Agile approach with Kanban in information security risk management

Abstract

In an ever changing business environment, in order to bring value, security risk management must keep engaged at pace with the company, by following the enterprise goals and using the same methodologies as core business units. This paper analyses how information security risk management can be automated and interlinked with the processes in a software development company, using an Agile approach with Kanban. The methodology used has been tested (Proof of Concept) applying relevant information security risks for an e-commerce business, the results showing an increase in efficiency of the risk management team, better business response and improvements of the defined risk management SLAs (Service Level Agreement).