They’re Security Scrum!

Yet another trend: The recoil of Agile practices since uncontrollable isn’t what you’d want from your IS infrastructure..?

Where the scrum and other development methods using emblematic sprints by that very idea have to lose all the ballast …
But would you run a marathon-length Chinese Whispers game (Telephone if you’re from the US, inable to go with the rest) …? Because that’s what you get, quality-wise, if you deploy sprinters for the whole 42k195m — no use for miles either — and (wide-sense) security’s one major part of it.

Again, a baby with the bath water thing, here. Moreover, since even with large Waterfall development — which should’ve been V-shaped for the right half of it ..! — security (wide-sens, incl. proper-usability, documentation for maintainability et al.) was too much of an afterthought. When taken seriously, by the way, proven to be much less of a nuisance either during the project or or during implementation/roll-out or during the production phases, than it was taken for.

So, the question is not how fast ‘we’ can dump Security when adopting something agile, nor ow to ‘ split up’ the CISO’s thinking and acting and standards over App Devt and DevOps, but how to get suitable Sec into DevOps-or-whatever. The only road that’s not a dead end, sounds like “Sorry Dave, I can’t let you do that” [I know]. A sort of thick-concrete sandbox — creating tons of overhead in sprints, and when later exposed in the Real World of production. Retrogade.
Your start-up hacktons just don’t cut it in the big boy business..? Better ideas?

[Where all you wanted was one big coat hanger… Beurs van Berlage]


About maverisk

Maverisk Consultancy, IS Audit and Advisory services: Wikinomics meets governance and audit; otherwise, see my personal LinkedIn profile
This entry was posted in ERM, GRC, Information Risk Management, Information Security, Innovation (technologicallly driven) and tagged , , . Bookmark the permalink.

Your comments are welcomed!

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s