Agile IT Security – What does your IT Security Roadmap look like?
Us Agile enthusiasts don’t like big projects. Instead, we like to split a big objective or goal into Epics and Features. If you are managing things well eventually you will end up with a product Roadmap. A Roadmap tells you broadly what features will be delivered and when. For a long time now, Scrum Masters and Product Owners have been using Roadmaps to communicate their project and product plans. At Daniels Solutions we have trialed and tested this in the IT Security Domain and have found it to be highly effective.
WHAT IS AN IT SECURITY ROADMAP?
So from traditional Agile theory a Product Roadmap describes how a product is likely to grow across several product releases. Scrum Masters work hard to ensure that what they deliver on a month by month basis aligns with the organisational objectives, hence these objectives can easily be presented via a Roadmap. At a minimum the Roadmap should look at least 3-6 months in the future, and shou
ld contain broad target dates for when features will be delivered.
So from an IT Security perspective a Roadmap will consist of the key deliverables that you will achive during the next 3-6 months. This will include things like completing Privacy Impact Assessments, reviewing and updating supplier contracts, updates or upgrades of systems that are out of support, implementation of specific security controls, and completion of Overview Security Documentation, and the list goes on…
The above example is very simple. But still demonstrates the key features of a security roadmap and its effectiveness.
WHAT ARE THE BENEFITS OF AN IT SECURITY ROADMAP?
A Roadmap is a Powerful tool and should be used by IT Security professionals. We have summarised the key benefits below.
- Simple and effective communication of your high level goals which serves both Directors, IT Security staff on the ground, as well as other teams.
- A Roadmap is always designed in a simple way so requires little effort to modify where required.
- Helps with prioritisation of security objectives
- Unburdens the Security Managers from numerous stakeholder update meetings, and allows them to focus on delivery of the security deliverables
- Helps as a tool to acquire budget as it focusses on the deliverables and benefits