Integration Analysis of Security Activities from the Perspective of Agility

To combat the increasing trends of security breaches reported nowadays, there is a need to deploy strict security activities with various development methodologies. In the present work we are focusing on an extremely popular agile development Methodology. These methodologies are informal and lightweight in nature having short timescales. But integration of security activities with agile activities always falls short of expectations, as security practices are not able to adapt such characteristics possessed by agile software easily. Therefore a proper integration methodology is required to achieve this aim. Here we propose a novel approach which provides quantitative measure of agility for security activities in terms of real agility degree (RAD). It determines the degree of compatibility of a security activity with agile process. We have also presented a comparative analysis of security activities with each other in context of RAD and risk removal efficiency factor (RREF). RREF is an assessment of how much effective a security activity is for removing the risk. This comparison will assist a developer during software development in deciding which security activity is beneficial than the other for integration.

[1]  Waldemar Karwowski,et al.  A review of enterprise agility: Concepts, frameworks, and attributes , 2007 .

[2]  Vidar Kongsli Towards agile security in web applications , 2006, OOPSLA '06.

[3]  Seyed-Hassan Mirian-Hosseinabadi,et al.  Integrating software development security activities with agile methodologies , 2008, 2008 IEEE/ACS International Conference on Computer Systems and Applications.

[4]  Jeff Sutherland,et al.  Manifesto for Agile Software Development , 2013 .

[5]  Philippe Kruchten,et al.  Extending XP practices to support security requirements engineering , 2006, SESS '06.

[6]  Richard F. Paige,et al.  Agile development of secure web applications , 2006, ICWE '06.

[7]  Mohamed A. Youssef The Impact of the Intensity Level of Computer‐based Technologies on Quality , 1994 .

[8]  Asif Gill,et al.  An evaluation of the degree of agility in six agile methods and its applicability for method engineering , 2008, Inf. Softw. Technol..

[9]  Brian Fitzgerald,et al.  Toward a conceptual framework of agile methods: a study of agility in different disciplines , 2004, WISER '04.

[10]  Sonia,et al.  Development of Agile Security Framework Using a Hybrid Technique for Requirements Elicitation , 2011 .

[11]  Konstantin Beznosov,et al.  Extreme Security Engineering: On Employing XP Practices to Achieve , 2003 .

[12]  Richard F. Paige,et al.  Agile Security Using an Incremental Security Architecture , 2005, XP.

[13]  Gustav Boström,et al.  Security Engineering and eXtreme Programming: An Impossible Marriage? , 2004, XP/Agile Universe.

[14]  Richard Baskerville,et al.  Integrating Security into Agile Development Methods , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[15]  Philippe Kruchten,et al.  Towards agile security assurance , 2004, NSPW '04.