SlideShare ist ein Scribd-Unternehmen logo

Agile/Scrum for IT Risk Professionals

Als PPT, PDF herunterladen
Dave Friesen
Dave Friesen
TechnologieBusiness
1 von 30
Agile Software Development for IT Risk Control Professionals Dave Friesen, CISA, CMA, CISSP ISACA Willamette Valley Chapter January 2014
Today Walk through Agile  Scrum Key practice and risk+control considerations Dave Friesen 2
Agile Deliver early and continuously Adapt to changes Produce working software often Collaborate (tech teams, +business) Simplicity is essential Self-organizing teams excel source: agilemanifesto.org Dave Friesen 3
Why Agile? Deliver systems faster Respond to changes Create competitive advantage Increase transparency Improve quality Dave Friesen 4
Scrum Dave Friesen 5
Scrum has been used by Microsoft Yahoo Google Electronic Arts IBM Lockheed Martin Philips Siemens Nokia Capital One BBC Intuit Nielsen Media BMC Software Ipswitch John Deere Lexis Nexis Sabre Salesforce.com source: mountaingoatsoftware.com Dave Friesen 6
Scrum has been used for Commercial software Video game development In-house development FDA-approved, life-critical systems Contract development Satellite-control software Fixed-price projects Websites Financial applications Handheld software ISO 9001-certified applications Mobile phones Embedded systems Network switching applications 24x7 systems (3 9’s) ISV applications the Joint Strike Fighter source: mountaingoatsoftware.com Dave Friesen 7
Scrum roles: the Product Owner Drives Product vision, roadmap and business case Expertise? Defines and prioritizes Product requirements Experience? Determines releases, sequencing “Owns” budget Accepts (rejects) results Dave Friesen 8
the Team Delivers Product Cross-functional Self-organizing Small Expertise mix? (+nimble) Skill+ mix? Collaborative Committed? Dave Friesen 9
the ScrumMaster Drives Scrum process Removes “roadblocks” (Not resource or project manager) Goal: Make Team successful Dave Friesen 10
Scrum approach: work in Sprints Iterative design, code/configure, test Typically 2-4 weeks Fixed duration (never extended) No changes! Goal: Working software Dave Friesen 11
Sprints vs. Releases Dave Friesen 12
Context: Product Planning Product vision, roadmap Business drivers, goals Business case Product “ownership?” Strategic? (business, tech) Dependencies? Dave Friesen Needs, features Financial, people Portfolio, release views Sizing. . . 13
the Product Backlog All expected Product work Functional requirements Operational requirements Known issues Sized as possible Prioritized by Product Owner Dave Friesen 14
User Stories Discrete pieces of functionality Written from user perspective (human or technical) Enough detail for estimating, designing, testing Dave Friesen 15
Sprint Planning Product Owner and Team (ScrumMaster facilitates) Sprint Goal Prioritized User Stories Technical Tasks 16 Dave Friesen
the Sprint Backlog All expected Sprint work Technical to-do’s Team’s commitment Focused on Sprint Goal Dave Friesen 17
Tasks Operational coverage? Performance, capacity, availability? Process considerations? Coding, configuring, testing, design, R&D, + Interface controls? Typically n:1 with User Stories Security features? Estimates Regulatory/ compliance considerations? Sprint Task Board Dave Friesen 18
Sprint: Building the Product Design/Coding/ Configuring Consistent architecture and approach? Integrating Planned feature Development? Refactoring Secure development practices? Writing tests Frequent builds and integration? Security analysis (+action)? Usual controls: Source management; environments; + Dave Friesen 19
Sprint: Testing Speed of Agile Iterative throughout Sprint Scenario coverage? Unit testing? Frequent build:test ➝ rapid feedback Validates Stories and Tasks Goal: Build quality in Dave Friesen More than functional “Enough” documentation? Defect/issue management? User acceptance? Usual controls: independence, environments, + 20
Daily Scrums ScrumMaster and Team (others observe) Daily stand-up (15 minutes) Did yesterday? Doing today? Roadblocks? (risk management) Dave Friesen 21
Tracking Sprint Burndown How’s the work coming? Dave Friesen 22
Sprint Reviews Team, ScrumMaster, Product Owner; +”the world” Team demo’s (feedback) Informal; time-boxed Product Owner accepts (rejects) (Product Backlog updated) Dave Friesen 23
Working Software and Releases Business readiness? Operational readiness? Usual controls: approvals; contingency plans; environment/access; smoke test Dave Friesen 24
Sprint Retrospectives Team, ScrumMaster, Product Owner What is/isn’t working Accurate estimates? Complete Sprints? Release quality? Release effectiveness? Goal: Continuous improvement Dave Friesen 25
and iterate Dave Friesen 26
Agile Values Individuals and interactions over Processes and tools Working software over Comprehensive documentation Customer collaboration over Contract negotiation over Following a plan Responding to change source: agilemanifesto.org (mountaingoatsoftware.com) Dave Friesen 27
Questions?
Resources www.scrumalliance.org www.mountaingoatsoftware.com Dave Friesen 29
Agile/Scrum for IT Risk Professionals

