Affiliation:
1. ON2IT BV, The Netherlands & Antwerp Management School, University of Antwerp, Belgium
2. BNP Paribas Group, Belgium
Abstract
This chapter studies the mapping of governance and security control objectives impacted by DevOps to the corresponding DevOps control objectives. These DevOps objectives introduce either an opportunity or a risk for the achievement of the security and governance control objectives. Finally, the artifact defines a list of SecDevOps controls that have proven to be effective in combining the agility of the DevOps paradigm with the security compliance assurance. The authors examine in collaboration with experts the multiple frameworks to be suitable. The authors define SecDevOps controls that have proven to be effective in combining the agility of the DevOps paradigm with the security compliance assurance. To design this artefact, four widely-used frameworks/standards (COBIT 5, NIST cybersecurity framework, NIST SP 800-53, and ISO 27002) were reviewed for sufficiently detailed security and privacy control objectives and controls. Based on these criteria, NIST SP 800-53 and ISO 27002 standards were selected for comparison and mapping with (Sec)DevOps controls in this research.
Reference54 articles.
1. Aljundi, M. (2018). Tools and Practices to Enhance DevOps Core Values (Master's Thesis). Lappeenranta University of Technology, School of Business and Management.
2. Securing a Deployment Pipeline.;L. H.Bass;Proceedings of the Third International Workshop on Release Engineering,2015
3. Betz, C. O. (2016). The Impact of Digital Transformation, Agile, and DevOps on Future IT Curricula. SIGITE’16.
4. Simplifying the DevOps Adoption Process.;I. K.Bucena;BIR Workshop,2017
5. DevOps: Making It Easy to Do the Right Thing.;M. S.Callanan;IEEE Software,2016