Agile Development of Security-Critical Enterprise System

Agile Development of Security-Critical Enterprise System

Author: 
Ge, Xiaocheng
Place: 
Hershey, PA
Publisher: 
IGI Global
Date published: 
2012
Editor: 
Wang, Xiaofeng
Journal Title: 
Agile and Lean Service-Oriented Development
Source: 
Agile and Lean Service-Oriented Development
Abstract: 

The effective provision of security in an agile development requires a new approach: traditional security practices are bound to equally traditional development methods. However, there are concerns that security is difficult to build incrementally, and can prove prohibitively expensive to refactor. This chapter describes how to grow security, organically, within an agile project, by using an incremental security architecture that evolves with the code. The architecture provides an essential bridge between system-wide security properties and implementation mechanisms, a focus for understanding security in the project, and a trigger for security refactoring. The chapter also describes criteria that allow implementers to recognize when refactoring is needed, and a concrete example that contrasts incremental and "top-down" architectures.

Series: 
Advances in Computer and Electrical Engineering

CITATION: Ge, Xiaocheng. Agile Development of Security-Critical Enterprise System edited by Wang, Xiaofeng . Hershey, PA : IGI Global , 2012. Agile and Lean Service-Oriented Development - Available at: https://library.au.int/fragile-development-security-critical-enterprise-system