Mastering Security in Agile/Scrum, Case Study

Similar documents
When is Agile the Best Project Management Method? Lana Tylka

Atomate Development Process. Quick Guide

Rational Team Concert. Scrum Project Management Tutorial

Models of Software Development

CHAPTER 3 : AGILE METHODOLOGIES. 3.3 Various Agile Software development methodologies. 3.4 Advantage and Disadvantage of Agile Methodology

Agile-Waterfall Hybrid Jessica LaGoy, MS, PMP

Agile for Project and Programme Managers

Agile Scrum Workshop

Agile Overview. 30,000 perspective. Juha Salenius CSPO CSM PMI-ACP PMP SCGMIS Workshop January 23 rd, 2013

Testing in a Medical Device Context Limitations are few

Agile Project Forecasting Techniques. "Who Says You Can't Plan Agile Projects?" Matt Davis, PMP, MCITP October 21, 2013

Managing complex distributed software projects. Sytyke Laivaseminaari Juha Asikainen

Waterfall to Agile. DFI Case Study By Nick Van, PMP

Scaling Agile Implementing SAFe. April 7, 2015 Tuesday 3:00-4:00 p.m. 50 Church St., 3rd Floor

Evolving the Enterprise Software Configuration Management Model

Project Management in Software: Origin of Agile

Holding Managed Services Vendors Accountable in an Agile Environment

Software Development Methodologies

Leveraging Lean/Agile Elements in SAFe to Solve Immediate Business Challenges Nuance Communications, Inc. All rights reserved.

Agile Scrum and PMBOK Compatible or Contrary?

From Agile by Design. Full book available for purchase here.

Building Software in an Agile Manner

ISL Development & Support Service Level Agreement (SLA) Infigo Software Limited (ISL)

Would you like to have a process that unlocks ability to learn and produce faster?

Chapter 6. Iteration 0: Preparing for the First Iteration

Scrum Methodology in Product Testing : A Practical Approach

PLM - Agile. Design Code Test. Sprints 1, 2, 3, 4.. Define requirements, perform system design, develop and test the system. Updated Project Plan

Agile & PMI Project Management Mapping MAVERIC S POINT OF VIEW Vol. 7

Agile Project Management By Mark C. Layton

Sept 10, The Agile Business Analyst

Agile & Scrum: What are these methodologies and how will they impact QA/testing roles? Marina Gil Santamaria Summer 2007

Roles: Scrum Master & Project Manager

For External Use. Agile BI A story. Insight Session 16 September September 2014

NokiaSiemens and Agile Development by Petri Haapio JAOO 2008

Quality Assurance/Testing Services

Agile Software Development

Taking the first step to agile digital services

Agile in a Safety Critical world

A MODEL FOR RISK MANAGEMENT IN AGILE SOFTWARE DEVELOPMENT

Utilisation v Productivity who gets the gold medal? Margaret Morgan Helen Meek

Synchronization with Microsoft Team Foundation Server 2010

Whitepaper: How to Add Security Requirements into Different Development Processes. Copyright 2013 SD Elements. All rights reserved.

Testing and Scrum. Agenda. Fall 2007 Scrum Gathering

26 May 2010 CQAA Lunch & Learn Paul I. Pazderski (CSM/CSP, OD-CM, CSQA) spcinc13@yahoo.com Cell: AGILE THROUGH SCRUM

The traditional project management uses conventional methods in software project management process.

2015 IBM Continuous Engineering Open Labs Target to better LEARNING

Course Title: Managing the Agile Product Development Life Cycle

How To Plan A Project

BAL2-1 Professional Skills for the Business Analyst

Developing Secure Software in the Age of Advanced Persistent Threats

Teaching an Elephant to Dance. Patterns and Practices for Scaling Agility

LEAN AGILE POCKET GUIDE

2015 Defense Health Information Technology Symposium Implementation of Agile SCRUM Software Development Methodology

Software processes that are:

The Agile Project Manager

Agile Methods for Analysis

MANUAL TESTING. (Complete Package) We are ready to serve Latest Testing Trends, Are you ready to learn.?? New Batches Info

Agile Project Management A Primer. Brian Stewart AVU ACEP Nairobi 17 th 2013

Course Title: Planning and Managing Agile Projects

TSG Quick Reference Guide to Agile Development & Testing Enabling Successful Business Outcomes

Seven Steps to Effective Team Development

A Practical Guide to implementing Agile QA process on Scrum Projects

Mastering the Iteration: An Agile White Paper

Cloud Software. Cloud Security. Juha Röning, Oulu University Secure Programming Group.

PointZERO Enabling the right first time principle

AGILE & SCRUM. Revised 9/29/2015

RTIME Alignment to the Pragmatic Marketing Framework

USCIS/SPAS: Product Backlog Items and User Stories 4/16/2015. Dr. Patrick McConnell

Whitepaper. Agile Methodology: An Airline Business Case YOUR SUCCESS IS OUR FOCUS. Published on: Jun-09 Author: Ramesh & Lakshmi Narasimhan

Scrum and Testing The end of the test role Bryan Bakker 20 maart 2012

How to manage agile development? Rose Pruyne Jack Reed

The Definition of Metrics for Continuous Integration in SCRUM. How Continuous Is Our Continuous Integration?

