Martin Tomanek

Martin Tomanek, Tomas Klima

Agile development methods are commonly used to iteratively develop the information systems and they can easily handle ever-changing business requirements. Scrum is one of the most popular agile software development frameworks. The popularity is caused by the simplified process framework and its focus on teamwork. The objective of Scrum is to deliver working software and demonstrate it to the customer faster and more frequent during the software development project. However the security requirements for the developing information systems have often a low priority. This requirements prioritization issue results in the situations where the solution meets all the business requirements but it is vulnerable to potential security threats. The major benefit of the Scrum framework is the iterative development approach and the opportunity to automate penetration tests. Therefore the security vulnerabilities can be discovered and solved more often which will positively contribute to the overall information system protection against potential hackers. In this research paper the authors propose how the agile software development framework Scrum can be enriched by considering the penetration tests and related security requirements during the software development lifecycle. Authors apply in this paper the knowledge and expertise from their previous work focused on development of the new information system penetration tests methodology PETA with focus on using COBIT 4.1 as the framework for management of these tests, and on previous work focused on tailoring the project management framework PRINCE2 with Scrum.

Martin Tomanek, Radim Cermak, Zdenek Smutny

Companies implement different frameworks and best practices with the objective to improve the project management success rate and improve the business adaptability to the changing business environment. Project management framework (PRINCE2) and agile development framework (Scrum) proved in many cases that they can meet these objectives. However, both frameworks are based on different principles and the use of both frameworks together should be carefully considered. A large amount of money and effort has been invested by companies into establishing their project management environment and processes that follow the classical phased approach where requirements are defined upfront and fixed. But companies want to react more quickly to new global challenges and to the changing business environment. These business requirements then result in the failure of many running projects. Therefore there is a need to enhance the current project management environment so that it is more agile and adoptive to changes. The objective of this paper is to create a conceptual framework that aggregates principles and processes from both frameworks (PRINCE2 and Scrum) with emphasis on their use in web development projects. This paper will discuss the advantages and disadvantages of using the two abovementioned frameworks. Different groups of readers can benefit from the results of this paper. It will help corporate management to decide how a company should set up its own specific framework for managing agile product development projects. Project managers will have a better understanding of agile development principles and how it fits in the classic project management framework. Last but not least, it will help product developers to work in more agile ways and survive in the controlled and complex project environment.

Martin Tomanek, Jan Juricek

There is a lack of formal risk management techniques in agile software development methods Scrum. The need to manage risks in agile project management is also identified by various authors. Authors of this paper conducted a survey to find out the current practices in agile project management. Furthermore authors discuss the new integrated framework of Scrum and PRINCE2 with focus on risk management. Enrichment of Scrum with selected practices from the heavy-weight project management framework PRINCE2 promises better results in delivering software products especially in global development projects.