• +44 20 3633 9125

Menu Close

Adopting AGILE Principles in CyberSecurity

How CISO’s can jumpstart adoption

Agile is a buzzword you may hear a lot. The concept originally spawned from the software development world, but now chief information security officers (CISOs) are talking about it as a new way to lead a CyberSecurity program.

A CISO’s tenure is somewhere between four and five years depending on who you’re talking to. And it’s no secret that they’re under pressure to be more responsive to the needs of the business, not only in terms of what they produce and how, but also how quickly business value can start to be realised.

Adopting an agile workflow for CyberSecurity can lead to a more efficient environment through process consistency, create enhanced project visibility and increase team collaboration across the business. But many CISOs still struggle with where to begin and end up with an ad-hoc approach that leads to project failure.

To jumpstart Agile adoption, CISOs should first look to implement Agile principles with more teams like security operations centre and enterprise architecture and then to larger programs like compliance. They should also ensure the adoption of these principles is aligned with the organisation’s needs and strategy. With these steps in mind, there are several other recommendations to consider for success.

Recommendations for successfully adopting AGILE Principles in Cybersecurity 

Successful adoption can require many steps before an organisation achieves an Agile CyberSecurity framework at scale, and it will most likely look different depending on your organisation’s size and industry.

  1. Know that an enterprise Agile culture must be earned not given: An Agile framework is not a SKU you can buy from your favourite VAR. In order to create adoption, you first need to make business culture changes, and a helpful tool for this is a culture gap analysis.
  2. Define two or three use cases: Defining use cases helps narrow your focus and aligns the adoption of Agile principles to your desired business outcomes. For example, if you’re looking to implement an enterprise segmentation strategy, using agile processes can help promote network and system readiness as a part of your rollout.
  3. Give the responsibility of agile adoption to a trusted team: To move in an agile manner, you must be willing to tear down silos and organisational charts and empower your team to make decisions. One way to do this is by creating a Security Centre of Excellence.
  4. Create a collaborative environment: Even if teams agree on the areas that need improvement, there needs to be a way to knowledge share during the entire adoption process.

Why Adoption of AGILE Principles is crucial NOW! 

Today the industry must acknowledge that there is a multi-dimensional, transformation taking place. This change is driven by the digitisation of the economy and forcing businesses to rethink the role of CyberSecurity and its relationship to business outcomes.

If we look at any organisation whether it is a global service provider, Local Government or private or public company there are two things we can guarantee about the business capabilities: products and services will become increasingly digital and require tighter security measures and business capabilities must operate in a more dynamic environment. The bottom line is organisations must be nimble against their competitors and threat actors, and an Agile CyberSecurity framework can help with that.

Credit – Chris Konrad – World Wide Technology

Leave a Reply

Your email address will not be published.