Högskolan i Skövde

his.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • apa-cv
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Towards Agile Cybersecurity Risk Management for Autonomous Software Engineering Teams
Department of Information and Communication Technology, Swedish Transport Administration, Borlänge, Sweden.ORCID iD: 0000-0001-6327-3565
Information Systems, Luleå University of Technology, Sweden.ORCID iD: 0000-0003-1692-5721
2022 (English)In: Journal of Cybersecurity and Privacy, E-ISSN 2624-800X, Vol. 2, no 2, p. 276-291Article in journal (Refereed) Published
Abstract [en]

In this study, a framework was developed, based on a literature review, to help managers incorporate cybersecurity risk management in agile development projects. The literature review used predefined codes that were developed by extending previously defined challenges in the literature—for developing secure software in agile projects—to include aspects of agile cybersecurity risk management. Five steps were identified based on the insights gained from how the reviewed literature has addressed each of the challenges: (1) risk collection; (2) risk refinement; (3) risk mitigation; (4) knowledge transfer; and (5) escalation. To assess the appropriateness of the identified steps, and to determine their inclusion or exclusion in the framework, a survey was submitted to 145 software developers using a four-point Likert scale to measure the attitudes towards each step. The resulting framework presented herein serves as a starting point to help managers and developers structure their agile projects in terms of cybersecurity risk management, supporting less overloaded agile processes, stakeholder insights on relevant risks, and increased security assurance.

Place, publisher, year, edition, pages
MDPI, 2022. Vol. 2, no 2, p. 276-291
Keywords [en]
agile methods, risk management, cybersecurity, agile risk management
National Category
Software Engineering
Identifiers
URN: urn:nbn:se:his:diva-22958DOI: 10.3390/jcp2020015OAI: oai:DiVA.org:his-22958DiVA, id: diva2:1779649
Note

CC BY 4.0

Funding: This research received no external funding.

Available from: 2023-07-04 Created: 2023-07-04 Last updated: 2024-08-30Bibliographically approved

Open Access in DiVA

fulltext(555 kB)170 downloads
File information
File name FULLTEXT01.pdfFile size 555 kBChecksum SHA-512
e1a5fe221335a96b9dc15450c3b4d413c0ccce323fb6aa5a00d9e8cc46744d495a85025210c105af6bd4c7dcba2116dea57c45b73a3a891ad987025fc454ea62
Type fulltextMimetype application/pdf

Other links

Publisher's full text

Authority records

Lundgren, Martin

Search in DiVA

By author/editor
Salin, HannesLundgren, Martin
In the same journal
Journal of Cybersecurity and Privacy
Software Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 170 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 145 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • apa-cv
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf