SlideShare una empresa de Scribd logo

Agile/Scrum for IT Risk Professionals

Descargar como PPT, PDF
Dave Friesen
Dave Friesen
TecnologíaEmpresariales
1 de 30
Agile Software Development for IT Risk Control Professionals Dave Friesen, CISA, CMA, CISSP ISACA Willamette Valley Chapter January 2014
Today Walk through Agile  Scrum Key practice and risk+control considerations Dave Friesen 2
Agile Deliver early and continuously Adapt to changes Produce working software often Collaborate (tech teams, +business) Simplicity is essential Self-organizing teams excel source: agilemanifesto.org Dave Friesen 3
Why Agile? Deliver systems faster Respond to changes Create competitive advantage Increase transparency Improve quality Dave Friesen 4
Scrum Dave Friesen 5
Scrum has been used by Microsoft Yahoo Google Electronic Arts IBM Lockheed Martin Philips Siemens Nokia Capital One BBC Intuit Nielsen Media BMC Software Ipswitch John Deere Lexis Nexis Sabre Salesforce.com source: mountaingoatsoftware.com Dave Friesen 6
Scrum has been used for Commercial software Video game development In-house development FDA-approved, life-critical systems Contract development Satellite-control software Fixed-price projects Websites Financial applications Handheld software ISO 9001-certified applications Mobile phones Embedded systems Network switching applications 24x7 systems (3 9’s) ISV applications the Joint Strike Fighter source: mountaingoatsoftware.com Dave Friesen 7
Scrum roles: the Product Owner Drives Product vision, roadmap and business case Expertise? Defines and prioritizes Product requirements Experience? Determines releases, sequencing “Owns” budget Accepts (rejects) results Dave Friesen 8
the Team Delivers Product Cross-functional Self-organizing Small Expertise mix? (+nimble) Skill+ mix? Collaborative Committed? Dave Friesen 9
the ScrumMaster Drives Scrum process Removes “roadblocks” (Not resource or project manager) Goal: Make Team successful Dave Friesen 10
Scrum approach: work in Sprints Iterative design, code/configure, test Typically 2-4 weeks Fixed duration (never extended) No changes! Goal: Working software Dave Friesen 11
Sprints vs. Releases Dave Friesen 12
Context: Product Planning Product vision, roadmap Business drivers, goals Business case Product “ownership?” Strategic? (business, tech) Dependencies? Dave Friesen Needs, features Financial, people Portfolio, release views Sizing. . . 13
the Product Backlog All expected Product work Functional requirements Operational requirements Known issues Sized as possible Prioritized by Product Owner Dave Friesen 14
User Stories Discrete pieces of functionality Written from user perspective (human or technical) Enough detail for estimating, designing, testing Dave Friesen 15
Sprint Planning Product Owner and Team (ScrumMaster facilitates) Sprint Goal Prioritized User Stories Technical Tasks 16 Dave Friesen
the Sprint Backlog All expected Sprint work Technical to-do’s Team’s commitment Focused on Sprint Goal Dave Friesen 17
Tasks Operational coverage? Performance, capacity, availability? Process considerations? Coding, configuring, testing, design, R&D, + Interface controls? Typically n:1 with User Stories Security features? Estimates Regulatory/ compliance considerations? Sprint Task Board Dave Friesen 18
Sprint: Building the Product Design/Coding/ Configuring Consistent architecture and approach? Integrating Planned feature Development? Refactoring Secure development practices? Writing tests Frequent builds and integration? Security analysis (+action)? Usual controls: Source management; environments; + Dave Friesen 19
Sprint: Testing Speed of Agile Iterative throughout Sprint Scenario coverage? Unit testing? Frequent build:test ➝ rapid feedback Validates Stories and Tasks Goal: Build quality in Dave Friesen More than functional “Enough” documentation? Defect/issue management? User acceptance? Usual controls: independence, environments, + 20
Daily Scrums ScrumMaster and Team (others observe) Daily stand-up (15 minutes) Did yesterday? Doing today? Roadblocks? (risk management) Dave Friesen 21
Tracking Sprint Burndown How’s the work coming? Dave Friesen 22
Sprint Reviews Team, ScrumMaster, Product Owner; +”the world” Team demo’s (feedback) Informal; time-boxed Product Owner accepts (rejects) (Product Backlog updated) Dave Friesen 23
Working Software and Releases Business readiness? Operational readiness? Usual controls: approvals; contingency plans; environment/access; smoke test Dave Friesen 24
Sprint Retrospectives Team, ScrumMaster, Product Owner What is/isn’t working Accurate estimates? Complete Sprints? Release quality? Release effectiveness? Goal: Continuous improvement Dave Friesen 25
and iterate Dave Friesen 26
Agile Values Individuals and interactions over Processes and tools Working software over Comprehensive documentation Customer collaboration over Contract negotiation over Following a plan Responding to change source: agilemanifesto.org (mountaingoatsoftware.com) Dave Friesen 27
Questions?
Resources www.scrumalliance.org www.mountaingoatsoftware.com Dave Friesen 29
Agile/Scrum for IT Risk Professionals