Empfohlen

Risk Management in an Agile Environment
Risk Management in an Agile EnvironmentRisk Management in an Agile Environment
Risk Management in an Agile Environment
Intland Software GmbH
 
Agile and Risk Management: How Agile Becomes Risky Business
Agile and Risk Management: How Agile Becomes Risky BusinessAgile and Risk Management: How Agile Becomes Risky Business
Agile and Risk Management: How Agile Becomes Risky Business
ITpreneurs
 
Agile IS Risk Management - Agile 2014 - Antifragile
Agile IS Risk Management - Agile 2014 - AntifragileAgile IS Risk Management - Agile 2014 - Antifragile
Agile IS Risk Management - Agile 2014 - Antifragile
Ken Rubin
 
Risk management in an Agile way - presented at Agile Testing Days 2013
Risk management in an Agile way - presented at Agile Testing Days 2013Risk management in an Agile way - presented at Agile Testing Days 2013
Risk management in an Agile way - presented at Agile Testing Days 2013
Edwin Loon, van
 
Using JIRA to Manage Project Management Risks and Issues
Using JIRA to Manage Project Management Risks and Issues Using JIRA to Manage Project Management Risks and Issues
Using JIRA to Manage Project Management Risks and Issues
Michael J Geiser
 
Create Agile confidence for better application security
Create Agile confidence for better application securityCreate Agile confidence for better application security
Create Agile confidence for better application security
Rogue Wave Software
 
Managing Application Security Risk in Enterprises - Thoughts and recommendations
Managing Application Security Risk in Enterprises - Thoughts and recommendationsManaging Application Security Risk in Enterprises - Thoughts and recommendations
Managing Application Security Risk in Enterprises - Thoughts and recommendations
Thierry Zoller
 
Using JIRA for Risk Based Testing - QASymphony Webinar
Using JIRA for Risk Based Testing - QASymphony WebinarUsing JIRA for Risk Based Testing - QASymphony Webinar
Using JIRA for Risk Based Testing - QASymphony Webinar
QASymphony
 

Empfohlen

Risk Management in an Agile Environment
Risk Management in an Agile EnvironmentRisk Management in an Agile Environment
Risk Management in an Agile Environment
Intland Software GmbH
 
Agile and Risk Management: How Agile Becomes Risky Business
Agile and Risk Management: How Agile Becomes Risky BusinessAgile and Risk Management: How Agile Becomes Risky Business
Agile and Risk Management: How Agile Becomes Risky Business
ITpreneurs
 
Agile IS Risk Management - Agile 2014 - Antifragile
Agile IS Risk Management - Agile 2014 - AntifragileAgile IS Risk Management - Agile 2014 - Antifragile
Agile IS Risk Management - Agile 2014 - Antifragile
Ken Rubin
 
Risk management in an Agile way - presented at Agile Testing Days 2013
Risk management in an Agile way - presented at Agile Testing Days 2013Risk management in an Agile way - presented at Agile Testing Days 2013
Risk management in an Agile way - presented at Agile Testing Days 2013
Edwin Loon, van
 
