Corresponding author: Andreas Riel ( andreas.riel@grenoble-inp.fr ) © Alexander Poth, Mario Kottke, Kerstin Middelhauve, Torsten Mahr, Andreas Riel. This is an open access article distributed under the terms of the Creative Commons Attribution License (CC BY-ND 4.0). This license allows reusers to copy and distribute the material in any medium or format in unadapted form only, and only so long as attribution is given to the creator. The license allows for commercial use. Citation:
Poth A, Kottke M, Middelhauve K, Mahr T, Riel A (2021) Lean integration of IT security and data privacy governance aspects into product development in agile organizations. JUCS - Journal of Universal Computer Science 27(8): 868-893. https://doi.org/10.3897/jucs.71770 |
This article deals with the design of a product development-specific framework to support lean and adequate governance. This framework is based on layers of product-specific standards and regulations. The layers can be merged into a specific set to address the demands of a product to fit the state-of-the-art requirements of its domain. For the product domain, specific layers are presented with examples from IT security and data privacy for the software development phase. The approach is generic and can be extended to other domains like finance services or embedded products and their life-cycle phases.