Recomendados

Risk Management in an Agile Environment
Risk Management in an Agile EnvironmentRisk Management in an Agile Environment
Risk Management in an Agile EnvironmentIntland Software GmbH
 
Agile and Risk Management: How Agile Becomes Risky Business
Agile and Risk Management: How Agile Becomes Risky BusinessAgile and Risk Management: How Agile Becomes Risky Business
Agile and Risk Management: How Agile Becomes Risky BusinessITpreneurs
 
Agile IS Risk Management - Agile 2014 - Antifragile
Agile IS Risk Management - Agile 2014 - AntifragileAgile IS Risk Management - Agile 2014 - Antifragile
Agile IS Risk Management - Agile 2014 - AntifragileKen Rubin
 
Risk management in an Agile way - presented at Agile Testing Days 2013
Risk management in an Agile way - presented at Agile Testing Days 2013Risk management in an Agile way - presented at Agile Testing Days 2013
Risk management in an Agile way - presented at Agile Testing Days 2013Edwin Loon, van
 
Using JIRA to Manage Project Management Risks and Issues
Using JIRA to Manage Project Management Risks and Issues Using JIRA to Manage Project Management Risks and Issues
Using JIRA to Manage Project Management Risks and Issues Michael J Geiser
 
Create Agile confidence for better application security
Create Agile confidence for better application securityCreate Agile confidence for better application security
Create Agile confidence for better application securityRogue Wave Software
 
Managing Application Security Risk in Enterprises - Thoughts and recommendations
Managing Application Security Risk in Enterprises - Thoughts and recommendationsManaging Application Security Risk in Enterprises - Thoughts and recommendations
Managing Application Security Risk in Enterprises - Thoughts and recommendationsThierry Zoller
 
Using JIRA for Risk Based Testing - QASymphony Webinar
Using JIRA for Risk Based Testing - QASymphony WebinarUsing JIRA for Risk Based Testing - QASymphony Webinar
Using JIRA for Risk Based Testing - QASymphony WebinarQASymphony
 

Recomendados

Risk Management in an Agile Environment
Risk Management in an Agile EnvironmentRisk Management in an Agile Environment
Risk Management in an Agile EnvironmentIntland Software GmbH
 
Agile and Risk Management: How Agile Becomes Risky Business
Agile and Risk Management: How Agile Becomes Risky BusinessAgile and Risk Management: How Agile Becomes Risky Business
Agile and Risk Management: How Agile Becomes Risky BusinessITpreneurs
 
Agile IS Risk Management - Agile 2014 - Antifragile
Agile IS Risk Management - Agile 2014 - AntifragileAgile IS Risk Management - Agile 2014 - Antifragile
Agile IS Risk Management - Agile 2014 - AntifragileKen Rubin
 
Risk management in an Agile way - presented at Agile Testing Days 2013
Risk management in an Agile way - presented at Agile Testing Days 2013Risk management in an Agile way - presented at Agile Testing Days 2013
Risk management in an Agile way - presented at Agile Testing Days 2013Edwin Loon, van
 
Using JIRA to Manage Project Management Risks and Issues
Using JIRA to Manage Project Management Risks and Issues Using JIRA to Manage Project Management Risks and Issues
Using JIRA to Manage Project Management Risks and Issues Michael J Geiser
 
Create Agile confidence for better application security
Create Agile confidence for better application securityCreate Agile confidence for better application security
Create Agile confidence for better application securityRogue Wave Software
 