Using JIRA to Manage Project Management Risks and Issues
Using JIRA to Manage Project Management Risks and Issues Using JIRA to Manage Project Management Risks and Issues
Using JIRA to Manage Project Management Risks and Issues
Michael J Geiser
 
Create Agile confidence for better application security
Create Agile confidence for better application securityCreate Agile confidence for better application security
Create Agile confidence for better application security
Rogue Wave Software
 
Managing Application Security Risk in Enterprises - Thoughts and recommendations
Managing Application Security Risk in Enterprises - Thoughts and recommendationsManaging Application Security Risk in Enterprises - Thoughts and recommendations
Managing Application Security Risk in Enterprises - Thoughts and recommendations
Thierry Zoller
 
Using JIRA for Risk Based Testing - QASymphony Webinar
Using JIRA for Risk Based Testing - QASymphony WebinarUsing JIRA for Risk Based Testing - QASymphony Webinar
Using JIRA for Risk Based Testing - QASymphony Webinar
QASymphony
 
2018 State Of DevOps Report Key Findings
2018 State Of DevOps Report Key Findings2018 State Of DevOps Report Key Findings
2018 State Of DevOps Report Key Findings
Eficode
 
Terry Johns: Uncertainty - understanding the impact and the importance of rec...
Terry Johns: Uncertainty - understanding the impact and the importance of rec...Terry Johns: Uncertainty - understanding the impact and the importance of rec...
Terry Johns: Uncertainty - understanding the impact and the importance of rec...
Association for Project Management
 
Integration Of Prince2® And M O R® 1 John Fisher
Integration Of Prince2® And M O R® 1 John FisherIntegration Of Prince2® And M O R® 1 John Fisher
Integration Of Prince2® And M O R® 1 John Fisher
BPUG Congress
 
Enterprise risk management presentation to APM SWWE branch
Enterprise risk management presentation to APM SWWE branchEnterprise risk management presentation to APM SWWE branch
Enterprise risk management presentation to APM SWWE branch
Association for Project Management
 
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
Brian Levine
 
OWASP AppSec EU 2016 - Security Project Management - How to be Agile in Secu...
OWASP AppSec EU 2016 - Security Project Management - How to be Agile in Secu...OWASP AppSec EU 2016 - Security Project Management - How to be Agile in Secu...
OWASP AppSec EU 2016 - Security Project Management - How to be Agile in Secu...
Simone Onofri
 
Derek Wright: risk v uncertainty case study
Derek Wright: risk v uncertainty case studyDerek Wright: risk v uncertainty case study
Derek Wright: risk v uncertainty case study
Association for Project Management
 
ClickSoftware Agile Tranistion by Meny Duek
ClickSoftware Agile Tranistion by Meny DuekClickSoftware Agile Tranistion by Meny Duek
ClickSoftware Agile Tranistion by Meny Duek
AgileSparks
 
Basic risk management presentation 17th june 2015
Basic risk management presentation 17th june 2015Basic risk management presentation 17th june 2015
Basic risk management presentation 17th june 2015
Association for Project Management
 
Procept Risk Workshop 2007
Procept Risk Workshop 2007Procept Risk Workshop 2007
Procept Risk Workshop 2007
Procept Associates
 
Security Champions - Introduce them in your Organisation
Security Champions - Introduce them in your OrganisationSecurity Champions - Introduce them in your Organisation
Security Champions - Introduce them in your Organisation
Ives Laaf
 
Lean Software Development
Lean Software DevelopmentLean Software Development
Lean Software Development
Saqib Raza
 
Augury's Journey Towards CD by Assaf Mizrachi
Augury's Journey Towards CD by Assaf Mizrachi Augury's Journey Towards CD by Assaf Mizrachi
Augury's Journey Towards CD by Assaf Mizrachi
AgileSparks
 
SDLC Smashup
SDLC SmashupSDLC Smashup
SDLC Smashup
Lester Martin
 
[Agile Portugal 2014] - Agile Decision Support System for Upper Management - ...
[Agile Portugal 2014] - Agile Decision Support System for Upper Management - ...[Agile Portugal 2014] - Agile Decision Support System for Upper Management - ...
[Agile Portugal 2014] - Agile Decision Support System for Upper Management - ...
Pedro Henriques
 
