Balancing Autonomy and Control: An Adaptive Approach for Security Governance in Large-Scale Agile Development

Sascha Nägele; Nathalie Schenk; Nico Fechtner; Florian Matthes

doi:10.5220/0012605000003690

Balancing Autonomy and Control: An Adaptive Approach for Security Governance in Large-Scale Agile Development

Sascha Nägele, Nathalie Schenk, Nico Fechtner, Florian Matthes

2024

Abstract

Companies are increasingly adopting agile methods at scale, revealing a challenge in balancing team autonomy and organizational control. To address this challenge, we propose an adaptive approach for security governance in large-scale agile software development, based on design science research and expert interviews. In total, we carried out 28 interviews with 18 experts from 15 companies. Our resulting approach includes a generic organizational setup of security-related roles, a team autonomy assessment model, and an adaptive collaboration model. The model assigns activities to roles and determines their frequency based on team autonomy, balancing the autonomy-control tension while ensuring compliance. Although framework-agnostic, we applied our approach to existing scaling agile frameworks to demonstrate its applicability. Our evaluation indicates that the approach addresses a significant problem area and provides valuable guidance for incorporating security into scaled agile environments. While the primary focus is on security governance, our insights may be transferable to other cross-cutting concerns.

Download

Paper Citation

in Harvard Style

Nägele S., Schenk N., Fechtner N. and Matthes F. (2024). Balancing Autonomy and Control: An Adaptive Approach for Security Governance in Large-Scale Agile Development. In Proceedings of the 26th International Conference on Enterprise Information Systems - Volume 2: ICEIS; ISBN 978-989-758-692-7, SciTePress, pages 17-28. DOI: 10.5220/0012605000003690

in Bibtex Style

@conference{iceis24,
author={Sascha Nägele and Nathalie Schenk and Nico Fechtner and Florian Matthes},
title={Balancing Autonomy and Control: An Adaptive Approach for Security Governance in Large-Scale Agile Development},
booktitle={Proceedings of the 26th International Conference on Enterprise Information Systems - Volume 2: ICEIS},
year={2024},
pages={17-28},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012605000003690},
isbn={978-989-758-692-7},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 26th International Conference on Enterprise Information Systems - Volume 2: ICEIS
TI - Balancing Autonomy and Control: An Adaptive Approach for Security Governance in Large-Scale Agile Development
SN - 978-989-758-692-7
AU - Nägele S.
AU - Schenk N.
AU - Fechtner N.
AU - Matthes F.
PY - 2024
SP - 17
EP - 28
DO - 10.5220/0012605000003690
PB - SciTePress