Managing Application Security Risk in Enterprises - Thoughts and recommendations
Managing Application Security Risk in Enterprises - Thoughts and recommendationsManaging Application Security Risk in Enterprises - Thoughts and recommendations
Managing Application Security Risk in Enterprises - Thoughts and recommendationsThierry Zoller
 
Using JIRA for Risk Based Testing - QASymphony Webinar
Using JIRA for Risk Based Testing - QASymphony WebinarUsing JIRA for Risk Based Testing - QASymphony Webinar
Using JIRA for Risk Based Testing - QASymphony WebinarQASymphony
 
2018 State Of DevOps Report Key Findings
2018 State Of DevOps Report Key Findings2018 State Of DevOps Report Key Findings
2018 State Of DevOps Report Key FindingsEficode
 
Terry Johns: Uncertainty - understanding the impact and the importance of rec...
Terry Johns: Uncertainty - understanding the impact and the importance of rec...Terry Johns: Uncertainty - understanding the impact and the importance of rec...
Terry Johns: Uncertainty - understanding the impact and the importance of rec...Association for Project Management
 
Integration Of Prince2® And M O R® 1 John Fisher
Integration Of Prince2® And M O R® 1 John FisherIntegration Of Prince2® And M O R® 1 John Fisher
Integration Of Prince2® And M O R® 1 John FisherBPUG Congress
 
Enterprise risk management presentation to APM SWWE branch
Enterprise risk management presentation to APM SWWE branchEnterprise risk management presentation to APM SWWE branch
Enterprise risk management presentation to APM SWWE branchAssociation for Project Management
 
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020Brian Levine
 
OWASP AppSec EU 2016 - Security Project Management - How to be Agile in Secu...
OWASP AppSec EU 2016 - Security Project Management - How to be Agile in Secu...OWASP AppSec EU 2016 - Security Project Management - How to be Agile in Secu...
OWASP AppSec EU 2016 - Security Project Management - How to be Agile in Secu...Simone Onofri
 
Derek Wright: risk v uncertainty case study
Derek Wright: risk v uncertainty case studyDerek Wright: risk v uncertainty case study
Derek Wright: risk v uncertainty case studyAssociation for Project Management
 
ClickSoftware Agile Tranistion by Meny Duek
ClickSoftware Agile Tranistion by Meny DuekClickSoftware Agile Tranistion by Meny Duek
ClickSoftware Agile Tranistion by Meny DuekAgileSparks
 
Basic risk management presentation 17th june 2015
Basic risk management presentation 17th june 2015Basic risk management presentation 17th june 2015
Basic risk management presentation 17th june 2015Association for Project Management
 
Procept Risk Workshop 2007
Procept Risk Workshop 2007Procept Risk Workshop 2007
Procept Risk Workshop 2007Procept Associates
 
Security Champions - Introduce them in your Organisation
Security Champions - Introduce them in your OrganisationSecurity Champions - Introduce them in your Organisation
Security Champions - Introduce them in your OrganisationIves Laaf
 
Lean Software Development
Lean Software DevelopmentLean Software Development
Lean Software DevelopmentSaqib Raza
 
Augury's Journey Towards CD by Assaf Mizrachi
Augury's Journey Towards CD by Assaf Mizrachi Augury's Journey Towards CD by Assaf Mizrachi
Augury's Journey Towards CD by Assaf Mizrachi AgileSparks
 
SDLC Smashup
SDLC SmashupSDLC Smashup
SDLC SmashupLester Martin
 
[Agile Portugal 2014] - Agile Decision Support System for Upper Management - ...
[Agile Portugal 2014] - Agile Decision Support System for Upper Management - ...[Agile Portugal 2014] - Agile Decision Support System for Upper Management - ...
[Agile Portugal 2014] - Agile Decision Support System for Upper Management - ...Pedro Henriques
 
How should we build that? Evolving a development environment that's suitable ...
How should we build that? Evolving a development environment that's suitable ...How should we build that? Evolving a development environment that's suitable ...
How should we build that? Evolving a development environment that's suitable ...AdaCore
 
Agile Software Development With SCRUM
Agile Software Development With SCRUMAgile Software Development With SCRUM
Agile Software Development With SCRUMAlexey Krivitsky
 
