained, security experts

will focus on controlling critical releases.

WHEN SCALING UP SECURITY FROM 1 AGILE PROJECT TO 100, THE AVAILABILTY AND ACCESSIBILITY OF SECURITY EXPERTISE BECOMES A MAJOR PAIN POINT

SPRINT 5 SPRINT 6 SPRINT 7SPRINT 4

SPRINT 8 SPRINT 9 SPRINT 10 SPRINT 11 SPRINT 12

SPRINT 15 SPRINT 16 SPRINT 17SPRINT 13 SPRINT 14

SPRINT 3

PRIORITISATIONCONCEPTIONNEEDS DEFINITION PRIORITISATION

SPRINT 1 SPRINT 2

BACKLOG SPRINT PLANNING DEMO CONTUINUAL SPRINTS

TOWARDS DELIVERY AT SCALE...

...AND CONTINUIOUS SPRINTS

Digital Transformation is happening. Organisations are deploying agile operating models and new ways of working in order to innovate faster, build better products and become customer-centric. This transformation towards agile raises new challenges for CISOs.

How to support an agile journey from a cybersecurity perspective?

How to structure and adapt security function and operating model to ensure agile security runs at scale?

CYBERSECURITY IN AN AGILE WORLD

EVIL USER STORIES

RISK IDENTIFICATIONTranslate security requirements into

project/product needs

CONTROLValidate the mitigation of security

risks through security testing

SUPPORTSupport dev and infra teams in the design and implementation of security measures

SECURITY BASELINE

PENETRATION TESTING AND CODE REVIEW

ACCEPTANCE CRITERIA (GO / NO GO)

SERIOUS GAMES

INTEGRATED TOOLSAND AUTOMATION

SECURITY TRAINING

DEFINITION OF DONE

Highlight the business impact of malicious activity

targeting the product. Sprint after sprint, Evil User Stories enable incremental

risk reduction

Use the risks identified to support the development

and infrastructure teams in the design and

implementation of security measures

Penetration testing should only be carried out on most

critical areas, which are identified in EVIL user

stories

Call: +44 (0)20 3002 1760Email: [email protected]

ACT NOW

E M B R A C E C H A N G E . T H I N K S A F E . A C T N O W.

SUPPORTING YOUR AGILE PRODUCT DEVELOPMENT Organisations must adapt the traditional security pillars of Risk Identification,

Support and Control to secure an agile development cycle

AGILE AT SCALEOnce you have mastered the Agile Product Development, next is to ensure agile

security can run at scale.

Corporate Social Responsibility Report - Wavestone€¦ · Corporate Social Responsibility Report 2017/18. S.H. S.H. S.H. WHAT IS THE CONTEXT IN WHICH THE WAVESTONE CSR APPROACH OPERATES?

@wavestone...Wavestone has seized this opportunity to implement new and exciting ways of working internally and interacting externally. The 1st Wavestone Hackathon was based on the

Making security-agile matt-tesauro

How to Add Security in Agile Process

Security Development Lifecycle for Agile · PDF fileSecurity Development Lifecycle for Agile Development 2 ... RSA, and SHA-256 or ... Security Development Lifecycle for Agile Development

eCSI - The Agile IT security

Agile Product Lifecycle Management Security · PDF fileInstalling OWSM on the Agile Domain ... 2-2 Agile Product Lifecycle Management Security Guide. 3 Agile Product Lifecycle Management

Application Security within Agile

Cyber Security testing in an agile environment

Agile Security Manifesto - ISC)2 · •Security experts are valuable, and bring specific skills/experience •But most agile teams don’t have an embedded security expert –Costly,

Security + Agile = FAIL - Securosis - HomeAgileFAIL_OWASP.ppt_.pdf · 2015-09-18 · – Natural ‘divide & conquer’ approach! ... Mandate secure code style! ... Security + Agile

Agile Security—Field of Dreams

DSP2 standards, sécurité, quels impacts wavestone

RegTech Radar 2020 - Wavestone

Sourcefire Agile Security Manifesto

Security Assurance in an Agile world...Agile poses new security challenges •Minimal Security Knowledge •Reduced documentation •No Security Architecture •No Threat Modelling

Security Automation in Agile SDLC - Schedschd.ws/.../38/AppSec-SecAutomationInAgile-OferMaor.pdf · Security Automation in Agile SDLC Real World Cases ... • Introduction of security

Safety LAMP: data security & agile languages

Wavestone forgerock banking demo

Engineering Excellence in Security on an Agile … Excellence in Security on an Agile Smorgasbord. SDS-R09. ... Few key methodologies for adapting security to Agile ... Scrum teams

Create Agile confidence for better application security

Agile Software Security

Agile&Security& - TERENA · 2015-02-26 · Agile&Security& Tilmann&Haak,&XING&AG,&Germany& @TilmannHaak&

Protection Poker: An Agile Security Game

Agile PLM Security Guide

Making Security Agile

Agile Product Lifecycle Management for Process Security ... · contains guidelines for managing security configurations in Oracle Agile Product ... Agile PLM for Process applications

Security in agile teams

Agile API Securitycqi611.weblog.esaunggul.ac.id/wp-content/uploads/sites/... · 2019-02-20 · Agile API security 11 API First Architecture with built-in Security Data Security governance

Breaking the fourth wall - HITB the fourth wall Hacking Customer Information Control System © WAVESTONE 2 What people think of when I talk about mainframes © WAVESTONE 3 The reality:

Agile Application Security - Agile Security.pdf · 5 important rules in Agile Security. Fit security into your dev process, not the other way around. If security isn’t on the team’s

Implementing Security into Agile SDLC€¦ · Globalcode – Open4education Implementing Security into Agile SDLC Anderson Dadario, CISSP, CSSLP Flare Security

Agile security

Agile Information Security Management in Software R&D · •Security should be built in to the agile process, practices and tools (e.g. security solution patterns, standard solutions,

Application Security in an Agile World - Agile Singapore 2016