Integrating Governance, Technical Controls, and Agile Practices: A Multi Layered Risk Management Framework for High Technology Projects
DOI:
https://doi.org/10.61978/novatio.v2i3.851Keywords:
Risk Management, High Technology Projects, ISO 31000, NIST SP 800 53, Agile Risk Management, AI in Risk MonitoringAbstract
High technology project environments present a complex landscape of interdependent risks spanning governance, technical, and operational domains. This study examines the integration of governance structures, domain specific technical controls, and agile risk management practices to address these multifaceted challenges. The research highlights the strategic synergy between frameworks such as ISO 31000, ISO/IEC 27005, NIST SP 800 53, and the NIST AI RMF, combined with agile techniques like SAFe ROAM, to create a comprehensive, layered risk management architecture. This approach enables precise risk identification, robust mitigation planning, and responsive adaptation to rapidly evolving technological and market conditions. The methodology involved analyzing best practices in cross framework integration, risk mapping, and agile tracking methods, supported by case studies and empirical literature. Key findings show that multi-layered frameworks improve adaptability, strengthen decision making, and enhance transparency. They also create a shared risk language across technical, managerial, and executive levels, which improves communication and coordination. Results reveal that challenges persist, including coordination complexity, cultural resistance, and potential duplication when frameworks are not harmonized. Addressing these issues requires deliberate integration planning, stakeholder engagement, and change management strategies. In addition, adopting AI and automation improves real-time risk detection, dynamic control mapping, and continuous monitoring. These capabilities help organizations maintain compliance and resilience in rapidly changing regulatory environments. In conclusion, multi layered risk management frameworks represent a strategic imperative for organizations operating in high tech sectors. By combining governance oversight, technical precision, and agile adaptability, these frameworks deliver resilience, foresight, and agility essential for sustainable growth and long term competitive advantage.
References
Akerele, J. I., Uzoka, A., Ojukwu, P. U., & Olamijuwon, O. J. (2024). Increasing Software Deployment Speed in Agile Environments Through Automated Configuration Management. International Journal of Engineering Research Updates, 7(2), 028–035. https://doi.org/10.53430/ijeru.2024.7.2.0047 DOI: https://doi.org/10.53430/ijeru.2024.7.2.0047
Akhtar, Z. B., & Rawol, A. T. (2024). Harnessing Artificial Intelligence (AI) for Cybersecurity: Challenges, Opportunities, Risks, Future Directions. Comput. Artif. Intell., 2(2), 1485. https://doi.org/10.59400/cai.v2i2.1485 DOI: https://doi.org/10.59400/cai.v2i2.1485
Alamri, A., Harfash, S., & Alsaleem, N. (2024). Comparative Analysis of Traditional, Agile, and Flexible Management Approaches (Exploring Differences, Compatibility, and Impacts on Organizational Performance). Academic Journal of Research and Scientific Publishing, 6(67), 143–155. https://doi.org/10.52132/ajrsp.e.2024.67.6 DOI: https://doi.org/10.52132/Ajrsp.e.2024.67.6
Al‐Quayed, F., Ahmad, Z., & Humayun, M. (2024). A Situation Based Predictive Approach for Cybersecurity Intrusion Detection and Prevention Using Machine Learning and Deep Learning Algorithms in Wireless Sensor Networks of Industry 4.0. Ieee Access, 12, 34800–34819. https://doi.org/10.1109/access.2024.3372187 DOI: https://doi.org/10.1109/ACCESS.2024.3372187