Project Management Uncertainty, Presented by upul chanaka from Sri Lanka
Project Management Uncertainty, Presented by upul chanaka from Sri Lanka Project Management Uncertainty, Presented by upul chanaka from Sri Lanka
Project Management Uncertainty, Presented by upul chanaka from Sri Lanka Upul Chanaka
 
What is Agile Methodology?
What is Agile Methodology?What is Agile Methodology?
What is Agile Methodology?QA InfoTech
 
Agile Methodology
Agile MethodologyAgile Methodology
Agile MethodologySuresh Krishna Madhuvarsu
 
Testing and DevOps Culture: Lessons Learned
Testing and DevOps Culture: Lessons LearnedTesting and DevOps Culture: Lessons Learned
Testing and DevOps Culture: Lessons LearnedLB Denker
 
case analysis 2.1.docxby Urusha PandeySubmission date 2.docx
case analysis 2.1.docxby Urusha PandeySubmission date 2.docxcase analysis 2.1.docxby Urusha PandeySubmission date 2.docx
case analysis 2.1.docxby Urusha PandeySubmission date 2.docxcowinhelen
 

Más contenido relacionado

La actualidad más candente

2018 State Of DevOps Report Key Findings
2018 State Of DevOps Report Key Findings2018 State Of DevOps Report Key Findings
2018 State Of DevOps Report Key FindingsEficode
 
Terry Johns: Uncertainty - understanding the impact and the importance of rec...
Terry Johns: Uncertainty - understanding the impact and the importance of rec...Terry Johns: Uncertainty - understanding the impact and the importance of rec...
Terry Johns: Uncertainty - understanding the impact and the importance of rec...Association for Project Management
 
Integration Of Prince2® And M O R® 1 John Fisher
Integration Of Prince2® And M O R® 1 John FisherIntegration Of Prince2® And M O R® 1 John Fisher
Integration Of Prince2® And M O R® 1 John FisherBPUG Congress
 
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020Brian Levine
 
OWASP AppSec EU 2016 - Security Project Management - How to be Agile in Secu...
OWASP AppSec EU 2016 - Security Project Management - How to be Agile in Secu...OWASP AppSec EU 2016 - Security Project Management - How to be Agile in Secu...
OWASP AppSec EU 2016 - Security Project Management - How to be Agile in Secu...Simone Onofri
 
ClickSoftware Agile Tranistion by Meny Duek
ClickSoftware Agile Tranistion by Meny DuekClickSoftware Agile Tranistion by Meny Duek
ClickSoftware Agile Tranistion by Meny DuekAgileSparks
 
Security Champions - Introduce them in your Organisation
Security Champions - Introduce them in your OrganisationSecurity Champions - Introduce them in your Organisation
Security Champions - Introduce them in your OrganisationIves Laaf
 
Lean Software Development
Lean Software DevelopmentLean Software Development
Lean Software DevelopmentSaqib Raza
 
Augury's Journey Towards CD by Assaf Mizrachi
Augury's Journey Towards CD by Assaf Mizrachi Augury's Journey Towards CD by Assaf Mizrachi
Augury's Journey Towards CD by Assaf Mizrachi AgileSparks
 
[Agile Portugal 2014] - Agile Decision Support System for Upper Management - ...
[Agile Portugal 2014] - Agile Decision Support System for Upper Management - ...[Agile Portugal 2014] - Agile Decision Support System for Upper Management - ...
[Agile Portugal 2014] - Agile Decision Support System for Upper Management - ...Pedro Henriques
 
How should we build that? Evolving a development environment that's suitable ...
How should we build that? Evolving a development environment that's suitable ...How should we build that? Evolving a development environment that's suitable ...
How should we build that? Evolving a development environment that's suitable ...AdaCore
 
Agile Software Development With SCRUM
Agile Software Development With SCRUMAgile Software Development With SCRUM
Agile Software Development With SCRUMAlexey Krivitsky
 
Project Management Uncertainty, Presented by upul chanaka from Sri Lanka
Project Management Uncertainty, Presented by upul chanaka from Sri Lanka Project Management Uncertainty, Presented by upul chanaka from Sri Lanka
Project Management Uncertainty, Presented by upul chanaka from Sri Lanka Upul Chanaka
 
What is Agile Methodology?
What is Agile Methodology?What is Agile Methodology?
What is Agile Methodology?QA InfoTech
 

La actualidad más candente (20)

2018 State Of DevOps Report Key Findings
2018 State Of DevOps Report Key Findings2018 State Of DevOps Report Key Findings
2018 State Of DevOps Report Key Findings
 
Terry Johns: Uncertainty - understanding the impact and the importance of rec...
Terry Johns: Uncertainty - understanding the impact and the importance of rec...Terry Johns: Uncertainty - understanding the impact and the importance of rec...
Terry Johns: Uncertainty - understanding the impact and the importance of rec...
 
