The purpose of my ongoing blog is to tie in what I am
learning in my Information Security Management course at Bellevue University.
This week we have tied in project management to information security
management. I have been involved in many
projects in my 25 years in IT and honestly it seems to me that a lot of those
projects have not focused on security concerns.
It is very important that information security be factored in for all
projects to determine if there are risks being introduced to a company as part
of a project. It is also important that the
information security department manage corporate security concerns as projects
so key points are addressed.
Project management leads to development methodologies used
to complete projects. Agile is a newer methodology
used on many projects currently. But is agile
the best way to do things and is agile factoring in information security
concerns?
I looked for information on what’s next after agile. Is there something that has been created that
is “better” than agile? Mike Gualtieri
wrote a thought provoking article in 2011 that said agile is not that great and
that there are better ways to manage projects.
He had some very interesting points on whether having “working software”
is a measure of progress or is it narcissistic?
He also indicated that having the business unit involved at every step
can be perceived as the developers being “lazy” by having the business unit
tell the developers what needs to be done (Gualtieri 2011).
From my experience with agile, the business units do not
always get involved very much if at all in projects. A lot depends on the project. When doing BAU work, agile is not necessarily
the best fit. For larger projects, agile
makes more sense because you can break up projects into smaller pieces and see
measurable achievements as you go. Agile
can factor in security concerns as tasks that need to be complete as part of
the project.
Does agile address security concerns while working on
projects? In my experience, the agile
methodology really doesn’t get into details on what should be included in
projects and does not ensure that security concerns are factored in. Should the methodology include security
concerns as a milestone? Security
concerns should be a primary factor in all projects in an environment where
more and more people are successfully attacking web sites and gaining access to
sensitive information.
I look forward to continuing posting to this blog as I
progress through this course. I am also
taking a project management course this term so this week’s chapter for my
information security management course tied heavily into that course.
Reference:
·
Gualtieri, M. (Oct 2011). Agile
Software Is a Cop-Out; Here’s What’s Next.
Retrieved on September 5, 2014, from http://blogs.forrester.com/mike_gualtieri/11-10-12-agile_software_is_a_cop_out_heres_whats_next
No comments:
Post a Comment