How should we build that? Evolving a development environment that's suitable ...
How should we build that? Evolving a development environment that's suitable ...How should we build that? Evolving a development environment that's suitable ...
How should we build that? Evolving a development environment that's suitable ...
AdaCore
 
Agile Software Development With SCRUM
Agile Software Development With SCRUMAgile Software Development With SCRUM
Agile Software Development With SCRUM
Alexey Krivitsky
 
Project Management Uncertainty, Presented by upul chanaka from Sri Lanka
Project Management Uncertainty, Presented by upul chanaka from Sri Lanka Project Management Uncertainty, Presented by upul chanaka from Sri Lanka
Project Management Uncertainty, Presented by upul chanaka from Sri Lanka
Upul Chanaka
 
What is Agile Methodology?
What is Agile Methodology?What is Agile Methodology?
What is Agile Methodology?
QA InfoTech
 
Agile Methodology
Agile MethodologyAgile Methodology
Agile Methodology
Suresh Krishna Madhuvarsu
 
Testing and DevOps Culture: Lessons Learned
Testing and DevOps Culture: Lessons LearnedTesting and DevOps Culture: Lessons Learned
Testing and DevOps Culture: Lessons Learned
LB Denker
 
case analysis 2.1.docxby Urusha PandeySubmission date 2.docx
case analysis 2.1.docxby Urusha PandeySubmission date 2.docxcase analysis 2.1.docxby Urusha PandeySubmission date 2.docx
case analysis 2.1.docxby Urusha PandeySubmission date 2.docx
cowinhelen
 

Weitere ähnliche Inhalte

Was ist angesagt?

Integration Of Prince2® And M O R® 1 John Fisher
Integration Of Prince2® And M O R® 1 John FisherIntegration Of Prince2® And M O R® 1 John Fisher
Integration Of Prince2® And M O R® 1 John Fisher
BPUG Congress
 
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
Brian Levine
 
[Agile Portugal 2014] - Agile Decision Support System for Upper Management - ...
[Agile Portugal 2014] - Agile Decision Support System for Upper Management - ...[Agile Portugal 2014] - Agile Decision Support System for Upper Management - ...
[Agile Portugal 2014] - Agile Decision Support System for Upper Management - ...
Pedro Henriques
 
How should we build that? Evolving a development environment that's suitable ...
How should we build that? Evolving a development environment that's suitable ...How should we build that? Evolving a development environment that's suitable ...
How should we build that? Evolving a development environment that's suitable ...
AdaCore
 

Was ist angesagt? (20)

2018 State Of DevOps Report Key Findings
2018 State Of DevOps Report Key Findings2018 State Of DevOps Report Key Findings
2018 State Of DevOps Report Key Findings
 
Terry Johns: Uncertainty - understanding the impact and the importance of rec...
Terry Johns: Uncertainty - understanding the impact and the importance of rec...Terry Johns: Uncertainty - understanding the impact and the importance of rec...
Terry Johns: Uncertainty - understanding the impact and the importance of rec...
 
Integration Of Prince2® And M O R® 1 John Fisher
Integration Of Prince2® And M O R® 1 John FisherIntegration Of Prince2® And M O R® 1 John Fisher
Integration Of Prince2® And M O R® 1 John Fisher
 
Enterprise risk management presentation to APM SWWE branch
Enterprise risk management presentation to APM SWWE branchEnterprise risk management presentation to APM SWWE branch
Enterprise risk management presentation to APM SWWE branch
 
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
 
OWASP AppSec EU 2016 - Security Project Management - How to be Agile in Secu...
OWASP AppSec EU 2016 - Security Project Management - How to be Agile in Secu...OWASP AppSec EU 2016 - Security Project Management - How to be Agile in Secu...
OWASP AppSec EU 2016 - Security Project Management - How to be Agile in Secu...
 