Integration Of Prince2® And M O R® 1 John Fisher
Integration Of Prince2® And M O R® 1 John FisherIntegration Of Prince2® And M O R® 1 John Fisher
Integration Of Prince2® And M O R® 1 John Fisher
 
Enterprise risk management presentation to APM SWWE branch
Enterprise risk management presentation to APM SWWE branchEnterprise risk management presentation to APM SWWE branch
Enterprise risk management presentation to APM SWWE branch
 
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
 
OWASP AppSec EU 2016 - Security Project Management - How to be Agile in Secu...
OWASP AppSec EU 2016 - Security Project Management - How to be Agile in Secu...OWASP AppSec EU 2016 - Security Project Management - How to be Agile in Secu...
OWASP AppSec EU 2016 - Security Project Management - How to be Agile in Secu...
 
Derek Wright: risk v uncertainty case study
Derek Wright: risk v uncertainty case studyDerek Wright: risk v uncertainty case study
Derek Wright: risk v uncertainty case study
 
ClickSoftware Agile Tranistion by Meny Duek
ClickSoftware Agile Tranistion by Meny DuekClickSoftware Agile Tranistion by Meny Duek
ClickSoftware Agile Tranistion by Meny Duek
 
Basic risk management presentation 17th june 2015
Basic risk management presentation 17th june 2015Basic risk management presentation 17th june 2015
Basic risk management presentation 17th june 2015
 
Procept Risk Workshop 2007
Procept Risk Workshop 2007Procept Risk Workshop 2007
Procept Risk Workshop 2007
 
Security Champions - Introduce them in your Organisation
Security Champions - Introduce them in your OrganisationSecurity Champions - Introduce them in your Organisation
Security Champions - Introduce them in your Organisation
 
Lean Software Development
Lean Software DevelopmentLean Software Development
Lean Software Development
 
Augury's Journey Towards CD by Assaf Mizrachi
Augury's Journey Towards CD by Assaf Mizrachi Augury's Journey Towards CD by Assaf Mizrachi
Augury's Journey Towards CD by Assaf Mizrachi
 
SDLC Smashup
SDLC SmashupSDLC Smashup
SDLC Smashup
 
[Agile Portugal 2014] - Agile Decision Support System for Upper Management - ...
[Agile Portugal 2014] - Agile Decision Support System for Upper Management - ...[Agile Portugal 2014] - Agile Decision Support System for Upper Management - ...
[Agile Portugal 2014] - Agile Decision Support System for Upper Management - ...
 
How should we build that? Evolving a development environment that's suitable ...
How should we build that? Evolving a development environment that's suitable ...How should we build that? Evolving a development environment that's suitable ...
How should we build that? Evolving a development environment that's suitable ...
 
Agile Software Development With SCRUM
Agile Software Development With SCRUMAgile Software Development With SCRUM
Agile Software Development With SCRUM
 
Project Management Uncertainty, Presented by upul chanaka from Sri Lanka
Project Management Uncertainty, Presented by upul chanaka from Sri Lanka Project Management Uncertainty, Presented by upul chanaka from Sri Lanka
Project Management Uncertainty, Presented by upul chanaka from Sri Lanka
 
What is Agile Methodology?
What is Agile Methodology?What is Agile Methodology?
What is Agile Methodology?
 
