This presentation was created for the SATURN conference series and does not necessarily reflect the positions and views of the Software Engineering Institute.
In this session, I will discuss the details of a security-management program that we established in our organization to build security and risk management aspects into all phases of the product-development life cycle. As part of this new program, we defined an agile, iterative, and repeatable security-architecture process that included touchpoints with security architecture and software-development processes at all levels of the Agile projects (feature, sprint, release, project, and product levels).
I will talk about the security-architecture assessments introduced to perform a high-level risk assessment of all the new products and services. I will also cover the security-architecture elements such as architecture framework components in the areas of security architecture, design, architecture governance, standards, identity and access management, system and information integrity, and security-information event management.