Thus, there is a need to make security an integral part of the agile information system development process. As a comparison, the corresponding figure, i.e., For security, was 1% in the previous development process.Ĭybersecurity has been identified as a major challenge confronting the digital world, neglecting cybersecurity techniques during software design and development increases the risk of malicious attacks. The security competence in SEAP accounts for 5% of the personnel cost in the mobile money transfer system project.
This is important, since an early correction may avoid severe attacks in the future. Furthermore, SEAP increased the proportion of risks that were corrected from 12.5% to 67.1%, i.e., More than a five times increment. The baseline development process left 50% of the risks unattended in the software version being developed, while SEAP reduced that figure to 22%. The previous software development process, i.e., The baseline process of the comparison outlined in this paper, required 2.7 employee hours spent for every risk identified in the analysis process compared to, on the average, 1.5 hours for the SEAP. In analyzing risks in the development of the mobile money transfer system, a general finding was that SEAP either solves risks that were previously postponed or solves a larger proportion of the risks in a timely manner. Another significant feature of SEAP is an integrated risk analysis process.
A specific characteristic of SEAP is that it includes a security group consisting of four different competences, i.e., Security manager, security architect, security master and penetration tester.
A security-enhanced agile software development process, SEAP, is introduced in the development of a mobile money transfer system at Ericsson Corp.
0 kommentar(er)