Agile Methodology
Agile MethodologyAgile Methodology
Agile Methodology
 

Similar a Agile/Scrum for IT Risk Professionals

Testing and DevOps Culture: Lessons Learned
Testing and DevOps Culture: Lessons LearnedTesting and DevOps Culture: Lessons Learned
Testing and DevOps Culture: Lessons LearnedLB Denker
 
case analysis 2.1.docxby Urusha PandeySubmission date 2.docx
case analysis 2.1.docxby Urusha PandeySubmission date 2.docxcase analysis 2.1.docxby Urusha PandeySubmission date 2.docx
case analysis 2.1.docxby Urusha PandeySubmission date 2.docxcowinhelen
 
Automated Deployment in Support of Continuous Integration to Transform SDLC
Automated Deployment in Support of Continuous Integration to Transform SDLCAutomated Deployment in Support of Continuous Integration to Transform SDLC
Automated Deployment in Support of Continuous Integration to Transform SDLCDerek Chang
 
Succeeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalSucceeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalrkadayam
 
The Journey to Continuous Delivery
The Journey to Continuous DeliveryThe Journey to Continuous Delivery
The Journey to Continuous DeliveryXPDays
 
Agile & DevOps - It's all about project success
Agile & DevOps - It's all about project successAgile & DevOps - It's all about project success
Agile & DevOps - It's all about project successAdam Stephensen
 
Devops security-An Insight into Secure-SDLC
Devops security-An Insight into Secure-SDLCDevops security-An Insight into Secure-SDLC
Devops security-An Insight into Secure-SDLCSuman Sourav
 
SCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsSCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsStefan Streichsbier
 
Дмитро Терещенко, "How to secure your application with Secure SDLC"
Дмитро Терещенко, "How to secure your application with Secure SDLC"Дмитро Терещенко, "How to secure your application with Secure SDLC"
Дмитро Терещенко, "How to secure your application with Secure SDLC"Sigma Software
 
Secure Agile SDLC BSides 14 - 2017 - Raphael Denipotti
Secure Agile SDLC BSides 14 - 2017 - Raphael DenipottiSecure Agile SDLC BSides 14 - 2017 - Raphael Denipotti
Secure Agile SDLC BSides 14 - 2017 - Raphael DenipottiRaphael Denipotti
 
IBM Rational AppScan Product Overview
IBM Rational AppScan Product OverviewIBM Rational AppScan Product Overview
IBM Rational AppScan Product OverviewAshish Patel
 
PIRATEs of the Software Supply Chain.pdf
PIRATEs of the Software Supply Chain.pdfPIRATEs of the Software Supply Chain.pdf
PIRATEs of the Software Supply Chain.pdfTAURUSEER
 
Agile-plus-DevOps Testing for Packaged Applications
Agile-plus-DevOps Testing for Packaged ApplicationsAgile-plus-DevOps Testing for Packaged Applications
Agile-plus-DevOps Testing for Packaged ApplicationsWorksoft
 
Appsec Agility: A Brief Tour
Appsec Agility: A Brief TourAppsec Agility: A Brief Tour
Appsec Agility: A Brief TourRobert Keefer
 
The Continuous delivery value - Funaro
The Continuous delivery value - FunaroThe Continuous delivery value - Funaro
The Continuous delivery value - FunaroCodemotion
 
The Continuous delivery Value @ codemotion 2014
The Continuous delivery Value @ codemotion 2014The Continuous delivery Value @ codemotion 2014
The Continuous delivery Value @ codemotion 2014David Funaro
 
Application Security - Dont leave your AppSec for the last moment Meetup 2104...
Application Security - Dont leave your AppSec for the last moment Meetup 2104...Application Security - Dont leave your AppSec for the last moment Meetup 2104...
Application Security - Dont leave your AppSec for the last moment Meetup 2104...lior mazor
 
First Line Of Defense: How contractors can become software factories to suppo...
First Line Of Defense: How contractors can become software factories to suppo...First Line Of Defense: How contractors can become software factories to suppo...
First Line Of Defense: How contractors can become software factories to suppo...Tasktop
 
How can you deliver a secure product
How can you deliver a secure productHow can you deliver a secure product
How can you deliver a secure productMichael Furman
 

Similar a Agile/Scrum for IT Risk Professionals (20)

Testing and DevOps Culture: Lessons Learned
Testing and DevOps Culture: Lessons LearnedTesting and DevOps Culture: Lessons Learned
Testing and DevOps Culture: Lessons Learned
 
case analysis 2.1.docxby Urusha PandeySubmission date 2.docx
case analysis 2.1.docxby Urusha PandeySubmission date 2.docxcase analysis 2.1.docxby Urusha PandeySubmission date 2.docx
case analysis 2.1.docxby Urusha PandeySubmission date 2.docx
 
