Information Management examines in a recent post how Agile processes, such as scrum sprints, have become part of federal agencies’ increasing emphasis on managing cyber threats. Agile may hold some valuable benefits for organizations looking to ramp up security and deliver more quickly on solutions. But will some aspects of Agile, like Continuous Delivery, prove too difficult for government security strategies?
From the article:
Now apply[the Scrum method] to the U.S. government’s growing focus on cybersecurity. Following the high-profile Office of Personnel Management hack, Federal CIO Tony Scott in mid-June launched a 30-day Cybersecurity Sprint. As part of that effort, Federal agencies must:
> Immediately deploy indicators provided by DHS regarding priority threat-actor Techniques, Tactics, and Procedures to scan systems and check logs. Agencies shall inform DHS immediately if indicators return evidence of malicious cyber activity.
> Patch critical vulnerabilities without delay.
> Tighten policies and practices for privileged users.
> Dramatically accelerate implementation of multi-factor authentication, especially for privileged users.
. . . As the government and businesses attempt to navigate the threat landscape, it’s clear that new approaches — borrowed from Agile Software Development and Scrum Sprints — will influence the strategies.
However, the latest trend from the Agile mindset may also be the most challenging. It’s called Continuious Delivery. The idea is to consistently deliver new enhancements in a never-ending cycle.
Read the full post: Can Agile mindset Address Federal Cybersecurity? | Information Management