Balancing Autonomy and Control: An Adaptive Approach for Security Governance in Large-Scale Agile Development

Sascha Nägele, Nathalie Schenk, Nico Fechtner, Florian Matthes

Publikation: Beitrag in Buch/Bericht/KonferenzbandKonferenzbeitragBegutachtung

Abstract

Companies are increasingly adopting agile methods at scale, revealing a challenge in balancing team autonomy and organizational control. To address this challenge, we propose an adaptive approach for security governance in large-scale agile software development, based on design science research and expert interviews. In total, we carried out 28 interviews with 18 experts from 15 companies. Our resulting approach includes a generic organizational setup of security-related roles, a team autonomy assessment model, and an adaptive collaboration model. The model assigns activities to roles and determines their frequency based on team autonomy, balancing the autonomy-control tension while ensuring compliance. Although framework-agnostic, we applied our approach to existing scaling agile frameworks to demonstrate its applicability. Our evaluation indicates that the approach addresses a significant problem area and provides valuable guidance for incorporating security into scaled agile environments. While the primary focus is on security governance, our insights may be transferable to other cross-cutting concerns.

OriginalspracheEnglisch
TitelProceedings of the 26th International Conference on Enterprise Information Systems, ICEIS 2024
Redakteure/-innenJoaquim Filipe, Michal Smialek, Alexander Brodsky, Slimane Hammoudi
Herausgeber (Verlag)Science and Technology Publications, Lda
Seiten17-28
Seitenumfang12
ISBN (elektronisch)9789897586927
DOIs
PublikationsstatusVeröffentlicht - 2024
Veranstaltung26th International Conference on Enterprise Information Systems, ICEIS 2024 - Angers, Frankreich
Dauer: 28 Apr. 202430 Apr. 2024

Publikationsreihe

NameInternational Conference on Enterprise Information Systems, ICEIS - Proceedings
Band2
ISSN (elektronisch)2184-4992

Konferenz

Konferenz26th International Conference on Enterprise Information Systems, ICEIS 2024
Land/GebietFrankreich
OrtAngers
Zeitraum28/04/2430/04/24

Fingerprint

Untersuchen Sie die Forschungsthemen von „Balancing Autonomy and Control: An Adaptive Approach for Security Governance in Large-Scale Agile Development“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren