Training and Security Awareness Under the Lens of Practitioners: A DevSecOps Perspective Towards Risk Management

Training and Security Awareness Under the Lens of Practitioners: A DevSecOps Perspective Towards Risk Management

연구 분야: Software Development

학회: International Conference on Human-Computer Interaction

Critical infrastructures (CI) extend across various sectors within the economy, relying on a combination of software and hardware technologies to manage the operations of the systems, services, and assets. Risk Management plays a pivotal role in enduring viability of organizations in the long run, identifying potential threats and vulnerabilities. The realm of DevSecOps in CI undergoes continuous evolution, demanding organizations to consistently adapt their strategies in addressing emerging risks. The goal of this exploratory study is to understand how training and security awareness influence the adoption of DevSecOps practices and, consequently, their role in enhancing processes related to risk management in the context of CI. The study examines the perspectives of DevOps professionals, developers, security experts, and other experts working in CI using a survey. The results reveal a gap in regular training and awareness sessions, which has triggered practitioners to follow a proactive approach of acquiring knowledge and skills independently. The findings also highlight fostering a positive security culture by exhibiting risk-averse behavior, consequently reducing the occurrence of incidents, and promoting adherence to policies. The study offers valuable insights into DevSecOps in risk management, potentially encouraging the adoption of DevSecOps and guiding practitioners interested in harnessing its inherent benefits within the context of CI. Furthermore, our findings pave the way for future research endeavors on assessing the impact of training and awareness programs to shape and improve the security culture within CIs.