Skip to content
- To deliver value in the shortest time, the team must be authorised to make certain decisions, rather than requiring a decision at a higher management level. Not all decisions should be decentralised; however, decisions that are recurrent, common, and Time-crucial decisions and those that require local consideration should also be decentralised.
- It is important that engineers and developers be empowered to make security decisions and be responsible for such decisions, after all they will probably know the systems better then any security personnel involved in assessing the risk of the system.
- The advantage of this is this reduces the turnaround time needed for decisions on security matters.
- An example of giving empowering decision making is to providing the tool and process for developer to determine vulnerability of source code. They could be provided the tool, knowledge and process of performing Dynamic Scanning and Static Code Scanning, without needing the intervention of Security. Developer can check code on the fly and made necessary amendment, while reducing the turnaround time needed for vulnerability results.
Food for Thoughts- What are some IT security decision that can be given to engineers and developers?
- What are the safeguards that can be put in place, such that security governance is enforced?
