Agile Information Security Using ScrumJames R. Fitzer
Program: Information Technology: Capstone-Creative Project: Master of Science (MS)
Awarded: August 2015
Capstone Instructor: Dr. Novadean Watson-Stone
Abstract: The increased importance of information protection, coupled with rapidly changing security landscape, has led to information security professionals finding it difficult to stay ahead of emerging threats. This problem has been compounded by the increased prevalence of agile software development methodologies, which ensure a rapidly changing system. This project unifies the principles of Agile software development, particularly Scrum, with established security best practices in the form of a technical book for mass-market publication. The book provides a guidance and framework for using the Scrum method to construct an information security program, conduct risk assessments, and implement policies and controls. This is accomplished through a review of existing knowledge on the topics of agile development and information security, and the author’s work to unify the two. Additionally, it provides guidance on leading such a team, and lessons and anecdotes from the author’s experience conducting security management on the Northern Border Integration Demonstration (NBID), an agile project. The book will be published through mainstream retail outlets and presented at conferences and events.