Self-Service Cybersecurity Monitoring as Enabler for DevSecOps.

This paper focuses on self-service cybersecurity monitoring as an enabler to introduce security practices in a DevOps environment. ... This self-service monitoring/alerting allows breaking silos between dev, ops, and sec teams by opening access to key security metrics, which enables a sharing culture and continuous improvement. ... ACKNOWLEDGMENT The authors would like to thank Esperanza Rama for her support in the case study. ...

doi:10.1109/access.2019.2930000 fatcat:jvolxvkp4zdhjkuyhmjgbbek7i

DOAJ

This paper evolves via way of means of introducing right metrics for having a Reliable Monitoring systemin every degree of development, via way of means of recording each earlier than and after states ... To investigate and to reviewed through the four principles of DevSecOps: ethnicity, Automation, dimension and division .As a consequence, it was found that the available research focuses heavily on securing ... In [3] runtime security was achieved by monitoring security metrics, identifying vulnerabilities, and using adaptive self-defense mechanisms to protect the system (eg automatic patches and firewall actions ...

doi:10.30534/ijeter/2020/40892020 fatcat:lqnqln2yvzhnraetgryro45z7i

We also evaluated various datasets used for the models, IoT attack types, independent variables used for the models, evaluation metrics for assessment of models, and monitoring infrastructure using DevSecOps ... use of machine learning techniques for advanced supervision and monitoring. ... Security teams use the continuous and fast process from Ops to Dev to instantiate IoT's self-service cyber security management systems to enforce security in a DevOps environment. Ramón et al. ...

doi:10.3390/info12040154 fatcat:oevgg4yzwfa3ldz26v5j5wthqy

DOAJ Szczepanski

Current Continuous Integration processes face significant intrinsic cybersecurity challenges. ... The tool, called \SD for its Docker-based approach, is publicly available in GitHub. ... To enable such concepts or practices, and thus aid developers in materializing them, DevOps relies on using a range of tools [5, 15] ; from source code management to monitoring and logging, as well as ...

arXiv:2104.07899v1 fatcat:skwplgdn5zgddjqr4wi5ls6ouy

Open Access

well as best practices to counterattack the breaches to cybersecurity in organizations. ... In fact, Software and security company VMware Carbon Black declared during April, “that ransomware attacks it monitored jumped 148% in March from the previous month, as governments worldwide curbed ... Cyberattacks and Cybersecurity: IT Professionals Voice  92% of IT professionals give a vote of no trust to their organizations as for their preparation to offer public cloud services security. ...

doi:10.5539/cis.v14n2p10 fatcat:gehox2abkrgeldcfxtbiq7ml7q

Szczepanski

The EU project Pharaon aims to support older European adults by integrating digital services, tools, interoperable open platforms, and devices. ... The integration of mature solutions and existing systems is one of the preconditions for the successful realization of the different aims of the pilots. ... Acknowledgments: The authors would like to acknowledge the contribution of the COST Action CA16226-Indoor living space improvement: Smart Habitat for the Elderly. ...

doi:10.3390/electronics11091496 fatcat:qhgyjrw645dcrno6fikz75s3ee

DOAJ

Security Services in the IT Service Catalog" • "Upgrade IT Operations with DevSecOps and Disciplined Agile" Control Access with Minimal Drag on the Business Every business has rules and requirements ... • "Monitor Identity-Related Events and Context" • "Build Up Identity, Privilege, and Data Governance Services" • "Risk-Inform Access Management Functions" Institute Resilient Detection, Response, and ... If you need to, add additional rows for priorities such as "Secure our customer-facing services" to the table. ...

doi:10.1007/978-1-4842-5952-8_1 fatcat:o2f7aofzj5aarcutbdhp3t4lty

Open Access

Enable IAM in microservices and container environments to support DevSecOps initiatives for IaaS or private clouds. ... Businesses can also monitor decentralized identity, or so-called self-sovereign identity models. ... Action -Define 1-3 improvement objectives for the access control and data governance. Note improvement objectives in Section 4, Table 9 , of the worksheet. ...

doi:10.1007/978-1-4842-5952-8_8 fatcat:okyn2ptf65c4jlk4jpvukriydu

Open Access

AbstractCurrent Continuous Integration (CI) processes face significant intrinsic cybersecurity challenges. ... The tool, called SecDocker for its Docker-based approach, is publicly available in GitHub. ... To enable such concepts or practices, and thus aid developers in materializing them, DevOps relies on using a range of tools [5, 16] , from source code management to monitoring and logging, as well as ...