Automated Deployment in Support of Continuous Integration to Transform SDLC
Automated Deployment in Support of Continuous Integration to Transform SDLCAutomated Deployment in Support of Continuous Integration to Transform SDLC
Automated Deployment in Support of Continuous Integration to Transform SDLC
 
Succeeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalSucceeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps final
 
Kim Carter (BinaryMist)
Kim Carter (BinaryMist)Kim Carter (BinaryMist)
Kim Carter (BinaryMist)
 
The Journey to Continuous Delivery
The Journey to Continuous DeliveryThe Journey to Continuous Delivery
The Journey to Continuous Delivery
 
Agile & DevOps - It's all about project success
Agile & DevOps - It's all about project successAgile & DevOps - It's all about project success
Agile & DevOps - It's all about project success
 
Devops security-An Insight into Secure-SDLC
Devops security-An Insight into Secure-SDLCDevops security-An Insight into Secure-SDLC
Devops security-An Insight into Secure-SDLC
 
SCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsSCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOps
 
Дмитро Терещенко, "How to secure your application with Secure SDLC"
Дмитро Терещенко, "How to secure your application with Secure SDLC"Дмитро Терещенко, "How to secure your application with Secure SDLC"
Дмитро Терещенко, "How to secure your application with Secure SDLC"
 
Secure Agile SDLC BSides 14 - 2017 - Raphael Denipotti
Secure Agile SDLC BSides 14 - 2017 - Raphael DenipottiSecure Agile SDLC BSides 14 - 2017 - Raphael Denipotti
Secure Agile SDLC BSides 14 - 2017 - Raphael Denipotti
 
IBM Rational AppScan Product Overview
IBM Rational AppScan Product OverviewIBM Rational AppScan Product Overview
IBM Rational AppScan Product Overview
 
PIRATEs of the Software Supply Chain.pdf
PIRATEs of the Software Supply Chain.pdfPIRATEs of the Software Supply Chain.pdf
PIRATEs of the Software Supply Chain.pdf
 
Agile-plus-DevOps Testing for Packaged Applications
Agile-plus-DevOps Testing for Packaged ApplicationsAgile-plus-DevOps Testing for Packaged Applications
Agile-plus-DevOps Testing for Packaged Applications
 
Appsec Agility: A Brief Tour
Appsec Agility: A Brief TourAppsec Agility: A Brief Tour
Appsec Agility: A Brief Tour
 
The Continuous delivery value - Funaro
The Continuous delivery value - FunaroThe Continuous delivery value - Funaro
The Continuous delivery value - Funaro
 
The Continuous delivery Value @ codemotion 2014
The Continuous delivery Value @ codemotion 2014The Continuous delivery Value @ codemotion 2014
The Continuous delivery Value @ codemotion 2014
 
Application Security - Dont leave your AppSec for the last moment Meetup 2104...
Application Security - Dont leave your AppSec for the last moment Meetup 2104...Application Security - Dont leave your AppSec for the last moment Meetup 2104...
Application Security - Dont leave your AppSec for the last moment Meetup 2104...
 
First Line Of Defense: How contractors can become software factories to suppo...
First Line Of Defense: How contractors can become software factories to suppo...First Line Of Defense: How contractors can become software factories to suppo...
First Line Of Defense: How contractors can become software factories to suppo...
 
How can you deliver a secure product
How can you deliver a secure productHow can you deliver a secure product
How can you deliver a secure product
 

Último

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 

Último (20)

