@inproceedings{4e98c1363d7c4500931666796738eac8,
title = "Assessing Team Security Maturity in Large-Scale Agile Development",
abstract = "Organizations struggle to balance agile team autonomy and strict security governance in large-scale agile development environments. In particular, conventional top-down IT governance mechanisms often conflict with the desired autonomy of decentralized agile teams. Our research presents a novel approach to resolve the tension between security governance and development agility: a criteria-based security maturity assessment that enables greater autonomy for mature agile teams. Leveraging design science research, a literature review, and an interview study, we introduce two key contributions: a criteria catalog for evaluating a team's capabilities and a team security maturity model. Our expert evaluation confirms their value for systematically assessing the teams' capabilities to deliver secure and compliant applications, allowing organizations to grant more autonomy to mature teams and prioritize supporting lower-maturity teams. Future work could go beyond expert interviews and implement and evaluate the team security maturity model through a case study or experiments.",
keywords = "Large-scale agile development, compliance, governance, security, team maturity",
author = "Sascha N{\"a}gele and Watzelt, {Jan Philipp} and Florian Matthes",
note = "Publisher Copyright: {\textcopyright} 2024 IEEE Computer Society. All rights reserved.; 57th Annual Hawaii International Conference on System Sciences, HICSS 2024 ; Conference date: 03-01-2024 Through 06-01-2024",
year = "2024",
language = "English",
series = "Proceedings of the Annual Hawaii International Conference on System Sciences",
publisher = "IEEE Computer Society",
pages = "7259--7268",
editor = "Bui, {Tung X.}",
booktitle = "Proceedings of the 57th Annual Hawaii International Conference on System Sciences, HICSS 2024",
}