Abstract
Security is increasingly recognized as an important aspect of software development processes. In agile software development, adoption of security practices is still facing a lot of challenges due to the perception and management of software teams. A security champion is an important strategic mechanism for creating a better security culture, however it is little known about how they can be achieved. In this paper, we present the results of a systematic literature review investigating approaches to establishing and maintaining a security champion in an organization with Agile teams. Gathering empirical evidence from 11 primary studies, we presented how security champion is characterized, the conditions for establishing and reported challenges in maintaining security champion programs. One of our main findings is a classification schema of 14 steps and 32 actions can be taken to establish a security champion program. The study has practical recommendations for organizations who want to establish or improve their security program in Agile teams.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Lipner, S.: The trustworthy computing security development lifecycle. In: 20th Annual Computer Security Applications Conference, pp. 2–13 (2004). https://doi.org/10.1109/CSAC.2004.41
https://www.oxfordlearnersdictionaries.com/definition/american_english/innovation
Alshaikh, M.: Developing cybersecurity culture to influence employee behavior: a practice perspective. Comput. Secur. 98, 102003 (2020)
Alshaikh, M., Adamson, B.: From awareness to influence: toward a model for improving employees’ security behaviour. Personal Ubiquitous Comput. 25(2), 1–13 (2021)
Antukh, A.: OWASP Security Champions Guidebook – OWASP Foundation (2017)
Beatty, C.A., Gordon, J.R.M.: Preaching the gospel: the evangelists of new technology. California Manage. Rev. 33(3), 73–94 (1991)
Berg, V., Birkeland, J., Nguyen-Duc, A., Pappas, I.O., Jaccheri, L.: Software startup engineering: a systematic mapping study. J. Syst. Softw. 144, 255–274 (2018)
Cico, O., Jaccheri, L., Nguyen-Duc, A., Zhang, H.: Exploring the intersection between software industry and software engineering education - a systematic mapping of software engineering trends. J. Syst. Softw. 172, 110736 (2020)
Gabriel, T., Furnell, S.: Selecting security champions. Comput. Fraud Secur. 2011(8), 8–12 (2011)
Haney, J., Lutters, W., Jacobs, J.: Cybersecurity advocates: force multipliers in security behavior change. IEEE Secur. Privacy 19(4), 54–59 (2021)
Haney, J.M., Lutters, W.G.: The work of cybersecurity advocates. In: Proceedings of the 2017 CHI Conference Extended Abstracts on Human Factors in Computing Systems, pp. 1663–1670 (2017)
Howell, J.M.: The right stuff: identifying and developing effective champions of innovation. Acad. Manage. Perspect. 19(2), 108–119 (2005)
Jaatun, M.G., Cruzes, D.S.: Care and feeding of your security champion. In: 2021 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), pp. 1–7. IEEE (2021)
Jenssen, J.I., Jørgensen, G.: How do corporate champions promote innovations? Int. J. Innov. Manag. 8(01), 63–86 (2004)
Keele, S., et al.: Guidelines for performing systematic literature reviews in software engineering. Technical report, Technical report, Ver. 2.3 EBSE Technical Report. EBSE (2007)
Kitchenham, B.: Procedures for performing systematic reviews. Keele, UK, Keele University, vol. 33, pp. 1–26 (2004)
Morgan, G.: Riding the waves of change. Imaginization Inc (2013)
Nguyen-Duc, A., Cruzes, D.S., Conradi, R.: The impact of global dispersion on coordination, team performance and software quality - a systematic literature review, vol. 57, pp. 277–294
Okere, I., Van Niekerk, J., Carroll, M.: Assessing information security culture: a critical analysis of current approaches. In: 2012 Information Security for South Africa, pp. 1–8. IEEE (2012)
Oueslati, H., Rahman, M.M., ben Othmane, l.: Literature review of the challenges of developing secure software using the agile approach. In: 2015 10th International Conference on Availability, Reliability and Security, pp. 540–547 (2015)
Oyetoyan, T.D., Jaatun, M.G., Cruzes, D.S.: A lightweight measurement of software security skills, usage and training needs in agile teams, vol. 8, no. 1, pp. 1–27. Publisher: IGI Global
Riisom, K.R., Hubel, M.S., Alradhi, H.M., Nielsen, N.B., Kuusinen, K., Jabangwe, R.: Software security in agile software development: a literature review of challenges and solutions. In: Proceedings of the 19th International Conference on Agile Software Development: Companion, pp. 1–5 (2018)
Ryan, I., Roedig, U., Stol, K.-J.: Understanding developer security archetypes. In: 2021 IEEE/ACM 2nd International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS), pp. 37–40. IEEE (2021)
Shea, C.M.: A conceptual model to guide research on the activities and effects of innovation champions. Implementation Res. Pract. 2, 2633489521990443 (2021)
Thomas, T.W., Tabassum, M., Chu, B., Lipford, H.: Security during application development: An application security expert perspective. In: Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems, pp. 1–12 (2018)
Van de Ven, A.H.: Central problems in the management of innovation. Manage. Sci. 32(5), 590–607 (1986)
Van Niekerk, J., Von Solms, R.: A holistic framework for the fostering of an information security sub-culture in organizations. In: Issa, vol. 1 (2005)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Aalvik, H., Nguyen-Duc, A., Cruzes, D.S., Iovan, M. (2023). Establishing a Security Champion in Agile Software Teams: A Systematic Literature Review. In: Arai, K. (eds) Advances in Information and Communication. FICC 2023. Lecture Notes in Networks and Systems, vol 652. Springer, Cham. https://doi.org/10.1007/978-3-031-28073-3_53
Download citation
DOI: https://doi.org/10.1007/978-3-031-28073-3_53
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-28072-6
Online ISBN: 978-3-031-28073-3
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)