An agile IT security model for project risk assessment
conference contribution
posted on 2011-01-01, 00:00authored byDamien Hutchinson, H Maddern, Jason WellsJason Wells
There are two fundamental challenges in effectively performing security risk assessment in today's IT projects.The first is the project manager's need to know what IT security risks face the project before the project begins. At this stage IT security staff are unable to answer this question without first knowing the system requirements for the project which are yet to be defined. Second organisations that deal with a large project throughput each year find the current IT security risk assessment process to be tedious and expensive, especially when the same process has to be repeated for each individual project. This also makes it difficult for an organisation to prioritise which projects require more investment in IT security in order to fit within budget constraints. This paper presents a conceptual model that is based on an agile approach to alleviate these challenges. We do this by first analysing two online database resources of vulnerabilities by comparing them to each other, and then compare them to the agile criteria of the conceptual model which we define. The conceptual model is then presented and an example is given of how it can be applied to an actual project. We then briefly discuss what further work needs to be done to implement the conceptual model and validate it against an existing IT project.
History
Event
Australian Information Security Management. Conference (9th : 2011 : Perth, W. A.)
Pagination
111 - 123
Publisher
SECAU - Security Research Centre
Location
Perth, W. A.
Place of publication
Perth, W. A.
Start date
2011-12-05
End date
2011-12-07
ISBN-13
9780729806985
Language
eng
Publication classification
E1.1 Full written paper - refereed
Title of proceedings
AISM 2011 : Proceedings of the 9th Australian Information Security Management Conference