Abstract
The use of agile methodologies during software development is a common practice nowadays, mainly because they facilitate the delivery of value to the client and contribute to the viability of the project. However, security is an aspect that can hardly be contemplated when focusing on the development of functionalities. In the agile development team, responsibilities are diluted in the team and the individual competence of the members has to be relied upon. This paper proposes to extend the SCRUM methodology with new processes, artefacts, and roles to generate Security SCRUM (S-SCRUM). This methodology contemplates the guarantee of security in any project that uses it and claims the figure of the security expert as an indispensable figure in the development of large-scale software. As part of the proposal, the methodology has been used in a real project being developed by nine Spanish universities, Smart University, demonstrating its usefulness and contribution to both agility and system security, facilitating the delivery of secure value increments.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Gil JF, Úbeda SS, Carmona RM (2022) Unidigital project: the accessible university of the 21 th century: ındex termtowards the digital transformation of the Spanish University system. In: 2022 ınternational conference on ınclusive technologies and education (CONTIE). IEEE, pp 1–4
Ugwuanyi S, Irvine J (2020) Security analysis of IoT networks and platforms. In: 2020 international symposium on networks, computers and communications (ISNCC). IEEE, pp 1–6
Prabukusumo MA (2022) Big data analytics for cyber security. Proc Inform Conf 8(15):28–33
Stewart F (2004) Development and security. Conflict Secur Dev 4(3):261–288
Valdés-Rodríguez Y, Hochstetter-Diez J, Díaz-Arancibia J, Cadena-Martínez R (2023) Towards the integration of security practices in agile software development: a systematic mapping review. Appl Sci 13(7):4578
Alsaadi B, Saeedi K (2022) Data-driven effort estimation techniques of agile user stories: a systematic literature review. Artif Intell Rev 55(7):5485–5516
Takeuchi H, Nonaka I (1986) The new product development game. Harv Bus Rev 64(1):137–146
Ereiz Z, Mušić D (2019) Scrum without a scrum master. In: 2019 IEEE international conference on computer science and educational informatization (CSEI). IEEE, pp 325–328
Thomas TW, Tabassum M, Chu B, Lipford H (2018) Security during application development: an application security expert perspective. In: Proceedings of the 2018 CHI conference on human factors in computing systems, pp 1–12
Secretaría de Estado de Administraciones Públicas (2012) Magerit v.3: Metodología de análisis y gestión de riesgos de los sistemas de información
University of Alicante (2023). UniDigital Smart University Project. Corporate website of the project. Available online https://web.ua.es/es/smart/unidigital/proyecto-smartuni-unidigital.html
Beznosov K, Kruchten P (2004) Towards agile security assurance. In: Proceedings of the 2004 workshop on new security paradigms, pp 47–54
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Carriles, S.C., Martínez, J.V.B., Bernabéu, J.M.S., Pérez, F.M. (2024). S-SCRUM—Methodology for Software Securitisation at Agile Development. Application to Smart University. In: Joby, P.P., Alencar, M.S., Falkowski-Gilski, P. (eds) IoT Based Control Networks and Intelligent Systems. ICICNIS 2023. Lecture Notes in Networks and Systems, vol 789. Springer, Singapore. https://doi.org/10.1007/978-981-99-6586-1_3
Download citation
DOI: https://doi.org/10.1007/978-981-99-6586-1_3
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-99-6585-4
Online ISBN: 978-981-99-6586-1
eBook Packages: EngineeringEngineering (R0)