Answered: PMs Most Common Agile Questions

Manage projects effectively

CS435: Introduction to Software Engineering! " Software Engineering: A Practitioner s Approach, 7/e " by Roger S. Pressman

Role of the Business Analyst in an Agile Project

Agile Project Management with Scrum

METRICS DRIVEN CONTINUAL SERVICE IMPROVEMENT USING AGILE CONCEPTS

Project Lifecycle Management (PLM)

Agile Practitioner: PMI-ACP and ScrumMaster Aligned

When User Experience Met Agile: A Case Study

Agile Project Management in a Regulated Environment

Team Foundation Server

Governments information technology

SEMS - Software Engineering M anagement System for Small and Medium Software Product Businesses

Agile vs Waterfall Legal Issues

IT Home 2015 DevOps 研 討 會

Agile Data Warehousing

Water-Scrum-Fall Agile Reality for Large Organisations. By Manav Mehan Principal Agile consultant

Moonzoo Kim CS Division of EECS Dept. KAIST

Issues in Internet Design and Development

CSSE 372 Software Project Management: More Agile Project Management

Adopting Agile Approaches for the Enterprise

From Traditional Functional Testing to Enabling Continuous Quality in Mobile App Development

ProjectWare Dashboard. Rapid Process Automation

CompSci Fall 2014 Professors: Robert Duvall, Ajay Patel, Salman Azhar (rcd@cs, ajay.patel, azhar@cs)

SW testing in large SW project

7/24/2015. Blackstone Drupal Team

CA Clarity PPM pro Business PMO a IT PMO. Petr Běhávka CA Technologies, Principal Consultant

Who Doesn t Want to be Agile? By: Steve Dine President, Datasource Consulting, LLC 7/10/2008

Transcription:

Mastering Security in Agile/Scrum, Case Study Anu Puhakainen & Juha Sääskilahti Ericsson Network Security Competence Hub Session ID: ASEC-107 Session Classification: Intermediate

Presentation Outline Introduction Agile Transformation background Case Study: Security in Agile Five takeaways 2

Introduction 3

From Waterfall to Agile Requirements & Analysis Design Coding Product Owner Product Backlog Sprint Planning Meeting Scrum 24h Master Daily Scrum Meeting Sprint ~2 weeks Team Sprint Backlog Scrum Sprint Review Meeting Verification Operation Deliverable 4

Agile Transformation Major R&D Agile Transformation Ericsson Finland as forerunner ~500 R&D employees working in software development for mobile networks Not only process change also a big cultural change! 5

From This 6

Through This 7

To This 8

CASE STUDY: Security in Agile 9

Background to the Case Study Research partners with major interest in agile security R&D Transformation Case linked to TiViT Cloud SW Research Project initiated 2010 Multi-branched research, including Agile Problem statement for Security in Agile Current Agile/Scrum models do not have security embedded 10

What have we researched until now? Agile Transformation yes But... How is Security embedded? How to make sure products developed with agile/scrum/lean are secure? Develop good practice for global Ericsson R&D Theory meets practice or does it?

Starting Point Risk Analysis (RA) Old methodology Suited for product releases with relatively long interval Agile brings new requirements More frequent product releases More dynamic feature changes (short lead time)

Tangible outcome: New RA method Promises: Minimal preparation work required prior to workshop Workshop of ½ - 2 days for a full product For new features, very quickly 15min(?) More fluid workshops; mind-maps instead of matrixes More motivating for participants Using xmind (but any mind-map is ok) Templates Iterated and experimented 10-15 times before outlining Agile RA methodology 13

Risk Management with Agile/ Continuous Integration Product Owner Product Backlog Release 1 Sprint Planning Meeting Scrum 24h Master Daily Scrum Meeting Sprint ~2 weeks Team Sprint Backlog Continuous Build Release 2 Scrum Sprint Review Meeting Release 3 Business Level Risk Analysis updated every time product backlog changes Technical Level Risk Analysis every time sprint starts Validation of Risks Every check-in Every Product Release 14

What else has been achieved so far? Security awareness one key learning Security much more visible now Learning from other companies and organizations Research consortium, SafeCode Don t try this alone at home!

Next area to address in detail: Security Testing Objective to find a good working model: Set 1: Every Check-In Set 2: Every Scrum Set 3: Every Epic/sprint Set 4: Every Product Release to Customer Automate what you can Some tests should not too be automated Product Owner Product Backlog Release 1 Sprint Planning Meeting Scrum 24h Master Daily Scrum Meeting Sprint ~2 weeks Scrum Team Sprint Backlog Continuous Build Release 2 Sprint Review Meeting Release 3

Security Requirements Management in Agile Non-functional requirements (e.g. Security requirements) challenge in Agile 2 fundamental problems Which requirements to choose How to formulate the chosen requirements into Agile User Stories Negative user stories? How to confirm by testing? 17

Example Software Security Guidance for Agile Practitioners www.safecode.org 18

And we continue with these as well Processes Finalizing Process security control points How to add controls without sacrificing agile model Organization Who should have which competence? Measuring security... No good metrixes for product security

Takeaways 20

How to Apply Security in Agile Apply security agilely Bit by bit; no one-big-shot Adjust on the fly, give room for iteration Allocate sufficient resources Take learnings from other companies Make use of existing material 21

For security in agile, define strategy for: Organization Security Roles, Responsibilities Process Security Control Points Security Requirements Management Risk Management Security Verification 22

Questions? 23

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information