Agile has become the development methodology du jour and many companies are jumping on the bandwagon without fully understanding the methodology, its requirements, and its impact on the control environment. In his recent article on ISACA’s CSX Cybersecurity Nexus, Peter Davis points out that companies adopting Agile should not see it as an opportunity to skip documentation (especially related to security). Rather Agile is an opportunity for companies to plan their projects while allowing the flexibility to address changing end user demands. Additionally, Peter argues that security should be actively considered within the context of the Agile framework and not deferred until the last minute.
Has your organization adopted Agile? How have you integrated documentation and information security into the process?
Read the full article on ISACA’s website: Agile Is Fragile
Comments are closed.