InfoQ Homepage Security Content on InfoQ
-
/articles/cloud-security-auditing-challenges-and-emerging-approaches/en/smallimage/logo2.jpg)
Cloud Security Auditing: Challenges and Emerging Approaches
Security audits are an important part of IT security programs. In this article, authors highlight the challenges in cloud computing business models, based on interviews with cloud security auditors. They talk about the challenges in the areas of transparency, encryption and colocation and domain-tailored audits as ideal solution in the new model.
-
/articles/employing-enterprise-architecture-for-applications-assurance/en/smallimage/logo.jpg)
Employing Enterprise Architecture for Applications Assurance
In this article, authors discuss how enterprise, software, and security architects can improve software assurance by using the enterprise architecture to promulgate the software security controls. They also talk about other security model components like threat modeling, attack trees, secure design patterns, and misuse cases.
-
/articles/evo-agile-value-delivery/en/smallimage/logo.jpg)
Evo: The Agile Value Delivery Process, Where ‘Done’ Means Real Value Delivered; Not Code
Current agile practices are far too narrowly focused on delivering code to users and customers. There is no systems-wide view of other stakeholders, of databases, and anything else except the code. This article describes what ‘Evo’ is at core, and how it is different from other Agile practices, and why ‘done’ should mean ‘value delivered to stakeholders’.
-
/articles/get-rid-risk/en/smallimage/logo.png)
Getting RID of Risk with Agile
One of the largest areas of waste in development are poorly formed requirements. This post presents a very simple technique that can be applied to all user stories to improve quality and reduce waste, as well as examining how this can fit into your current planning and estimation workflow via the underused ‘definition of ready’. It’s a very actionable concept that you can apply immediately.
-
/articles/personae-non-gratae/en/smallimage/logo.png)
How Well Do You Know Your Personae Non Gratae?
In this article, author discusses three techniques to defend against malicious users in software systems. These techniques includes creating personas to think strategically about the mischief a malicious user might attempt, misuse cases used to determine how the software should respond to unintended use, and activity diagrams annotated with security concerns.
-
/articles/resurrection-pra/en/smallimage/logo1.png)
The Resurrection of Product Risk Analysis
Product risk analysis (PRA) is not only useful in testing but is also applicable during the various phases of sequential or agile system development. This article introduces a different application of PRA that elevates it from project level to domain level. It shows how you can go from risk and requirement-based testing to risk and requirement-based development.
-
/articles/testing-iot-human-experience/en/smallimage/logo.jpg)
Testing the Internet of Things: The Human Experience
Mobile and embedded devices, more than any other technology, are an integral part of our lives and have the potential to become a part of us. This article discusses what “human experience” testing is and is not, and uses concepts from human computer interaction design theory to establish a framework for developing “human experience” test scenarios.
-
/articles/shadow-it/en/smallimage/logo2.jpg)
Shadow IT Risk and Reward
Chris Haddad explains in this article what Shadow IT is, what role it plays in the enterprise and why Enterprise IT needs to embrace it, adapt and address Shadow IT requirements, autonomy, and goals.
-
/articles/boehm-turner-icsm/en/smallimage/spiral-logo.jpg)
Q&A with Barry Boehm and Richard Turner on The Incremental Commitment Spiral Model
The Incremental Commitment Spiral Model describes a process model generator. InfoQ interviewed the authors about the principles underlying the Incremental Commitment Spiral Model (ICSM), applying the ICSM, benefits that organization can get from it, and how organizations can use the ICSM to determine under what conditions to use software-intensive agile frameworks like Scrum, DSDM, SAFe, or DAD.
-
/articles/automation-cloud-management-scale/en/smallimage/cloud-series-logo.jpg)
Article Series: Automation in the Cloud and Management at Scale
Cloud computing is more than just fast self-service of virtual infrastructure. Developers and admins are looking for ways to provision and manage at scale. This InfoQ article series will focus on automation tools and ideas for maintaining dynamic pools of compute resources.
-
/articles/cloud-security-at-scale/en/smallimage/logo.jpg)
A Pragmatic Approach to Scaling Security in the Cloud
Security. Cloud. Two words that are almost always together but rarely happily. Read on to learn why that isn’t the case and what you need to known about securing your critical infrastructure in the cloud.
-
/articles/jesus-rodriguez-mobile-data-management/en/smallimage/logo.jpg)
From MDM to MDM: From Managing Devices to Apps to Data
Mobile operations management (MOM) is one of the top priorities of today’s modern enterprise. While the first generation of MOM solutions evolved around the management of mobile devices and applications, organizations have quickly realized that an effective enterprise mobile infrastructure requires addressing a more difficult challenge: managing and securing mobile business data.