An agile IT security model for project risk assessment

Hutchinson, Damien, Maddern, Heath and Wells, Jason 2011, An agile IT security model for project risk assessment, in AISM 2011 : Proceedings of the 9th Australian Information Security Management Conference, SECAU - Security Research Centre, Perth, W. A., pp. 111-123.

Attached Files
Name Description MIMEType Size Downloads

Title An agile IT security model for project risk assessment
Author(s) Hutchinson, Damien
Maddern, Heath
Wells, Jason
Conference name Australian Information Security Management. Conference (9th : 2011 : Perth, W. A.)
Conference location Perth, W. A.
Conference dates 5-7 Dec. 2011
Title of proceedings AISM 2011 : Proceedings of the 9th Australian Information Security Management Conference
Editor(s) [Unknown]
Publication date 2011
Conference series Australian Information Security Management. Conference
Start page 111
End page 123
Total pages 13
Publisher SECAU - Security Research Centre
Place of publication Perth, W. A.
Keyword(s) project management
IT security
agile
risk assessment
Summary There are two fundamental challenges in effectively performing security risk assessment in today's IT projects.The first is the project manager's need to know what IT security risks face the project before the project begins. At this stage IT security staff are unable to answer this question without first knowing the system requirements for the project which are yet to be defined. Second organisations that deal with a large project throughput each year find the current IT security risk assessment process to be tedious and expensive, especially when the same process has to be repeated for each individual project. This also makes it difficult for an organisation to prioritise which projects require more investment in IT security in order to fit within budget constraints. This paper presents a conceptual model that is based on an agile approach to alleviate these challenges. We do this by first analysing two online database resources of vulnerabilities by comparing them to each other, and then compare them to the agile criteria of the conceptual model which we define. The conceptual model is then presented and an example is given of how it can be applied to an actual project. We then briefly discuss what further work needs to be done to implement the conceptual model and validate it against an existing IT project.
ISBN 9780729806985
Language eng
Field of Research 080303 Computer System Security
Socio Economic Objective 970108 Expanding Knowledge in the Information and Computing Sciences
HERDC Research category E1.1 Full written paper - refereed
Persistent URL http://hdl.handle.net/10536/DRO/DU:30049209

Document type: Conference Paper
Collection: School of Information Technology
Connect to link resolver
 
Unless expressly stated otherwise, the copyright for items in DRO is owned by the author, with all rights reserved.

Versions
Version Filter Type
Access Statistics: 66 Abstract Views, 3 File Downloads  -  Detailed Statistics
Created: Thu, 01 Nov 2012, 13:10:24 EST

Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact drosupport@deakin.edu.au.