Skip to main content

Research Repository

Advanced Search

An empirical investigation of agile information systems development for cybersecurity

Ardo, AA; Bass, J; Gaber, T

An empirical investigation of agile information systems development for cybersecurity Thumbnail


Authors

AA Ardo

T Gaber



Contributors

M Themistocleous
Editor

M Papadaki
Editor

Abstract

Cybersecurity has been identified as a major challenge confronting the digital world,
neglecting cybersecurity techniques during software design and development increases the risk
of malicious attacks. Thus, there is a need to make security an integral part of the agile information system development process. In this exploratory study, we empirically explore the agile
security practices adopted by software developers and security professionals. Data was collected
by conducting ten semi-structured interviews with agile practitioners from seven companies in
the United Kingdom (UK). The study was conducted between August – November 2020. An
approach informed by grounded theory was used for data analysis including Open coding, Memoing, Constant comparison and Theoretical saturation. The security practices identified in this
study were categorized into roles, ceremonies and artefacts and mapped onto the different phases
of the Software Development Lifecycle (SDLC). We discovered practitioners use five artefacts:
security backlog documentation, software security baseline standards, security test plan templates, information security and security audit checklists; and that there are more artefacts than
roles and ceremonies. Also, while most practitioners rely on automated tools for software security
testing, only one practitioner mentioned conducting security tests manually. These practices that
we have identified comprise a novel taxonomy which form the main research contribution of this
paper.

Citation

Ardo, A., Bass, J., & Gaber, T. (2022). An empirical investigation of agile information systems development for cybersecurity. Lecture notes in business information processing (Internet), 567-581. https://doi.org/10.1007/978-3-030-95947-0_40

Journal Article Type Conference Paper
Conference Name 18th European, Mediterranean and Middle Eastern Conference on Information Systems (EMCIS) 2021
Conference Location Online
End Date Dec 9, 2021
Acceptance Date Nov 8, 2021
Online Publication Date Feb 16, 2022
Publication Date Feb 16, 2022
Deposit Date Jan 17, 2022
Publicly Available Date Feb 16, 2023
Journal Information Systems 18th European, Mediterranean, and Middle Eastern Conference, EMCIS 2021, Virtual Event, December 8–2, 2021, Proceedings
Print ISSN 1865-1348
Pages 567-581
Series Title Lecture Notes in Business Information Processing
Series Number 437
Book Title Information Systems : 18th European, Mediterranean, and Middle Eastern Conference, EMCIS 2021, Virtual Event, December 8–2, 2021, Proceedings
ISBN 9783030959463-(softcover);-9783030959470-(ebook)
DOI https://doi.org/10.1007/978-3-030-95947-0_40
Publisher URL https://doi.org/10.1007/978-3-030-95947-0_40
Related Public URLs https://emcis.eu/
https://doi.org/10.1007/978-3-030-95947-0
Additional Information Access Information : This version of the contribution has been accepted for publication, after peer review (when applicable) but is not the Version of Record and does not reflect post-acceptance improvements, or any corrections. The Version of Record is available online at: http://dx.doi.org/10.1007/978-3-030-95947-0_40. Use of this Accepted Version is subject to the publisher’s Accepted Manuscript terms of use https://www.springernature.com/gp/open-research/policies/accepted-manuscript-terms
Event Type : Conference

Files






You might also like



Downloadable Citations