Never Overlook Security Awareness on Deployment

Rizki Sadewa; Muharman Lubis; Edi Triono Nuryatno

doi:10.62123/aqila.v1i1.25

Authors

Rizki Sadewa Telkom University
Muharman Lubis Telkom University
Edi Triono Nuryatno University of Western Australia

DOI:

https://doi.org/10.62123/aqila.v1i1.25

Keywords:

Security Awareness, Deployment, DevSecOps, Kubernetes

Abstract

Since preliminary evidence supports the association between security culture and information security awareness (ISA), more research is needed to determine how it interacts with organizational culture. Beyond variations in respondent nation or gender, the study's findings also demonstrate an association between stronger cyber expertise and level of cyber awareness. Additionally, awareness is linked to defense mechanisms but not the information they were willing to divulge. People play an even more important role in the collaboration between those teams and the security team when security is incorporated into DevOps practices. Furthermore, security is crucial when creating essential systems since it allows us to control objectives, risks, and evidence. Labor only starts after implementing security into the DevOps toolchain. To establish a security culture, we are additionally required to start with behavioral alterations. One of the largest Sharia banks in Indonesia anticipated cyberattacks in 2023, demonstrating to us how crucial security is in the modern world. Although no one could claim that using one of the security solutions would guarantee absolute safety, information security technology is quite dynamic. Future studies could improve on the current findings by taking into account national culture. This study has the aim of proving that we are never satisfied by current security maturity even if you or your company is implementing the best security tools, because the vulnerability can come from that deployment and wherever the environment itself.

References

M. Sánchez-Gordón and R. Colomo-Palacios, “Security as Culture: A Systematic Literature Review of DevSecOps,” in Proceedings of the IEEE/ACM 42nd International Conference on Software Engineering Workshops, 2020, pp. 266–269, doi: 10.1145/3387940.3392233.

A. Wiley, A. McCormac, and D. Calic, “More than the individual: Examining the relationship between culture and Information Security Awareness,” Comput. Secur., vol. 88, p. 101640, 2020, doi: https://doi.org/10.1016/j.cose.2019.101640.

M. A. Akbar, K. Smolander, S. Mahmood, and A. Alsanad, “Toward successful DevSecOps in software development organizations: A decision-making framework,” Inf. Softw. Technol., vol. 147, p. 106894, 2022, doi: https://doi.org/10.1016/j.infsof.2022.106894.

A. R. Ahlan, M. Lubis, and A. R. Lubis, “Information Security Awareness at the Knowledge-Based Institution: Its Antecedents and Measures,” in Procedia Computer Science, 2015, vol. 72, doi: 10.1016/j.procs.2015.12.151.

M. S. Islam Shamim, F. Ahamed Bhuiyan, and A. Rahman, “XI Commandments of kubernetes security: A systematization of knowledge related to kubernetes security practices,” Proc. - 2020 IEEE Secur. Dev. SecDev 2020, pp. 58–64, 2020, doi: 10.1109/SecDev45635.2020.00025.

R. Jabbari, N. bin Ali, K. Petersen, and B. Tanveer, “What Is DevOps? A Systematic Mapping Study on Definitions and Practices Ramtin,” in DevOps on the Microsoft Stack, Berkeley, CA: Apress, 2016, pp. 3–8.

J. Roche, “Adopting DevOps Practices in Quality Assurance: Merging the art and science of software development,” Queue, vol. 11, no. 9, pp. 20–27, Sep. 2013, doi: 10.1145/2538031.2540984.

F. Erich, C. Amrit, and M. Daneva, “Report: DevOps Literature Review,” https://www.researchgate.net/publication/267330992_Report_DevOps_Literature_Review, no. October, pp. 1–27, 2014, doi: 10.13140/2.1.5125.1201.

M. Soni, “End to End Automation on Cloud with Build Pipeline: The Case for DevOps in Insurance Industry, Continuous Integration, Continuous Testing, and Continuous Delivery,” in 2015 IEEE International Conference on Cloud Computing in Emerging Markets (CCEM), 2015, pp. 85–89, doi: 10.1109/CCEM.2015.29.

J. Wettinger, V. Andrikopoulos, and F. Leymann, “Automated Capturing and Systematic Usage of DevOps Knowledge for Cloud Applications,” Proc. IEEE …, 2015, [Online]. Available: http://www.iaas.uni-stuttgart.de/RUS-data/INPROC-2015-01 - Automated Capturing and Systematic Usage of DevOps Knowledge for Cloud Applications.pdf.

G. B. Ghantous and A. Gill, “DevOps: Concepts Practices, Tools, Benefits andChallenges,” PACIS 2017 Proc., p. 1, 2017, [Online]. Available: http://aisel.aisnet.org/pacis2017/96.

H. Myrbakken and R. Colomo-Palacios, “DevSecOps: A Multivocal Literature Review,” 2017, pp. 17–29.

P. Mell and T. Grance, “The NIST Definition of Cloud Computing,” 2011.

B. Fitzgerald and K.-J. Stol, “Continuous software engineering: A roadmap and agenda,” J. Syst. Softw., vol. 123, pp. 176–189, 2017, doi: https://doi.org/10.1016/j.jss.2015.06.063.

Humble Jez and Molesky Joanne, “Why Enterprises Must Adopt Devops to Enable Continuous Delivery,” no. August, pp. 6–12, 2011, [Online]. Available: www.cutter.com.

F. A. Aloul, “The Need for Effective Information Security Awareness,” J. Adv. Inf. Technol., vol. 3, no. 3, 2012, doi: 10.4304/jait.3.3.176-183.

Z. A. Khattak, J. A. Manan, and S. Sulaiman, “Analysis of Open Environment Sign-in Schemes-Privacy Enhanced & Trustworthy Approach,” J. Adv. Inf. Technol., vol. 2, no. 2, pp. 109–121, 2011, doi: 10.4304/jait.2.2.109-121.

A. Bahaa, A. Abdelaziz, A. Sayed, L. Elfangary, and H. Fahmy, “Monitoring Real Time Security Attacks for IoT Systems Using DevSecOps: A Systematic Literature Review,” Information, vol. 12, no. 4. 2021, doi: 10.3390/info12040154.

A. Carrera-Rivera, F. Larrinaga, and G. Lasa, “Context-awareness for the design of Smart-product service systems: Literature review,” Comput. Ind., vol. 142, p. 103730, 2022, doi: https://doi.org/10.1016/j.compind.2022.103730.