doi:10.1007/s42979-021-00939-4 fatcat:5r3i6abgvvh5jauvfhsco6luxi

Open Access

This document describes eleven recommendations for software verification techniques as well as providing supplemental information about the techniques and references for further information. ... Executive Order (EO) 14028, "Improving the Nation's Cybersecurity," 12 May 2021, directs the National Institute of Standards and Technology (NIST) to recommend minimum standards for software testing within ... Acknowledgments The authors particularly thank Fay Saydjari for catalyzing our discussion of scope, Virginia Laurenzano for infusing DevOps Research and Assessments (DORA) principles into ...

arXiv:2107.12850v1 fatcat:hb4csa5mprclld3livs57lilfa

Open Access Multiple Versions

This book is intended as an accessible starter for the theoretician and practitioner working in the field. ... We advocate quantitative methods of security management and design, covering vulnerability scoring systems tailored to robotic systems, and accounting for the highly distributed nature of robots as an ... We thank many of our friends and colleagues for their inputs and suggestions. ...

arXiv:2103.05789v4 fatcat:p3inkof6kbh3rds6jigvmq4doe

Open Access Multiple Versions

The approach has matured for the last three years by using it for training and a wide range of real industrial projects. ... Cybersecurity risk analyses are more than ever necessary, but... traveling and gathering in a room to discuss the topic has become difficult due to the COVID, whilst having a cybersecurity expert working ... Acknowledgments: We hereby acknowledge ANSSI and the College of Practitioners of Club EBIOS for their valuable comments on the method and material. ...

doi:10.3390/info12090349 doaj:dcb8f54cbc304eb3aff0b6c1c8c44618 fatcat:7njkgunbwjfghnywfnvc2c4heq

DOAJ Szczepanski

For many years, using cloud services was the go-to option for consumers and businesses, as the ease of access that the cloud offered was unrivaled. ... Those of us who have worked in cybersecurity for many years often start to think we have "seen it all." We have not. ...

doi:10.1109/miot.2022.9773094 fatcat:ds7mdlqhijfbrcff3q6vmj6oee

For the integration, testing and deployment process a Continuous Integration/Continuous Delivery (CI/CD) and DevSecOps approach is followed by COVID-X Sandbox. ... Sandbox follows the Service-Oriented Architecture approach, implemented as a combination of different components that collectively aim to enable seamless access to a set of healthcare data sources. ... CLEOS is an interactive knowledge base that performs all cognitive tasks within the clinical method except for physical examination, as depicted in Figure 8 . ...

doi:10.5281/zenodo.4775426 fatcat:5wfdrddjbfh4dfdwicjij73kwi

Open Access

The 5G PPP Initiative and the 5GIA are happy to present a new white paper entitled "Edge Computing for 5G Networks". ... In this context, to achieve ideal DevSecOps it is essential to first capture domain specific concepts, such as target platform features and non-functional software requirements in models to instruct self-adapting ... Worth highlighting is the fact that a "generic monitoring service" is mentioned as a specific example of a VNF Common Service. ...

doi:10.5281/zenodo.4555780 fatcat:sg62p5agq5c75hsbr2hyb4vkqe

Open Access

Self-service Cybersecurity Monitoring as Enabler for DevSecOps

Preserved Fulltext

Performance Analysis of Automation Monitoring System shifting from DevOps to DevSecOps

Preserved Fulltext

Monitoring Real Time Security Attacks for IoT Systems Using DevSecOps: A Systematic Literature Review

Preserved Fulltext

SecDocker: Hardening the Continuous Integration Workflow [article]

Preserved Fulltext

Cyber Security amid COVID-19

Preserved Fulltext

Integration and Deployment of Cloud-Based Assistance System in Pharaon Large Scale Pilots—Experiences and Lessons Learned

Preserved Fulltext

Executive Overview [chapter]

Preserved Fulltext

Control Access with Minimal Drag on the Business [chapter]

Preserved Fulltext

SecDocker: Hardening the Continuous Integration Workflow

Preserved Fulltext

Guidelines on Minimum Standards for Developer Verification of Software [article]

Preserved Fulltext

Other Versions

Cybersecurity in Robotics: Challenges, Quantitative Modeling, and Practice [article]

Preserved Fulltext

Other Versions

Obérisk: Cybersecurity Requirements Elicitation through Agile Remote or Face-to-Face Risk Management Brainstorming Sessions

Preserved Fulltext

Mentor's Musings on Security Standardization Challenges and Imperatives for Artificial Intelligence of Things

Preserved Fulltext

COVID-X D2.1 – Sandbox Design & Datalake Creation and Ingestion [article]

Preserved Fulltext

Edge computing for 5G networks - white paper

Preserved Fulltext