TY - GEN
T1 - Balancing Autonomy and Control
T2 - 26th International Conference on Enterprise Information Systems, ICEIS 2024
AU - Nägele, Sascha
AU - Schenk, Nathalie
AU - Fechtner, Nico
AU - Matthes, Florian
N1 - Publisher Copyright:
© 2024 by SCITEPRESS – Science and Technology Publications, Lda.
PY - 2024
Y1 - 2024
N2 - Companies are increasingly adopting agile methods at scale, revealing a challenge in balancing team autonomy and organizational control. To address this challenge, we propose an adaptive approach for security governance in large-scale agile software development, based on design science research and expert interviews. In total, we carried out 28 interviews with 18 experts from 15 companies. Our resulting approach includes a generic organizational setup of security-related roles, a team autonomy assessment model, and an adaptive collaboration model. The model assigns activities to roles and determines their frequency based on team autonomy, balancing the autonomy-control tension while ensuring compliance. Although framework-agnostic, we applied our approach to existing scaling agile frameworks to demonstrate its applicability. Our evaluation indicates that the approach addresses a significant problem area and provides valuable guidance for incorporating security into scaled agile environments. While the primary focus is on security governance, our insights may be transferable to other cross-cutting concerns.
AB - Companies are increasingly adopting agile methods at scale, revealing a challenge in balancing team autonomy and organizational control. To address this challenge, we propose an adaptive approach for security governance in large-scale agile software development, based on design science research and expert interviews. In total, we carried out 28 interviews with 18 experts from 15 companies. Our resulting approach includes a generic organizational setup of security-related roles, a team autonomy assessment model, and an adaptive collaboration model. The model assigns activities to roles and determines their frequency based on team autonomy, balancing the autonomy-control tension while ensuring compliance. Although framework-agnostic, we applied our approach to existing scaling agile frameworks to demonstrate its applicability. Our evaluation indicates that the approach addresses a significant problem area and provides valuable guidance for incorporating security into scaled agile environments. While the primary focus is on security governance, our insights may be transferable to other cross-cutting concerns.
KW - Compliance
KW - Governance
KW - Large-Scale Agile Development
KW - Security
UR - http://www.scopus.com/inward/record.url?scp=85193993560&partnerID=8YFLogxK
U2 - 10.5220/0012605000003690
DO - 10.5220/0012605000003690
M3 - Conference contribution
AN - SCOPUS:85193993560
T3 - International Conference on Enterprise Information Systems, ICEIS - Proceedings
SP - 17
EP - 28
BT - Proceedings of the 26th International Conference on Enterprise Information Systems, ICEIS 2024
A2 - Filipe, Joaquim
A2 - Smialek, Michal
A2 - Brodsky, Alexander
A2 - Hammoudi, Slimane
PB - Science and Technology Publications, Lda
Y2 - 28 April 2024 through 30 April 2024
ER -