Babalola, D. O., Adedoyin, A., Ogundipe, F., Folorunso, A., & Nwatu, C. E. (2024). Policy Framework for Cloud Computing: AI, Governance, Compliance and Management. Global Journal of Engineering and Technology Advances, 21(2), 114–126. https://doi.org/10.30574/gjeta.2024.21.2.0212 DOI: https://doi.org/10.30574/gjeta.2024.21.2.0212
Babayev, I., & QULUZADA, S. (2025). Integration of Modern Methodologies With Pmo in the Management of Investment Projects. Economics of the Transport Complex, 45, 171. https://doi.org/10.30977/etk.2225-2304.2025.45.171 DOI: https://doi.org/10.30977/ETK.2225-2304.2025.45.171
Bao, Y., Cheng, X., Su, L., & Zarifis, A. (2024). Achieving Employees’ Agile Response in E-Governance: Exploring the Synergy of Technology and Group Collaboration. Group Decision and Negotiation, 34(2), 209–234. https://doi.org/10.1007/s10726-024-09911-y DOI: https://doi.org/10.1007/s10726-024-09911-y
Barrett, M., Marron, J., Pillitteri, V., Boyens, J. M., Quinn, S., Witte, G., & Feldman, L. (2021). Approaches for Federal Agencies to Use the Cybersecurity Framework. https://doi.org/10.6028/nist.ir.8170-upd DOI: https://doi.org/10.6028/NIST.IR.8170-upd
Batista, F., Pereira, L., Costa, R. L. D., & António, N. (2022). Agile Project and Portfolio Management: A Systematic Literature Review. International Journal of Process Management and Benchmarking, 12(4), 471. https://doi.org/10.1504/ijpmb.2022.123742 DOI: https://doi.org/10.1504/IJPMB.2022.123742
Binamungu, L. P., & Mahundi, M. (2022). Investigating the Support for Agility in Developing Government Software Systems: A Case of Three East African Countries. Tanzania Journal of Engineering and Technology, 41(3), 1–13. https://doi.org/10.52339/tjet.v41i3.839 DOI: https://doi.org/10.52339/tjet.v41i3.839
Blair, G., Woodcock, H., Pagano, R., & Endlar, L. (2024). Constructing a Risk Management Framework to Protect the Organization. J.UTEC.Eng.Manag, 2(01), 113–124. https://doi.org/10.36344/utecem.2024.v02i01.010 DOI: https://doi.org/10.36344/utecem.2024.v02i01.010
Camacho, N. (2024). The Role of AI in Cybersecurity: Addressing Threats in the Digital Age. Jaigs, 3(1), 143–154. https://doi.org/10.60087/jaigs.v3i1.75 DOI: https://doi.org/10.60087/jaigs.v3i1.75
Cheimonidis, P., & Rantos, K. (2023). Dynamic Risk Assessment in Cybersecurity: A Systematic Literature Review. Future Internet, 15(10), 324. https://doi.org/10.3390/fi15100324 DOI: https://doi.org/10.3390/fi15100324
Du, J., Peng, S., & Jisheng, P. (2020). Research on Technology Innovation Risk Evaluation of High-Tech Enterprises Based on Fuzzy Evaluation. Journal of Intelligent & Fuzzy Systems, 38(6), 6805–6814. https://doi.org/10.3233/jifs-179758 DOI: https://doi.org/10.3233/JIFS-179758
Familoni, B. T. (2024). Cybersecurity Challenges in the Age of Ai: Theoretical Approaches and Practical Solutions. Computer Science & It Research Journal, 5(3), 703–724. https://doi.org/10.51594/csitrj.v5i3.930 DOI: https://doi.org/10.51594/csitrj.v5i3.930
Folorunso, A., Adewumi, T., Adewa, A., Okonkwo, R., & Olawumi, T. N. (2024). Impact of AI on Cybersecurity and Security Compliance. Global Journal of Engineering and Technology Advances, 21(1), 167–184. https://doi.org/10.30574/gjeta.2024.21.1.0193 DOI: https://doi.org/10.30574/gjeta.2024.21.1.0193
Ganin, A. A., Quach, P., Panwar, M., Collier, Z. A., Keisler, J. M., Marchese, D., & Linkov, I. (2017). Multicriteria Decision Framework for Cybersecurity Risk Assessment and Management. Risk Analysis, 40(1), 183–199. https://doi.org/10.1111/risa.12891 DOI: https://doi.org/10.1111/risa.12891
García, F., Hauck, J. C. R., & Borgatto, A. F. (2024). How Do Agile Organizations Manage Risks: An Analysis of the State of Practice in Brazil. 80–91. https://doi.org/10.5753/sbes.2024.3292 DOI: https://doi.org/10.5753/sbes.2024.3292
Gent, I. v., Rocca, G. L., & Veldhuis, L. L. (2017). Composing MDAO Symphonies: Graph-Based Generation and Manipulation of Large Multidisciplinary Systems. https://doi.org/10.2514/6.2017-3663 DOI: https://doi.org/10.2514/6.2017-3663
