Information Security Integration with Agile Software Development: Systematic Literature Review and Expert Judgement

Abstract

Many businesses are using the Agile Software Development (ASD) to react to changing needs and provide functional values quickly. Information security, on the other hand, is seen as a non-functional requirement. In consequence, information security is frequently ranked lower than functional needs in ASD. The goal of this study is to present a unified perspective on how researchers integrate information security into agile software development. This study uses Systematic Literature Review (SLR) approach from ACM, IEEE, ScienceDirect, and Scopus. This study identified several key groups related to the integration of information security with ASD: agile methodologies, agile ceremonies, advantages, and issues. According to the findings of this study, all agile ceremonies contain some form of enhancement in process or artifacts linked to security. These findings have also been validated by expert judgment who have experience working in the project team that have integrated information security into agile software development process.