O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Agile IT Security Implementation Methodology

Book Description

Plan, develop, and execute your organization’s robust agile security with IBM’s Senior IT Specialist with this book and ebook.

  • Combine the Agile software development best practices with IT security practices to produce incredible results and minimize costs
  • Plan effective Agile IT security using mind mapping techniques
  • Create an Agile blueprint and build a threat model for high value asset
  • Written in easy to understand, jargon-free language by a senior IT Specialist with IBM's Software group

In Detail

Security is one of the most difficult areas in today’s IT industry. The reason being; the speed at which security methods are developing is considerably slower than the methods of hacking. One of the ways to tackle this is to implement Agile IT Security. Agile IT security methodology is based on proven software development practices. It takes the best works from Agile Software Development (Scrum, OpenUp, Lean) and applies it to security implementations.

This book combines the Agile software development practices with IT security. It teaches you how to deal with the ever-increasing threat to IT security and helps you build robust security with lesser costs than most other methods of security. It is designed to teach the fundamental methodologies of an agile approach to IT security. Its intent is to compare traditional IT security implementation approaches to new agile methodologies. Written by a senior IT specialist at IBM, you can rest assured of the usability of these methods directly in your organization.

This book will teach IT Security professionals the concepts and principles that IT development has been using for years to help minimize risk and work more efficiently. The book will take you through various scenarios and aspects of security issues and teach you how to implement security and overcome hurdles during your implementation.

It begins by identifying risks in IT security and showing how Agile principles can be used to tackle them. It then moves to developing security policies and identifying your organization's assets. The last section teaches you how you can overcome real-world issues in implementing Agile security in your organization including dealing with your colleagues.

Table of Contents

  1. Agile IT Security Implementation Methodology
    1. Agile IT Security Implementation Methodology
    2. Credits
    3. About the Author
    4. www.PacktPub.com
      1. Support files, eBooks, discount offers and more
        1. Why Subscribe?
        2. Free Access for Packt account holders
        3. Instant Updates on New Packt Books
    5. Preface
      1. What this book covers
      2. What you need for this book
      3. Who this book is for
      4. Reader feedback
      5. Customer support
        1. Errata
        2. Piracy
        3. Questions
    6. 1. Why Agile IT Security?
      1. Security built on insecurity
      2. Perimeter security model
      3. Security landscape
        1. Security damages
        2. Security trends
        3. Security risk
      4. Summary
    7. 2. New Security Threats
      1. Evolving risks
      2. Cloud computing risks
        1. Web 2.0 risks
        2. Bandwidth risks
        3. Regulatory compliance
        4. Advance persistent threats
          1. Social engineering risks
          2. Mobile risks
          3. Espionage risks
          4. Social networking risks
          5. Zero-day exploits
        5. Cyberwarfare, Cyberterrorism, and Hactavism
        6. Money mules
        7. Summary
    8. 3. Agile Security Team
      1. Getting started with Agile
      2. Agile focus
      3. Agile team approach
      4. Offsetting resistance
      5. Agile coaching
      6. Trust exercise
      7. Degree of change
      8. Agile ceremony
      9. Summary
    9. 4. Agile Principles
      1. Need to evolve
      2. Risk-driven security
      3. Hiring an agile professional
        1. Culture
        2. Changing culture
        3. Focus on strength
      4. Pairwise
      5. Refractoring
      6. Small deliverables
      7. Decomposition
      8. Collective ownership
      9. Agile Spike
      10. Simple design
      11. Minimizing waste
      12. Done means done
      13. Project divergence rate
      14. Project Velocity rate
      15. Yesterday's weather
      16. Collaboration
        1. Scrum Master
        2. Agile planning poker
        3. Standup meeting
      17. Summary
    10. 5. Agile Risk-Driven Security
      1. Data value
        1. Data-centric approach
      2. Risk-driven security
      3. The bullpen
      4. DREAD modeling
      5. Bullpen solutions
      6. Summary
    11. 6. Agile Blueprint
      1. Agile blueprinting
        1. Accounting for the past
        2. Threat modeling
        3. Ill-use case
      2. Summary
    12. 7. Lean Implementation Principles
      1. Eliminating waste
      2. Amplify learning
      3. Decide as late as possible
      4. Deliver as fast as possible
      5. Empowering the team
      6. See the Whole
      7. Summary
    13. 8. Agile IT Security Governance and Policy
      1. Developing security policy
      2. Governance basics
      3. Articulate security value
      4. Agile second policy
      5. Summary
    14. 9. Security Policy and Agile Awareness Programs
      1. Security awareness
      2. Ebbinghaus effect
      3. Policy awareness
        1. Password awareness
        2. E-mail, social networking, and IM awareness
        3. Social engineering, phishing, and hoax awareness
        4. Privacy awareness
        5. Physical awareness
        6. Security infrastructure 101 awareness
      4. Attack recognition awareness
      5. Awareness certification
      6. Memory retention
      7. Summary
    15. 10. Impact on IT Security
      1. Agile structure
      2. Spreading risk
      3. Compliance and privacy
      4. Supply chain
      5. Summary
    16. 11. Barriers to Agile
      1. Agile culture
      2. Agile training
      3. Agile fears
      4. Summary
    17. 12. Agile Planning Techniques
      1. Mind-map example
      2. Mind-map tools
      3. Summary
    18. 13. Compliance and Agile
      1. Agile compliance
      2. Summary
    19. 14. Effective Agile IT Security
      1. Agile team success factors
      2. Agile risk success factors
      3. Factors in the success of Agile countermeasures
      4. Summary