Derek Wright: risk v uncertainty case study
Derek Wright: risk v uncertainty case studyDerek Wright: risk v uncertainty case study
Derek Wright: risk v uncertainty case study
 
ClickSoftware Agile Tranistion by Meny Duek
ClickSoftware Agile Tranistion by Meny DuekClickSoftware Agile Tranistion by Meny Duek
ClickSoftware Agile Tranistion by Meny Duek
 
Basic risk management presentation 17th june 2015
Basic risk management presentation 17th june 2015Basic risk management presentation 17th june 2015
Basic risk management presentation 17th june 2015
 
Procept Risk Workshop 2007
Procept Risk Workshop 2007Procept Risk Workshop 2007
Procept Risk Workshop 2007
 
Security Champions - Introduce them in your Organisation
Security Champions - Introduce them in your OrganisationSecurity Champions - Introduce them in your Organisation
Security Champions - Introduce them in your Organisation
 
Lean Software Development
Lean Software DevelopmentLean Software Development
Lean Software Development
 
Augury's Journey Towards CD by Assaf Mizrachi
Augury's Journey Towards CD by Assaf Mizrachi Augury's Journey Towards CD by Assaf Mizrachi
Augury's Journey Towards CD by Assaf Mizrachi
 
SDLC Smashup
SDLC SmashupSDLC Smashup
SDLC Smashup
 
[Agile Portugal 2014] - Agile Decision Support System for Upper Management - ...
[Agile Portugal 2014] - Agile Decision Support System for Upper Management - ...[Agile Portugal 2014] - Agile Decision Support System for Upper Management - ...
[Agile Portugal 2014] - Agile Decision Support System for Upper Management - ...
 
How should we build that? Evolving a development environment that's suitable ...
How should we build that? Evolving a development environment that's suitable ...How should we build that? Evolving a development environment that's suitable ...
How should we build that? Evolving a development environment that's suitable ...
 
Agile Software Development With SCRUM
Agile Software Development With SCRUMAgile Software Development With SCRUM
Agile Software Development With SCRUM
 
Project Management Uncertainty, Presented by upul chanaka from Sri Lanka
Project Management Uncertainty, Presented by upul chanaka from Sri Lanka Project Management Uncertainty, Presented by upul chanaka from Sri Lanka
Project Management Uncertainty, Presented by upul chanaka from Sri Lanka
 
What is Agile Methodology?
What is Agile Methodology?What is Agile Methodology?
What is Agile Methodology?
 
Agile Methodology
Agile MethodologyAgile Methodology
Agile Methodology
 

Ähnlich wie Agile/Scrum for IT Risk Professionals

Testing and DevOps Culture: Lessons Learned
Testing and DevOps Culture: Lessons LearnedTesting and DevOps Culture: Lessons Learned
Testing and DevOps Culture: Lessons Learned
LB Denker
 
case analysis 2.1.docxby Urusha PandeySubmission date 2.docx
case analysis 2.1.docxby Urusha PandeySubmission date 2.docxcase analysis 2.1.docxby Urusha PandeySubmission date 2.docx
case analysis 2.1.docxby Urusha PandeySubmission date 2.docx
cowinhelen
 
Succeeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalSucceeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps final
rkadayam
 
PIRATEs of the Software Supply Chain.pdf
PIRATEs of the Software Supply Chain.pdfPIRATEs of the Software Supply Chain.pdf
PIRATEs of the Software Supply Chain.pdf
TAURUSEER
 
First Line Of Defense: How contractors can become software factories to suppo...
First Line Of Defense: How contractors can become software factories to suppo...First Line Of Defense: How contractors can become software factories to suppo...
First Line Of Defense: How contractors can become software factories to suppo...
Tasktop
 

Ähnlich wie Agile/Scrum for IT Risk Professionals (20)

Testing and DevOps Culture: Lessons Learned
Testing and DevOps Culture: Lessons LearnedTesting and DevOps Culture: Lessons Learned
Testing and DevOps Culture: Lessons Learned
 
case analysis 2.1.docxby Urusha PandeySubmission date 2.docx
case analysis 2.1.docxby Urusha PandeySubmission date 2.docxcase analysis 2.1.docxby Urusha PandeySubmission date 2.docx
case analysis 2.1.docxby Urusha PandeySubmission date 2.docx
 
Automated Deployment in Support of Continuous Integration to Transform SDLC
Automated Deployment in Support of Continuous Integration to Transform SDLCAutomated Deployment in Support of Continuous Integration to Transform SDLC
Automated Deployment in Support of Continuous Integration to Transform SDLC
 
Succeeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalSucceeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps final
 
Kim Carter (BinaryMist)
Kim Carter (BinaryMist)Kim Carter (BinaryMist)
Kim Carter (BinaryMist)
 
The Journey to Continuous Delivery
The Journey to Continuous DeliveryThe Journey to Continuous Delivery
The Journey to Continuous Delivery
 
Agile & DevOps - It's all about project success
Agile & DevOps - It's all about project successAgile & DevOps - It's all about project success
Agile & DevOps - It's all about project success
 
Devops security-An Insight into Secure-SDLC
Devops security-An Insight into Secure-SDLCDevops security-An Insight into Secure-SDLC
Devops security-An Insight into Secure-SDLC
 
SCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsSCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOps
 
Дмитро Терещенко, "How to secure your application with Secure SDLC"
Дмитро Терещенко, "How to secure your application with Secure SDLC"Дмитро Терещенко, "How to secure your application with Secure SDLC"
Дмитро Терещенко, "How to secure your application with Secure SDLC"
 
Secure Agile SDLC BSides 14 - 2017 - Raphael Denipotti
Secure Agile SDLC BSides 14 - 2017 - Raphael DenipottiSecure Agile SDLC BSides 14 - 2017 - Raphael Denipotti
Secure Agile SDLC BSides 14 - 2017 - Raphael Denipotti
 
IBM Rational AppScan Product Overview
IBM Rational AppScan Product OverviewIBM Rational AppScan Product Overview
IBM Rational AppScan Product Overview
 
PIRATEs of the Software Supply Chain.pdf
PIRATEs of the Software Supply Chain.pdfPIRATEs of the Software Supply Chain.pdf
PIRATEs of the Software Supply Chain.pdf
 
Agile-plus-DevOps Testing for Packaged Applications
Agile-plus-DevOps Testing for Packaged ApplicationsAgile-plus-DevOps Testing for Packaged Applications
Agile-plus-DevOps Testing for Packaged Applications
 
Appsec Agility: A Brief Tour
Appsec Agility: A Brief TourAppsec Agility: A Brief Tour
Appsec Agility: A Brief Tour
 
The Continuous delivery value - Funaro
The Continuous delivery value - FunaroThe Continuous delivery value - Funaro
The Continuous delivery value - Funaro
 
The Continuous delivery Value @ codemotion 2014
The Continuous delivery Value @ codemotion 2014The Continuous delivery Value @ codemotion 2014
The Continuous delivery Value @ codemotion 2014
 
Application Security - Dont leave your AppSec for the last moment Meetup 2104...
Application Security - Dont leave your AppSec for the last moment Meetup 2104...Application Security - Dont leave your AppSec for the last moment Meetup 2104...
Application Security - Dont leave your AppSec for the last moment Meetup 2104...
 
First Line Of Defense: How contractors can become software factories to suppo...
First Line Of Defense: How contractors can become software factories to suppo...First Line Of Defense: How contractors can become software factories to suppo...
First Line Of Defense: How contractors can become software factories to suppo...
 
How can you deliver a secure product
How can you deliver a secure productHow can you deliver a secure product
How can you deliver a secure product
 

Kürzlich hochgeladen

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 

Kürzlich hochgeladen (20)

