Location
Hilton Hawaiian Village, Honolulu, Hawaii
Event Website
https://hicss.hawaii.edu/
Start Date
3-1-2024 12:00 AM
End Date
6-1-2024 12:00 AM
Description
Organizations struggle to balance agile team autonomy and strict security governance in large-scale agile development environments. In particular, conventional top-down IT governance mechanisms often conflict with the desired autonomy of decentralized agile teams. Our research presents a novel approach to resolve the tension between security governance and development agility: a criteria-based security maturity assessment that enables greater autonomy for mature agile teams. Leveraging design science research, a literature review, and an interview study, we introduce two key contributions: a criteria catalog for evaluating a team's capabilities and a team security maturity model. Our expert evaluation confirms their value for systematically assessing the teams' capabilities to deliver secure and compliant applications, allowing organizations to grant more autonomy to mature teams and prioritize supporting lower-maturity teams. Future work could go beyond expert interviews and implement and evaluate the team security maturity model through a case study or experiments.
Recommended Citation
Nägele, Sascha; Watzelt, Jan-Philipp; and Matthes, Florian, "Assessing Team Security Maturity in Large-Scale Agile Development" (2024). Hawaii International Conference on System Sciences 2024 (HICSS-57). 4.
https://aisel.aisnet.org/hicss-57/st/agile_development/4
Assessing Team Security Maturity in Large-Scale Agile Development
Hilton Hawaiian Village, Honolulu, Hawaii
Organizations struggle to balance agile team autonomy and strict security governance in large-scale agile development environments. In particular, conventional top-down IT governance mechanisms often conflict with the desired autonomy of decentralized agile teams. Our research presents a novel approach to resolve the tension between security governance and development agility: a criteria-based security maturity assessment that enables greater autonomy for mature agile teams. Leveraging design science research, a literature review, and an interview study, we introduce two key contributions: a criteria catalog for evaluating a team's capabilities and a team security maturity model. Our expert evaluation confirms their value for systematically assessing the teams' capabilities to deliver secure and compliant applications, allowing organizations to grant more autonomy to mature teams and prioritize supporting lower-maturity teams. Future work could go beyond expert interviews and implement and evaluate the team security maturity model through a case study or experiments.
https://aisel.aisnet.org/hicss-57/st/agile_development/4