Research Findings in the Domain of CI/CD and DevOps on Security Compliance (original) (raw)

Strategic Approaches to Digital Platform Security Assurance, 2021

Abstract

This chapter studies the mapping of governance and security control objectives impacted by DevOps to the corresponding DevOps control objectives. These DevOps objectives introduce either an opportunity or a risk for the achievement of the security and governance control objectives. Finally, the artifact defines a list of SecDevOps controls that have proven to be effective in combining the agility of the DevOps paradigm with the security compliance assurance. The authors examine in collaboration with experts the multiple frameworks to be suitable. The authors define SecDevOps controls that have proven to be effective in combining the agility of the DevOps paradigm with the security compliance assurance. To design this artefact, four widely-used frameworks/standards (COBIT 5, NIST cybersecurity framework, NIST SP 800-53, and ISO 27002) were reviewed for sufficiently detailed security and privacy control objectives and controls. Based on these criteria, NIST SP 800-53 and ISO 27002 sta...

Yuri Bobbert hasn't uploaded this paper.

Let Yuri know you want this paper to be uploaded.

Ask for this paper to be uploaded.