about
According to Agile Alliance, Agile is the ability to create and respond to change. It is a way of dealing with, and ultimately succeeding in, an uncertain and turbulent environment. Agile Manisfasto chose “Agile” as the label for the whole idea because that word represented the adaptiveness and the ability to response to change which is important to their approach.
Doesn’t this sound familiar to Security Practitioner? In my 20 years career in security management, it seems that as a security practitioner, we have to be adaptive and have the ability to response to changes in the uncertain and turbulent environment filled with constant change in threat landscape, technology and regulatory requirements. In attempting to integrate Security into Agile Environment in my early years of my career, I discover that the principle of Agile, which help organisation to adapt and response to change, could very well apply to Security Management. I embraced Scaled Agile Framework (SAFe) and was amazed how the principle help me in Security Management.
“SAFe is the world’s leading framework for business agility. SAFe integrates the power of Lean, Agile, and DevOps into a comprehensive operating system that helps enterprises thrive in the digital age by delivering innovative products and services faster, more predictably, and with higher quality. SAFe is based on ten fundamental concepts that have evolved from Agile principles and methods, Lean product development, systems thinking, and observation of successful enterprises.”
Base on the ten fundamental concept of SAFe, I developed 10 security principles which shape the way I managed security in the uncertain and turbulent environment filled with constant change. The principles applies in my Security Management regardless if it is an Agile or Traditional environments.
10 Agile with Security Principles
MOTION
Principle 7
Limited WIP and Reduced Batch Sizes for Security Controls and Implementations
Principle 8
Security Cadence; Synchronization With Cross-Domain Planning
Principle 9
Clear Security Requirements and Objectives for Each Milestone
Principle 10
Security automation in fast & incremental iteration