Importance of combining information security and cybersecurity in software development processes
DOI:
https://doi.org/10.25062/2955-0270.4962Keywords:
threat, cybersecurity, software development, agile methodologies, risk, information securityAbstract
The use of specialized software is an imperative need for companies that wish to compete and differentiate themselves from their rivals. To have an in-house software development process, all measures and methodologies must be established to ensure that the generated product meets expected quality and reliability standards. Therefore, the integration of information security and cybersecurity with agile methodologies is necessary. This article explores the importance of incorporating information security and cybersecurity recommendations and practices into software development from the earliest stages of the software development life cycle using agile methodologies, which could mitigate risks and improve project stability in the face of future scenarios of uncertainty generated by external threats.
Author Biographies
Raúl Antonio Ochoa Torres, Escuela de Postgrados Fuerza Aérea Colombiana
Teniente (RA) de la Fuerza Aérea Colombiana. Magíster en Dirección y Gestión de la Seguridad Integral, EPFAC, Colombia. Especialista en Gestión de Proyectos de Ingeniería, Universidad Distrital Francisco José de Caldas, Colombia. Especialista en Docencia Universitaria, CEMIL. Ingeniero de Sistemas, Universidad Distrital Francisco José de Caldas, Colombia.
David Enrique López, Escuela de Postgrados Fuerza Aérea Colombiana
Magíster en Derecho Administrativo. Abogado. Docente del Programa de Maestría en Gestión de la Seguridad Integral (MADGSI). Docente en Legislación y Metodología de investigación, Escuela de Posgrados de la Fuerza Aérea Colombiana (EPFAC).
References
Baca, D., & Petersen, K. (2013). Prioritizing agile software security practices. Information and Software Technology, 56(8), 1027-1042.
Beck, K., et al. (2001). Manifesto for Agile Software Development. Agile Alliance. https://agilemanifesto.org/
Boehm, B., & Turner, R. (2003). Balancing Agility and Discipline: A Guide for the Perplexed. Addison-Wesley.
Campbell-Kelly, M. (2002). The computer history of software packages. IEEE Annals of the History of Computing, 24(1), 66-81. https://doi.org/10.1109/MAHC.2002.988810
Díaz-Arancibia, J., & Cadena-Martínez, R. (2023). Towards the integration of security practices in agile software development: A systematic mapping review. Applied Sciences, 13(7), 4578. https://doi.org/10.3390/app13074578
Global Risk Report. (2024). World Economic Forum, Pg 7-8. ISBN: 978-2-940631-64-3, https://n9.cl/mlb4i
International Organization for Standardization (ISO). (2022). ISO/IEC 27001:2022 Information technology. Security techniques. Information security management systems. Requirements. ISO.
International Organization for Standardization. (2023). ISO/IEC 27032:2023 - Information technology - Security techniques - Guidelines for cybersecurity. ISO.
Kersten, M. (2018). The DevOps transformation: Secure software development in the age of agile.
John Wiley & Sons, Inc. Manes, S., & Andrews, P. (1993). Gates: How Microsoft’s mogul reinvented an industry and made himself the richest man in America. Doubleday.
Nicolaysen, T., Sasson, R., Line, M. B., & Jaatun, M. G. (2010). Agile software development: The straight and narrow path to secure software? International Journal of Secure Software Engineering (IJSSE), 1(3), 71-85. https://doi.org/10.4018/jsse.2010070105
Oueslati, H., Rahman, M. M., & ben Othmane, L. (2015). Literature review of the challenges of developing secure software using the agile approach. In 10th International Conference on Availability, Reliability and Security (pp. 540–547). IEEE. https://doi.org/10.1109/ARES.2015.75
Poppendieck, M., & Poppendieck, T. (2003). Lean Software Development: An Agile Toolkit. Addison-Wesley.
San Miguel, J. (2018). Diseño y levantamiento de un sistema seguro de manejo de historias clínicas en Colombia. Universidad Nacional de Colombia. https://n9.cl/m91j0y
Schneier, B. (2000). Secrets and lies: Digital security in a networked world. John Wiley & Sons, Inc.
Schwaber, K., & Sutherland, J. (2020). The Scrum Guide: The Definitive Guide to Scrum: The Rules of the Game. https://scrumguides.org/scrum-guide.html
Stallings, W., Brown, L., & Bauer, M. (2018). Computer Security: Principles and Practice. Pearson Education Upper Saddle River, NJ, USA.
Whitman, M. E., & Mattord, H. J. (2018). Principles of Information Security. Cengage Learning.
How to Cite
Downloads
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Revista Ciberespacio, Tecnologia e Innovación
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