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 

Agile/Scrum for IT Risk Professionals

  • 1. Agile Software Development for IT Risk Control Professionals Dave Friesen, CISA, CMA, CISSP ISACA Willamette Valley Chapter January 2014
  • 2. Today Walk through Agile  Scrum Key practice and risk+control considerations Dave Friesen 2
  • 3. Agile Deliver early and continuously Adapt to changes Produce working software often Collaborate (tech teams, +business) Simplicity is essential Self-organizing teams excel source: agilemanifesto.org Dave Friesen 3
  • 4. Why Agile? Deliver systems faster Respond to changes Create competitive advantage Increase transparency Improve quality Dave Friesen 4
  • 6. Scrum has been used by Microsoft Yahoo Google Electronic Arts IBM Lockheed Martin Philips Siemens Nokia Capital One BBC Intuit Nielsen Media BMC Software Ipswitch John Deere Lexis Nexis Sabre Salesforce.com source: mountaingoatsoftware.com Dave Friesen 6
  • 7. Scrum has been used for Commercial software Video game development In-house development FDA-approved, life-critical systems Contract development Satellite-control software Fixed-price projects Websites Financial applications Handheld software ISO 9001-certified applications Mobile phones Embedded systems Network switching applications 24x7 systems (3 9’s) ISV applications the Joint Strike Fighter source: mountaingoatsoftware.com Dave Friesen 7
  • 8. Scrum roles: the Product Owner Drives Product vision, roadmap and business case Expertise? Defines and prioritizes Product requirements Experience? Determines releases, sequencing “Owns” budget Accepts (rejects) results Dave Friesen 8
  • 9. the Team Delivers Product Cross-functional Self-organizing Small Expertise mix? (+nimble) Skill+ mix? Collaborative Committed? Dave Friesen 9
  • 10. the ScrumMaster Drives Scrum process Removes “roadblocks” (Not resource or project manager) Goal: Make Team successful Dave Friesen 10
  • 11. Scrum approach: work in Sprints Iterative design, code/configure, test Typically 2-4 weeks Fixed duration (never extended) No changes! Goal: Working software Dave Friesen 11
  • 13. Context: Product Planning Product vision, roadmap Business drivers, goals Business case Product “ownership?” Strategic? (business, tech) Dependencies? Dave Friesen Needs, features Financial, people Portfolio, release views Sizing. . . 13
  • 14. the Product Backlog All expected Product work Functional requirements Operational requirements Known issues Sized as possible Prioritized by Product Owner Dave Friesen 14
  • 15. User Stories Discrete pieces of functionality Written from user perspective (human or technical) Enough detail for estimating, designing, testing Dave Friesen 15
  • 16. Sprint Planning Product Owner and Team (ScrumMaster facilitates) Sprint Goal Prioritized User Stories Technical Tasks 16 Dave Friesen
  • 17. the Sprint Backlog All expected Sprint work Technical to-do’s Team’s commitment Focused on Sprint Goal Dave Friesen 17
  • 18. Tasks Operational coverage? Performance, capacity, availability? Process considerations? Coding, configuring, testing, design, R&D, + Interface controls? Typically n:1 with User Stories Security features? Estimates Regulatory/ compliance considerations? Sprint Task Board Dave Friesen 18
  • 19. Sprint: Building the Product Design/Coding/ Configuring Consistent architecture and approach? Integrating Planned feature Development? Refactoring Secure development practices? Writing tests Frequent builds and integration? Security analysis (+action)? Usual controls: Source management; environments; + Dave Friesen 19
  • 20. Sprint: Testing Speed of Agile Iterative throughout Sprint Scenario coverage? Unit testing? Frequent build:test ➝ rapid feedback Validates Stories and Tasks Goal: Build quality in Dave Friesen More than functional “Enough” documentation? Defect/issue management? User acceptance? Usual controls: independence, environments, + 20
  • 21. Daily Scrums ScrumMaster and Team (others observe) Daily stand-up (15 minutes) Did yesterday? Doing today? Roadblocks? (risk management) Dave Friesen 21
  • 22. Tracking Sprint Burndown How’s the work coming? Dave Friesen 22
  • 23. Sprint Reviews Team, ScrumMaster, Product Owner; +”the world” Team demo’s (feedback) Informal; time-boxed Product Owner accepts (rejects) (Product Backlog updated) Dave Friesen 23
  • 24. Working Software and Releases Business readiness? Operational readiness? Usual controls: approvals; contingency plans; environment/access; smoke test Dave Friesen 24
  • 25. Sprint Retrospectives Team, ScrumMaster, Product Owner What is/isn’t working Accurate estimates? Complete Sprints? Release quality? Release effectiveness? Goal: Continuous improvement Dave Friesen 25
  • 27. Agile Values Individuals and interactions over Processes and tools Working software over Comprehensive documentation Customer collaboration over Contract negotiation over Following a plan Responding to change source: agilemanifesto.org (mountaingoatsoftware.com) Dave Friesen 27