Gobile, S., & Awoyemi, O. (2025). The Agile Legal Management Framework: Bridging Legal and Technology Gaps in Corporate Affairs. International Journal of Scientific Research in Computer Science Engineering and Information Technology, 11(3), 761–773. https://doi.org/10.32628/cseit25113332 DOI: https://doi.org/10.32628/CSEIT25113332
Handaragal, R. (2025). Agile for SCM/ERP Implementations: Challenges, Conflict Management, and Strategies for Success. Journal of Information Systems Engineering & Management, 10(4), 1365–1378. https://doi.org/10.52783/jisem.v10i4.10657 DOI: https://doi.org/10.52783/jisem.v10i4.10657
Hoang, V. A., Thai, A., Le, P. U., Nguyen, T. H., & Dang, M. (2025). Corruption Control, High-Tech Acquisitions, and the Role of Power Distance. Sage Open, 15(1). https://doi.org/10.1177/21582440251323664 DOI: https://doi.org/10.1177/21582440251323664
Islam, S., Basheer, N., Silvestri, S., Papastergiou, S., & Ciampi, M. (2024). Intelligent Dynamic Cybersecurity Risk Management Framework With Explainability and Interpretability of AI Models for Enhancing Security and Resilience of Digital Infrastructure. https://doi.org/10.21203/rs.3.rs-4796809/v1 DOI: https://doi.org/10.21203/rs.3.rs-4796809/v1
Jerbi, D. (2023). Beyond Firewalls: Navigating the Jungle of Emerging Cybersecurity Trends. Journal of Current Trends in Computer Science Research, 2(2). https://doi.org/10.33140/jctcsr.02.02.14 DOI: https://doi.org/10.33140/JCTCSR.02.02.14
Kalva, P., -, S. P., & -, S. C. (2024). Adaptive Security Paradigms: The Role of Al in Safeguarding Distributed Data Across Multi-Cloud Platforms. International Journal for Multidisciplinary Research, 6(5). https://doi.org/10.36948/ijfmr.2024.v06i05.29551 DOI: https://doi.org/10.36948/ijfmr.2024.v06i05.29551
Karampa, V., & Paraskeva, F. (2024). Team Effectiveness of Higher Education Students Through Project-Based and Agile Education for Sustainable Development. https://doi.org/10.54941/ahfe1004554 DOI: https://doi.org/10.54941/ahfe1004554
Katrakazas, P., & Papastergiou, S. (2024). A Stakeholder Needs Analysis in Cybersecurity: A Systemic Approach to Enhancing Digital Infrastructure Resilience. Businesses, 4(2), 225–240. https://doi.org/10.3390/businesses4020015 DOI: https://doi.org/10.3390/businesses4020015
Kaur, J., Hasan, S. H., Orthi, S. M., Miah, M. A., Goffer, M. A., Barikdar, C. R., & Hassan, J. (2024). Advanced Cyber Threats and Cybersecurity Innovation—Strategic Approaches and Emerging Solutions. Journal of Computer Science and Technology Studies, 5(3), 112–121. https://doi.org/10.32996/jcsts.2023.5.3.9 DOI: https://doi.org/10.32996/jcsts.2023.5.3.9
Kloukiniotis, A., Papandreou, A. G., Lalos, A. S., Kapsalas, P., Nguyen, D.-V., & Μουστάκας, Κ. (2022). Countering Adversarial Attacks on Autonomous Vehicles Using Denoising Techniques: A Review. Ieee Open Journal of Intelligent Transportation Systems, 3, 61–80. https://doi.org/10.1109/ojits.2022.3142612 DOI: https://doi.org/10.1109/OJITS.2022.3142612
Krishankumar, R., Mishra, A. R., Cavallaro, F., Zavadskas, E. K., Antuchevičienė, J., & Ravichandran, K. S. (2022). A New Approach to the Viable Ranking of Zero-Carbon Construction Materials With Generalized Fuzzy Information. Sustainability, 14(13), 7691. https://doi.org/10.3390/su14137691 DOI: https://doi.org/10.3390/su14137691
Kure, H. I., Islam, S., & Razzaque, M. A. (2018). An Integrated Cyber Security Risk Management Approach for a Cyber-Physical System. Applied Sciences, 8(6), 898. https://doi.org/10.3390/app8060898 DOI: https://doi.org/10.3390/app8060898
Lai, Y., & Ishizaka, A. (2020). The Application of Multi-Criteria Decision Analysis Methods Into Talent Identification Process: A Social Psychological Perspective. Journal of Business Research, 109, 637–647. https://doi.org/10.1016/j.jbusres.2019.08.027 DOI: https://doi.org/10.1016/j.jbusres.2019.08.027
