AA Ardo
An empirical investigation of agile information systems development for cybersecurity
Ardo, AA; Bass, J; Gaber, T
Authors
Contributors
M Themistocleous
Editor
M Papadaki
Editor
Abstract
Cybersecurity has been identified as a major challenge confronting the digital world,
neglecting cybersecurity techniques during software design and development increases the risk
of malicious attacks. Thus, there is a need to make security an integral part of the agile information system development process. In this exploratory study, we empirically explore the agile
security practices adopted by software developers and security professionals. Data was collected
by conducting ten semi-structured interviews with agile practitioners from seven companies in
the United Kingdom (UK). The study was conducted between August – November 2020. An
approach informed by grounded theory was used for data analysis including Open coding, Memoing, Constant comparison and Theoretical saturation. The security practices identified in this
study were categorized into roles, ceremonies and artefacts and mapped onto the different phases
of the Software Development Lifecycle (SDLC). We discovered practitioners use five artefacts:
security backlog documentation, software security baseline standards, security test plan templates, information security and security audit checklists; and that there are more artefacts than
roles and ceremonies. Also, while most practitioners rely on automated tools for software security
testing, only one practitioner mentioned conducting security tests manually. These practices that
we have identified comprise a novel taxonomy which form the main research contribution of this
paper.
Citation
Ardo, A., Bass, J., & Gaber, T. (2022). An empirical investigation of agile information systems development for cybersecurity. Lecture notes in business information processing (Internet), 567-581. https://doi.org/10.1007/978-3-030-95947-0_40
Journal Article Type | Conference Paper |
---|---|
Conference Name | 18th European, Mediterranean and Middle Eastern Conference on Information Systems (EMCIS) 2021 |
Conference Location | Online |
End Date | Dec 9, 2021 |
Acceptance Date | Nov 8, 2021 |
Online Publication Date | Feb 16, 2022 |
Publication Date | Feb 16, 2022 |
Deposit Date | Jan 17, 2022 |
Publicly Available Date | Feb 16, 2023 |
Journal | Information Systems 18th European, Mediterranean, and Middle Eastern Conference, EMCIS 2021, Virtual Event, December 8–2, 2021, Proceedings |
Print ISSN | 1865-1348 |
Pages | 567-581 |
Series Title | Lecture Notes in Business Information Processing |
Series Number | 437 |
Book Title | Information Systems : 18th European, Mediterranean, and Middle Eastern Conference, EMCIS 2021, Virtual Event, December 8–2, 2021, Proceedings |
ISBN | 9783030959463-(softcover);-9783030959470-(ebook) |
DOI | https://doi.org/10.1007/978-3-030-95947-0_40 |
Publisher URL | https://doi.org/10.1007/978-3-030-95947-0_40 |
Related Public URLs | https://emcis.eu/ https://doi.org/10.1007/978-3-030-95947-0 |
Additional Information | Access Information : This version of the contribution has been accepted for publication, after peer review (when applicable) but is not the Version of Record and does not reflect post-acceptance improvements, or any corrections. The Version of Record is available online at: http://dx.doi.org/10.1007/978-3-030-95947-0_40. Use of this Accepted Version is subject to the publisher’s Accepted Manuscript terms of use https://www.springernature.com/gp/open-research/policies/accepted-manuscript-terms Event Type : Conference |
Files
EMCIS-2021 - paper id-61.pdf
(240 Kb)
PDF
You might also like
Towards secure agile software development process: a practice-based model
(2022)
Conference Proceeding
A post-colonial analysis of agile software development
methods in ICT4D
(-0001)
Presentation / Conference
SPARC 2022 book of abstracts
(-0001)
Book
Downloadable Citations
About USIR
Administrator e-mail: library-research@salford.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search