Dissertation: New Cyber Agile Framework Formed for Use in Cyber Security Defense

Abstract

This design science study explored the need for the first cyber agile framework to improve the successful application of agile to cyber security teams. The research surveyed active cyber security professionals on agile development teams (ADT) and created a list of planned and unplanned tasks and the frequency of the occurrence of these tasks. The research developed this cyber-task list and then leveraged it to create a cyber agile framework that cyber security ADTs can apply during planning. This cyber agile framework is expected to be used as a tool during the planning phase of the existing agile methodology. This new cyber agile framework is the first of its kind and helps to immediately address the shortage of cyber security professionals. Agile helps teams run more efficiently. However, since it was developed for use in software development teams, there were some deltas, or gaps that existed when applied to cyber security teams. For example, the type of work, scope, and frequency of tasks drastically differ between software development teams and cyber security teams. Because of these gaps, the application of agile was not as smooth as it could have been for cyber teams. With the addition of this framework to cyber security, the ADT now has a more inclusive list of tasks to plan for during sprint planning. By providing a more complete sprint plan, the team can operate more efficiently and effectively, and in turn, provide a more complete security footprint for their organization.

            Keywords: cyber agile, cyber security shortage, agile framework, security footprint, cyber–task, ADT, agile