Cybersecurity Risk Management in Agile development: Protecting Data and System
The rapid evolution of technology and the increasing complexity of systems have made cybersecurity a critical concern for organizations, particularly in the context of Agile development. Agile methodologies prioritize flexibility, collaboration, and iterative progress, which can inadvertently introduce unique cybersecurity risks. This paper explores the integration of cybersecurity risk management practices within Agile development frameworks, emphasizing the need for organizations to proactively address vulnerabilities while maintaining the agility of their development processes.
Agile Risk Mitigation Framework
Software organisations follow different methodologies for the development of software. The software development methodologies are mainly divided into two categories, including plan-driven and agile development. To attain project success, it is very significant to consider risk management during whole project. Agile development is considered risk-driven, but many risks are unreported at the industrial level.
The benefits of agile risk management in IT projects delivered through agile methodology
Digital transformation and external digital disruption require South African financial services to deliver large IT software projects. Banks adopted new ways of working such as using an agile methodology to ensure IT Projects are delivered faster-to-market and early client involvement. The challenge is that risk management functions are not mandatorily involved before and during the execution of IT projects by the Scrum teams who deliver these IT projects, which means that other sources of risk and opportunity risks may not be identified early.
The NIST Cybersecurity Framework (CSF) 2.0
The NIST Cybersecurity Framework (CSF) 2.0 provides guidance to industry, government agencies, and other organizations to manage cybersecurity risks. It offers a taxonomy of high-level cybersecurity outcomes that can be used by any organization — regardless of its size, sector, or maturity — to better understand, assess, prioritize, and communicate its cybersecurity efforts. The CSF does not prescribe how outcomes should be achieved. Rather, it links to online resources that provide additional guidance on practices and controls that could be used to achieve those outcomes. This document describes CSF 2.0, its components, and some of the many ways that it can be used.
Cyber Risk in Central Banking (BIS)
The rising number of cyber attacks in the financial sector poses a threat to financial stability and makes cyber risk a key concern for policy makers. This paper presents the results of a survey among members of the Global Cyber Resilience Group on cyber risk and its challenges for central banks. The survey reveals that central banks have notably increased their cyber security-related investments since 2020, giving technical security control and resiliency priority. Central banks see phishing and social engineering as the most common methods of attack, and the potential losses from a systemically relevant cyber attack are deemed to be large, especially if the target is a big tech providing critical cloud infrastructures. Generally, respondents judge the preparedness of the financial sector for cyber attacks to be inadequate. While central banks in most emerging market economies provide a framework for the collection of information on cyber attacks on financial institutions, less than half of those in advanced economies do. Cooperation among public authorities, especially in the international context, could improve central banks’ ability to respond to cyber attacks.
Standard for Change Management and ACMP® Change Management Code of Ethics
Change is constant, but how we manage it evolves. Since its inception, the ACMP® Standard for Change Management© has been a trusted resource, guiding professionals worldwide in leading successful change. First published in 2014, the Standard was the result of a rigorous, collaborative effort that brought together over 1,100 change professionals from 57 countries, ensuring a methodology-neutral, globally relevant framework.
Directive in respect of Cybersecurity and Cyber-resilience within the National Payment System
In terms of section 10(1)(c) of the South African Reserve Bank Act 90 of 1989, as amended (SARB Act), the South African Reserve Bank (SARB) is required to perform such functions, implement such rules and procedures, and, in general, take such steps as may be necessary to establish, conduct, monitor, regulate and supervise payment, clearing and settlement systems.
Furthermore, the NPS Act provides for the management, administration, operation, regulation and supervision of payment, clearing and settlement systems in the Republic of South Africa, and for connected matters. The power to perform the functions as provided in the SARB Act and the NPS Act is performed by the National Payment System Department (NPSD) within the SARB. The SARB plays an important role in ensuring the safety, efficiency and resiliency of the national payment system (NPS).
IRMSA Risk Report – South Africa Risks 2015
The first annual Institute of Risk Management South Africa’s (IRMSA) South Africa Risks Report 2015 has been compiled within a specific context – that of a country still reeling from political and economic turmoil.
The Association of Mineworkers and Construction Union (AMCU) on 29 July 2014 announced the end of a 5-month platinum sector strike by 80,000 workers which resulted in a fall of nearly 25% in mining production. South Africa’s credit rating was downgraded by Standard & Poor’s (S&P) and Moody’s. The country’s outlook was shifted from stable to negative by Fitch Ratings, meaning that the country is a single notch away from junk status. The South African government continued to experience difficulties to meet the expectations of the population in terms of the fight against unemployment, poverty and corruption, potentially giving rise to increased social instability. The International Monetary Fund (IMF) slashed its economic growth forecast for South Africa by 0,3 percentage points to only 1,4% for 2014 and by 0,4 percentage points to 2,3% for 2015, suggesting that the sustainability of the country’s economy is under severe pressure.
IRMSA Risk Report – South Africa Risks 2016
The second edition of the IRMSA South Africa Risks Report is presented during a volatile period in the country’s development, highlighted by Fitch, Standard & Poor’s and Moody’s all lowering their outlook on South Africa’s credit rating to essentially one notch above junk status in December 2015, the rand trading at its worst-ever levels against the pound and the dollar in nominal terms in the same month, Pravin Gordhan being named the third finance minister in less than a week, and widespread public protests. These and other events are occurring as South Africa grapples with the worst drought to hit the country in decades.
IRMSA Risk Report – South Africa Risks 2017
The third edition of the IRMSA South Africa Risks Report is presented at a time of profound change. The populist anti-globalization wave that produced majority votes for Donald Trump in the United States and for Brexit in the United Kingdom is the consequence of the “anti-establishment” flag that has been raising its head around the world. This flag has been discussed by Clem Sunter and Dr Chantell Ilbury at the IRMSA Risk Report launches over the past two years and represents the growing lack of faith in professional politicians in America, Britain, Europe, Australia and many other countries. Trends and events of this nature remind us that South Africa and organisations operating within its borders are exposed to a myriad of external threats and opportunities, beyond those that are solely internally driven. South Africa’s risk landscape has been equally, or perhaps even more, volatile than the global environment during 2016.