Lee, K., & Wang, L.-Y. (2023). Chinese High-Tech Export Performance: Effects of Intellectual Capital Mediated by Dynamic and Risk Management Capabilities. Sage Open, 13(1). https://doi.org/10.1177/21582440231153039 DOI: https://doi.org/10.1177/21582440231153039
Lewis, A. (2022). Agile Project Management Facilitates Efficient and Collaborative Collection Development Work. Evidence Based Library and Information Practice, 17(4), 170–172. https://doi.org/10.18438/eblip30221 DOI: https://doi.org/10.18438/eblip30221
Mamais, F., Jasdhaul, M., Gawlinski, A., Lawanson-Nichols, M., Kao, Y.-H., Branom, R., & Ansryan, L. Z. (2022). The Agile Clinical Nurse Specialist. Clinical Nurse Specialist, 36(4), 190–195. https://doi.org/10.1097/nur.0000000000000682 DOI: https://doi.org/10.1097/NUR.0000000000000682
Mansour, R. F. (2022). Artificial Intelligence Based Optimization With Deep Learning Model for Blockchain Enabled Intrusion Detection in CPS Environment. Scientific Reports, 12(1). https://doi.org/10.1038/s41598-022-17043-z DOI: https://doi.org/10.1038/s41598-022-17043-z
Matthies, C., Kowark, T., Richly, K., Uflacker, M., & Plattner, H. (2016). ScrumLint. 40–43. https://doi.org/10.1145/2897586.2897602 DOI: https://doi.org/10.1145/2897586.2897602
Mavani, C. (2025). Enhancing Cybersecurity With AI and Machine Learning: Automated Threat Detection in DevOps and Cloud Environments. Journal of Information Systems Engineering & Management, 10(37s), 875–886. https://doi.org/10.52783/jisem.v10i37s.6737 DOI: https://doi.org/10.52783/jisem.v10i37s.6737
Okoye, C. C., Nwankwo, E. E., Usman, F. O., Mhlongo, N. Z., Odeyemi, O., & Ike, C. U. (2024). Accelerating SME Growth in the African Context: Harnessing FinTech, AI, and Cybersecurity for Economic Prosperity. International Journal of Science and Research Archive, 11(1), 2477–2486. https://doi.org/10.30574/ijsra.2024.11.1.0231 DOI: https://doi.org/10.30574/ijsra.2024.11.1.0231
Ononiwu, M. (2025). Investigating Agile Portfolio Management Techniques for Prioritizing Strategic Initiatives in Large-Scale Government IT Projects. International Journal of Management & Entrepreneurship Research, 7(6), 464–483. https://doi.org/10.51594/ijmer.v7i6.1941 DOI: https://doi.org/10.51594/ijmer.v7i6.1941
Owolabi, I. O., Mbabie, C. K., & Obiri, J. C. (2024). AI-Driven Cybersecurity in FinTech &Amp; Cloud: Combating Evolving Threats With Intelligent Defense Mechanisms. Ijmrset, 07(12). https://doi.org/10.15680/ijmrset.2024.0712004 DOI: https://doi.org/10.15680/IJMRSET.2024.0712004
Pasupuleti, V. S. M., Gupta, R. K., & Rachamalla, D. (2025). Intelligent Cloud-Native Architectures for Secure, Scalable, and AI-Driven Digital Transformation in Retail and Insurance Domains. PJCS. https://doi.org/10.70389/pjcs.100009 DOI: https://doi.org/10.70389/PJCS.100009
Patil, D., Rane, N. L., & Rane, J. (2024). Future Directions for ChatGPT and Generative Artificial Intelligence in Various Business Sectors. https://doi.org/10.70593/978-81-981367-8-7_7 DOI: https://doi.org/10.70593/978-81-981367-8-7_7
Paul, S., Bolesnikov, M., Stojanović, K., Silić, D., & Njegovan, M. (2025). Strategy to Develop Project by Using Hybrid Approach. 1, 448–455. https://doi.org/10.24867/future-bme-2024-050 DOI: https://doi.org/10.24867/FUTURE-BME-2024-050
Pinto, H. W. (2023). Exploring the Implementation of Agile Project Management in the United States Construction Industry: Benefits, Challenges, and Success Factors. Journal of Entrepreneurship & Project Management, 7(7), 11–23. https://doi.org/10.53819/81018102t4163 DOI: https://doi.org/10.53819/81018102t4163
Radanliev, P., Roure, D. D., Maple, C., & Ani, U. (2023). Super-Forecasting The ‘technological Singularity’ risks From Artificial Intelligence. https://doi.org/10.21203/rs.3.rs-919939/v1 DOI: https://doi.org/10.21203/rs.3.rs-919939/v1
