Security audits are an important part of IT security programs. In this article, authors highlight the challenges in cloud computing business models, based on interviews with cloud security auditors. They talk about the challenges in the areas of transparency, encryption and colocation and domain-tailored audits as ideal solution in the new model.
In this article, authors discuss how enterprise, software, and security architects can improve software assurance by using the enterprise architecture to promulgate the software security controls. They also talk about other security model components like threat modeling, attack trees, secure design patterns, and misuse cases.
Current agile practices are far too narrowly focused on delivering code to users and customers. There is no systems-wide view of other stakeholders, of databases, and anything else except the code. This article describes what ‘Evo’ is at core, and how it is different from other Agile practices, and why ‘done’ should mean ‘value delivered to stakeholders’.
One of the largest areas of development waste are poorly formed requirements. This post presents a very simple technique that can be applied to all user stories to improve quality and reduce waste. 3
In this article, author discusses three techniques to defend against malicious users in software systems. The techniques includes creating personas, misuse cases and annotated activity diagrams.
Product risk analysis (PRA) can be done during the various phases of sequential or agile system development. This article shows how to apply PRA to elevate it from project level to domain level.
This article discusses “human experience” testing and uses concepts from human computer interaction design theory to establish a framework for developing “human experience” test scenarios.
Chris Haddad explains in this article what Shadow IT is, what role it plays in the enterprise and why Enterprise IT needs to embrace it, adapt and address Shadow IT requirements, autonomy, and goals.
The Incremental Commitment Spiral Model: Principles and Practices for Successful Systems and Software describes a process model generator. InfoQ interviewed the authors Barry Boehm and Richard Turner.
This InfoQ article series focuses on automation tools and ideas for maintaining dynamic pools of compute resources.
Security. Cloud. Two words that are almost always together but rarely happily. Learn why that isn’t the case and what you need to known about securing your critical infrastructure in the cloud. 3
Mobile operations management is one of the top priorities of modern enterprise and after establishing solutions for device management, the next challenge is to manage and secure mobile business data.