Sara B. O. Gennari Carturan
ABSTRACT
There are many aspects that involve the development of secure software. Regardless of the development model, the verification and validation of security must always be present, in all environments and stages. Systems-of-Systems (SoS) refer to a complex system that comprises other systems (the constituent systems), which have operational and managerial independence, geographical distribution, emergent behavior, and evolutionary development processes. By integrating cloud computing applications and services into a complex existing system, many challenges arise, especially those related to security issues. In this paper, it is proposed a security framework to guide the planning and definition phases of security requirements for SoS considering agile methods for application development and a DevSecOps approach. By using a checklist and some questions to identify which security aspects should be included, security drivers were obtained to integrate cloud computing in a SoS context, taking into account the perspectives of existing IT Governance Model, IT Operational Model, and IT Processes. Additionally, it is emphasized the need for a human resources management that aims at the positive acceptance of organizational change by all involved.
- ISO/IEC 27000:2018, Information technology - Security techniques - Information security management systems - Overview and vocabularyGoogle Scholar
- ISO/IEC 27001:2013, Information technology - Security techniques - Information security management systems - RequirementsGoogle Scholar
- M. P. Correia and P. J. Sousa. 2017. Secure Software. (2nd. ed.). ISBN-13: 9789727228584Google Scholar
- Systems Security Engineering - Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems. NIST Special Publication 800-160. Updated March 2018.Google Scholar
- INCOSE Systems Engineering Handbook, 4th Edition, John Wiley & Sons Inc., 2015Google Scholar
- A. Habl, O. Kipouridis and J. Fottner, "Deploying microservices for a cloud-based design of system-of-systems in intralogistics", IEEE 15th International Conference on Industrial Informatics (INDIN), July 2017, Emden, GermanyGoogle ScholarCross Ref
- L. Riungu-Kalliosaari, L. E. Lwakatare and S. Makinen T. Männistö. DevOps Adoption Benefits and Challenges in Practice: A Case Study. Product-Focused Software Process Improvement: 17th International Conference, PROFES 2016, Trondheim, Norway, November 22--24, 2016, Proceedings (pp.590--597).Google Scholar
- ISO/IEC 27017:2015, Information technology - Security techniques - Code of practice for information security controls based on ISO/IEC 27002 for cloud servicesGoogle Scholar
- Project Management Institute (PMI) - PMBOK® Guide. A Guide to the Project Management Body of Knowledge, 6th. ed., 2017.Google Scholar
- H. Kezner, "Project Management: A Systems Approach to Planning, Scheduling and Controlling", 12th. ed., Wiley, 2017.Google Scholar
- M. Rokeach. The nature of human values. 1973. New York, NY. The Free Press.Google Scholar
- M. Rokeach. Understanding human values - Individual and Societal.2008.New York, NY. The Free Press.Google Scholar
- R. A. Noe, J. R. Hollenbeck, B. Gerhart and P. M. Wright. Human resource management: Gaining a competitive advantage. 2017.Google Scholar
- P. Boxall and J. Purcell. Strategy and Human Resource Management. 3rd. ed., 2011.Google Scholar
- S. H. Schwartz. An Overview of the Schwartz Theory of Basic Values. Online Readings in Psychology and Culture. 2012.Google Scholar
- S. H. Schwartz. Universals in the Content and Structure of Values: Theoretical Advances and Empirical Tests in 20 Countries, Advances in Experimental Social Psychology Vol. 25, Elsevier, pp. 1--65Google Scholar
Recommendations
Implementing Secure DevOps assessment for highly regulated environments
ARES '17: Proceedings of the 12th International Conference on Availability, Reliability and SecuritySecure DevOps has become a standard option for entities seeking to streamline and increase comprehensive participation by all stakeholders in their secure Security Development Lifecycle (SDLC)[1]. In most case in industry, academia, and government, ...
Major challenges of systems-of-systems with cloud and DevOps: a financial experience report
SESoS-WDES '19: Proceedings of the 7th International Workshop on Software Engineering for Systems-of-Systems and 13th Workshop on Distributed Software Development, Software Ecosystems and Systems-of-SystemsThe term Systems-of-Systems (SoS) refers to a complex system that comprises other systems (the constituent systems), which have operational and managerial independence, geographical distribution, emergent behavior, and evolutionary development ...
Modeling continuous security: A conceptual model for automated DevSecOps using open-source software over cloud (ADOC)
AbstractAgile software development methodology and DevOps, together, have helped the business to achieve agility and velocity in delivering time-to-market applications and services. Open-source software (OSS) and cloud technologies are taking ...
Comments