Rahman, A. (2024). It Project Management Frameworks: Evaluating Best Practices and Methodologies for Successful It Project Management. Ajsteme, 1(01), 57–76. https://doi.org/10.69593/ajaimldsmis.v1i01.128 DOI: https://doi.org/10.69593/ajaimldsmis.v1i01.128
Salameh, A., & Bass, J. M. (2021). An Architecture Governance Approach for Agile Development by Tailoring the Spotify Model. Ai & Society, 37(2), 761–780. https://doi.org/10.1007/s00146-021-01240-x DOI: https://doi.org/10.1007/s00146-021-01240-x
Shaik, S. (2024). Advancement of Incident Response Plans: Bridging Gaps in SDLC With Security Integration in Agile Development. International Journal of Multidisciplinary Research and Growth Evaluation, 5(2), 1031–1034. https://doi.org/10.54660/.ijmrge.2024.5.2.1031-1034 DOI: https://doi.org/10.54660/.IJMRGE.2024.5.2.1031-1034
Simard, M., & Lapalme, J. (2019). Self-Organizing Is Not Self-Managing: A Case Study About Governance Challenges in an Agile IT Unit and Its Scrum Projects. https://doi.org/10.24251/hicss.2019.784 DOI: https://doi.org/10.24251/HICSS.2019.784
Surenthran, D. P., Umamaheswari, S., Blessie, P. R., Karthick, K., Nithyakarpgam, A., & Devapitchai, J. J. (2024). Agile Sustainability Revolutionizing Risk Management in Finance. 249–268. https://doi.org/10.4018/979-8-3693-6274-7.ch014 DOI: https://doi.org/10.4018/979-8-3693-6274-7.ch014
Tak, A., & Chahal, S. C. S. (2024). Risk Management in Agile Al/Ml Projects: Identifying and Mitigating Data and Model Risks. Journal of Technology and Systems, 6(3), 1–18. https://doi.org/10.47941/jts.1824 DOI: https://doi.org/10.47941/jts.1824
Thom-Manuel, O. M. (2022). Explicit Risk Management in Agile Software Projects: Its Relevance and Benefits. Asian Journal of Research in Computer Science, 12–24. https://doi.org/10.9734/ajrcos/2022/v14i330340 DOI: https://doi.org/10.9734/ajrcos/2022/v14i330340
Tiwari, A. (2024). Collaborative Governance and Integrated Risk Management Framework of Natural Disasters. Journal of Asia Business Studies, 18(6), 1668–1686. https://doi.org/10.1108/jabs-10-2022-0342 DOI: https://doi.org/10.1108/JABS-10-2022-0342
Uwadi, M., Gregory, P., Allison, I., & Sharp, H. (2022). Roles Of Middle Managers In Agile Project Governance. 65–81. https://doi.org/10.1007/978-3-031-08169-9_5 DOI: https://doi.org/10.1007/978-3-031-08169-9_5
Verma, P., & Tyagi, A. (2025). Agile Methodologies in Database Management: Discussing the Application of Agile Scrum and Kanban in Database Administration. Ijrmeet, 13(4), 224–243. https://doi.org/10.63345/ijrmeet.org.v13.i4.13 DOI: https://doi.org/10.63345/ijrmeet.org.v13.i4.13
Vieira, M., Hauck, J. C. R., & Matalonga, S. (2020). How Explicit Risk Management Is Being Integrated Into Agile Methods: Results From a Systematic Literature Mapping. 1–10. https://doi.org/10.1145/3439961.3439976 DOI: https://doi.org/10.1145/3439961.3439976
Vududala, S. K. (2020). Best Practices for Implementing Scrum in Jira. International Journal of Multidisciplinary Research and Growth Evaluation, 1(1), 106–109. https://doi.org/10.54660/.ijmrge.2020.1.1.106-109 DOI: https://doi.org/10.54660/.IJMRGE.2020.1.1.106-109
Wang, Z., Yao, Y., & Cai, S. (2025). Authentic leadership and employee expediency: A moderated mediation framework. Journal of Managerial Psychology, ahead-of-print(ahead-of-print). https://doi.org/10.1108/JMP-11-2023-0682 DOI: https://doi.org/10.1108/JMP-11-2023-0682
Wiedemann, A. (2018). IT Governance Mechanisms for DevOps Teams—How Incumbent Companies Achieve Competitive Advantages. https://doi.org/10.24251/hicss.2018.617 DOI: https://doi.org/10.24251/HICSS.2018.617
Wijaya, R., Kumorotomo, W., Ratminto, R., & Djunaedi, A. (2024). Government Organization Adaptation to Implement Agile Practices in Provincial Smart City Agency. Eduvest - Journal of Universal Studies, 4(9), 8024–8045. https://doi.org/10.59188/eduvest.v4i9.30330 DOI: https://doi.org/10.59188/eduvest.v4i9.30330
