Strategy Indicators for Secure Software Development Lifecycle in Software Startups Based on Information Security Governance

Abstract

The development of startup software is massive because many services have turned digital. Various applications have emerged that match their functions by taking advantage of the momentum of digital transformation. For example, applications for the Education sector, industrial sector, and economic sector. With their top priority being generating applications, the security factor becomes less of a concern. This is evidenced by the many data breaches that have caused losses to serious companies and public institutions. This is where the role of top-level management emerges in restructuring the company’s strategy, especially software startups, to support producing more secure applications. In this study, the RACI matrix is used to determine who is suitable for implementing a security strategy in information security governance within the organizational structure of the software startup. Where this study starts from stakeholder identification, top-level management roles in software startup, and activities in the secure software development lifecycle. And the results of this study are strategy indicators that are suitable for software startup.