Description of session
The session considered how agile methodologies benefit the development lifecycle, and how security should and could be approached in the same, or a similar, way.
Outcomes/Deliverables
| SiA | AiS |
|---|
| Backlog | Backlog |
| Priorities | Priorities |
| Risk of not doing S | Not as such |
| Reacting to change | More strategic, less agile |
| Scaling is easy | Not scalable |
| Automation is easy | Difficult to automate |
| Continuous risk management and threat modelling |
| For SiA | For AiS |
|---|
| Playbooks with security requirements | Incident response |
| Sec requirements over Sec stories | Reserved points |
| Link discovery phase with analysis | ITIL (IT Infrastructure Library) |
| Educate Devs on Threat Modelling | Prioritize between reacting to incident vs. finishing the task |
| Security expectations known (ASVS) | |
| Triggers for checks before coding begins | |
| Decision for the right triggers based on predefined rules | |