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 

Agile/Scrum for IT Risk Professionals

  • 1. Agile Software Development for IT Risk Control Professionals Dave Friesen, CISA, CMA, CISSP ISACA Willamette Valley Chapter January 2014
  • 2. Today Walk through Agile  Scrum Key practice and risk+control considerations Dave Friesen 2
  • 3. Agile Deliver early and continuously Adapt to changes Produce working software often Collaborate (tech teams, +business) Simplicity is essential Self-organizing teams excel source: agilemanifesto.org Dave Friesen 3
  • 4. Why Agile? Deliver systems faster Respond to changes Create competitive advantage Increase transparency Improve quality Dave Friesen 4
  • 6. Scrum has been used by Microsoft Yahoo Google Electronic Arts IBM Lockheed Martin Philips Siemens Nokia Capital One BBC Intuit Nielsen Media BMC Software Ipswitch John Deere Lexis Nexis Sabre Salesforce.com source: mountaingoatsoftware.com Dave Friesen 6
  • 7. Scrum has been used for Commercial software Video game development In-house development FDA-approved, life-critical systems Contract development Satellite-control software Fixed-price projects Websites Financial applications Handheld software ISO 9001-certified applications Mobile phones Embedded systems Network switching applications 24x7 systems (3 9’s) ISV applications the Joint Strike Fighter source: mountaingoatsoftware.com Dave Friesen 7
  • 8. Scrum roles: the Product Owner Drives Product vision, roadmap and business case Expertise? Defines and prioritizes Product requirements Experience? Determines releases, sequencing “Owns” budget Accepts (rejects) results Dave Friesen 8
  • 9. the Team Delivers Product Cross-functional Self-organizing Small Expertise mix? (+nimble) Skill+ mix? Collaborative Committed? Dave Friesen 9
  • 10. the ScrumMaster Drives Scrum process Removes “roadblocks” (Not resource or project manager) Goal: Make Team successful Dave Friesen 10
  • 11. Scrum approach: work in Sprints Iterative design, code/configure, test Typically 2-4 weeks Fixed duration (never extended) No changes! Goal: Working software Dave Friesen 11
  • 13. Context: Product Planning Product vision, roadmap Business drivers, goals Business case Product “ownership?” Strategic? (business, tech) Dependencies? Dave Friesen Needs, features Financial, people Portfolio, release views Sizing. . . 13
  • 14. the Product Backlog All expected Product work Functional requirements Operational requirements Known issues Sized as possible Prioritized by Product Owner Dave Friesen 14
  • 15. User Stories Discrete pieces of functionality Written from user perspective (human or technical) Enough detail for estimating, designing, testing Dave Friesen 15
  • 16. Sprint Planning Product Owner and Team (ScrumMaster facilitates) Sprint Goal Prioritized User Stories Technical Tasks 16 Dave Friesen
  • 17. the Sprint Backlog All expected Sprint work Technical to-do’s Team’s commitment Focused on Sprint Goal Dave Friesen 17
  • 18. Tasks Operational coverage? Performance, capacity, availability? Process considerations? Coding, configuring, testing, design, R&D, + Interface controls? Typically n:1 with User Stories Security features? Estimates Regulatory/ compliance considerations? Sprint Task Board Dave Friesen 18
  • 19. Sprint: Building the Product Design/Coding/ Configuring Consistent architecture and approach? Integrating Planned feature Development? Refactoring Secure development practices? Writing tests Frequent builds and integration? Security analysis (+action)? Usual controls: Source management; environments; + Dave Friesen 19
  • 20. Sprint: Testing Speed of Agile Iterative throughout Sprint Scenario coverage? Unit testing? Frequent build:test ➝ rapid feedback Validates Stories and Tasks Goal: Build quality in Dave Friesen More than functional “Enough” documentation? Defect/issue management? User acceptance? Usual controls: independence, environments, + 20
  • 21. Daily Scrums ScrumMaster and Team (others observe) Daily stand-up (15 minutes) Did yesterday? Doing today? Roadblocks? (risk management) Dave Friesen 21
  • 22. Tracking Sprint Burndown How’s the work coming? Dave Friesen 22
  • 23. Sprint Reviews Team, ScrumMaster, Product Owner; +”the world” Team demo’s (feedback) Informal; time-boxed Product Owner accepts (rejects) (Product Backlog updated) Dave Friesen 23
  • 24. Working Software and Releases Business readiness? Operational readiness? Usual controls: approvals; contingency plans; environment/access; smoke test Dave Friesen 24
  • 25. Sprint Retrospectives Team, ScrumMaster, Product Owner What is/isn’t working Accurate estimates? Complete Sprints? Release quality? Release effectiveness? Goal: Continuous improvement Dave Friesen 25
  • 27. Agile Values Individuals and interactions over Processes and tools Working software over Comprehensive documentation Customer collaboration over Contract negotiation over Following a plan Responding to change source: agilemanifesto.org (mountaingoatsoftware.com) Dave Friesen 27