Enterprise IT Governance and DevSecOps: Insights From a Grounded Theory Literature Review

 

Join us on Nov 20th and 21st at Infosecurity ISACA North America Expo and Conference in New York.  As an independent, non profit, global association ISACA engages in the development, adoption, and use of globally accepted, industry-leading knowledge and practices for information systems. Today ISACA serves 140,000 professionals in 180 countries.

 

When: Thursday, Nov 21st, 2019 from 3:40 PM to 4:30 PM ET

Where: Infosecurity ISACA North America Expo and Conference, New York; Javits Convention Center 65 W 34th St, New York, NY  

What: Enterprise IT Governance and DevSecOps: Insights From a Grounded Theory Literature Review.

DevOps is dramatically transforming the way in which value is created with Information Technology (IT). The traditional information systems value stream that begins with documenting requirements and ends with a system in operation has been significantly transformed. The new approach driving continuous integration, deployment and security in short release cycles – DevSecOps – is challenging established enterprise IT governance practices designed to work in predictive, waterfall-like approaches. This multivocal grounded literature review explores how extant publications articulate DevSecOps practices in the context of an enterprise IT governance system. We find that the body of knowledge in DevSecOps is highly fragmented, with a paucity of structured, holistic frameworks enabling successful DevSecOps adoption under enterprise IT governance practices. While some dynamics are thoroughly explored, there are fundamental IT processes – such as managing knowledge and managing continuity – being neglected by authors.

This study formulates potential research streams that may help bridge the gap, with the ultimate objective of enabling successful DevSecOps adoption within a IT governance system.

 

Who: Edo Lopez,  McMaster University

Eduardo Lopez joined the PhD program in September 2017. His area of research is Information Systems: Big Data. After completing his MBA degree at McGill University in Montréal (with double concentration in Finance and Management Information Systems), Eduardo held positions of increasing responsibility in the area of Information Technology for multiple global corporations including the Johnson & Johnson group of companies, Biovail Pharmaceuticals (now Valeant Pharmaceuticals International) and Danby Appliances inc. His last post was as Vice President of Management Information Systems for Renin Corporation, a multinational organization in the internal décor industry (in Brampton, Ontario). Understanding the pivotal role that Information Technology — and more specifically Data Science — will play in every industry, Eduardo is now leveraging his passion for research in pursuing further graduate studies in Information Systems at the DeGroote School of Business (McMaster University). Eduardo has been a Project Management Professional (PMP) since 2005, and held certifications in Enterprise Architecture (TOGAF), Supply Chain Management (APICS) and Six Sigma (Johnson & Johnson).

 

Who: Altaz Valani, Director of Research, Security Compass

Altaz Valani, Director of Research at Security Compass, manages the overall research vision and team. He is a regular conference speaker who conducts ongoing research in the Software Security domain. Prior to joining Security Compass, he was a Senior Research Director and Executive Advisor at Info-Tech Research Group, Senior Manager at KPMG, as well as various positions working alongside senior stakeholders to drive business value through software development. Altaz is on the SAFECode Technical Leadership Council, CIO Strategy Council, The Open Group, and also sits on several IEEE Working Groups where Cyber Security and Privacy challenges are being tabled at the international standards level.

 

Previous Article
How to Level Up
How to Level Up

Nov 17 | Toronto

Next Article
Senate Bill 327: Using Frameworks and Tools to Build Security into IoT Devices
Senate Bill 327: Using Frameworks and Tools to Build Security into IoT Devices

November 22, 2019 | 1PM - 2PM EST