Journal of Cybersecurity and Privacy (Apr 2022)

Towards Agile Cybersecurity Risk Management for Autonomous Software Engineering Teams

  • Hannes Salin,
  • Martin Lundgren

DOI
https://doi.org/10.3390/jcp2020015
Journal volume & issue
Vol. 2, no. 2
pp. 276 – 291

Abstract

Read online

In this study, a framework was developed, based on a literature review, to help managers incorporate cybersecurity risk management in agile development projects. The literature review used predefined codes that were developed by extending previously defined challenges in the literature—for developing secure software in agile projects—to include aspects of agile cybersecurity risk management. Five steps were identified based on the insights gained from how the reviewed literature has addressed each of the challenges: (1) risk collection; (2) risk refinement; (3) risk mitigation; (4) knowledge transfer; and (5) escalation. To assess the appropriateness of the identified steps, and to determine their inclusion or exclusion in the framework, a survey was submitted to 145 software developers using a four-point Likert scale to measure the attitudes towards each step. The resulting framework presented herein serves as a starting point to help managers and developers structure their agile projects in terms of cybersecurity risk management, supporting less overloaded agile processes, stakeholder insights on relevant risks, and increased security assurance.

Keywords