Method Selection and Tailoring for Agile Threat Assessment and Mitigation

Renatus, S. and Teichmann, C. and Eichler, J.— 2015

Security engineering and agile development are often perceived as a clash of cultures. To address this clash, several approaches have been proposed that allow for agile security engineering. Unfortunately, agile development organization differ in their actual procedures and environmental properties resulting in varying requirements. We propose an approach to compare and select methods for agile security engineering. Furthermore, our approach addresses adaptation or construction of a tailored method taking the existing development culture into account. We demonstrate the feasibility of our proposal and report early experiences from its application within a small development organization for digital solutions in the automotive domain.

TitelMethod Selection and Tailoring for Agile Threat Assessment and Mitigation
VerfasserRenatus, S. and Teichmann, C. and Eichler, J.
VerlagARES
Themasecurity of data;software prototyping;agile security engineering;agile software development;agile threat assessment;automotive domain;Data models;Guidelines;Organizations;Planning;Proposals;Security;Training;Scrum (Software development);Threat modeli
Datum201508
Quelle/n
Erschienen in10th International Conference on Availability, Reliability and Security (ARES 2015)
Spracheeng
ArtText