The following process goal diagram overviews the potential activities associated with disciplined agile security. These activities are performed by, or at least supported by, your security team.
The process decision points that you need to consider for implementing effective security are:
- Ensure security readiness. How do you ensure that your environment has been built to withstand the evolving security threats that you face?
- Enable security awareness. How do you help your staff to become knowledgeable about security threats, how to avoid attacks, and how to deal with them when they occur?
- Monitor security. How do you identify when you are under attack (for most organizations the answer is constantly) and more importantly how you’re being attacked?
- Respond to threats. When an attack occurs what will you do to address it?
- Secure physical assets. How will you protect physical assets such as buildings, vehicles, and equipment? By implication, how will you ensure the security of your people?
- Secure IT perimeter. How will you secure access to your IT systems?
- Secure the network. How will you ensure the security of digital communications?
- Secure IT endpoints. How will you secure access to devices such as phones, workstations, and other I/O devices?
- Secure applications. How will you address security within the applications/systems of your organization?
- Secure data. How will you ensure the validity and privacy of the data within your organization?
- Govern security. How will you motivate, enable, and monitor security activities within your organization?