PaulDotCom mailing list archives

Agile SDLC

From: Megan Mauch <oneilme77 () gmail com>
Date: Mon, 25 Feb 2013 16:29:29 -0800

Hello,

My company is looking to move from Waterfall project framework to Agile.
Does anyone know of any good resources or examples that would be useful
in ceating a security framework for Agile. I've seen Microsoft's, its
really good but maybe a little overkill for the size of our company. We are
about 15% the size of MS.

I'm looking for:
How do we include security requirements in Agile, do we use User Stories or
Acceptance criteria?
Examples of highlevel security gates and program overview.
Since Agile is so lean and documentation is sparse, do folks create a
security assessment reports for the final project Go/NoGo?
Work flow examples?
Does anyone do self-service security assessments for smaller projects?
Given that Agile is a lean process, what security project documentation
besides requirements should be created?

Thanks,
Meg

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Current thread:

Agile SDLC Megan Mauch (Feb 25)
- Re: Agile SDLC Josh More (Feb 26)
  - Re: Agile SDLC Pat (Feb 26)
- <Possible follow-ups>
- Agile SDLC Matt Konda (Feb 26)
  - Re: Agile SDLC Kevin Shaw (Feb 26)