1. CSN
  2. All Volumes and Issues
  3. Volume 7, Number 1, 2025
  4. Adaptation of Information Security in the Agile World

Adaptation of Information Security in the Agile World

CSN.
2025;
Volume 7, Number 1
: pp. 307 - 312
https://doi.org/10.23939/csn2025.01.307
Authors:
  1. Taras Chura
  2. Y. M. Kostiv
1
Lviv Polytechnic National University, Ukraine
2
Lviv Polytechnic National University, Department of Information Security Technologies

The article investigates the integration of information security into Agile software development processes, focusing on the adaptation of DevSecOps methods. The goal was to enhance the implementation of security practices by reducing vulnerability detection time, simplifying the integration of security into the development cycle, and improving team collaboration. The analysis revealed that automation of security testing reduces vulnerability detection time by 40%, while cross-functional teams improve collaboration by 30%. Additionally, DevSecOps implementation decreases the number of vulnerabilities by 35% and reduces financial losses from cyberattacks by 25%. The study also identified key challenges, such as cultural barriers between teams and the technical complexity of implementing security tools, as well as future prospects, including the use of artificial intelligence to enhance threat detection accuracy. The findings highlight the importance of a proactive security approach, automation of security checks using SAST and DAST tools, and the need for staff training to foster a ‘Security-first’ culture. The results can be applied to enhance security in rapidly changing environments and to further develop approaches for integrating DevSecOps into Agile.

agile development
automation
cybersecurity
DevSecOps
information security
team collaboration
staff training
  1. Beznosov K., Kruchten P. Towards a Framework for Secure Agile Software Development. IEEE Transactions on Software Engineering. 2022. 48(10). 3921–3935. Doi: https://doi.org/10.1109/TSE.2021.3109567.
  2. Maier P. et al. Towards a Secure SCRUM Process for Agile Web Application Development. In Proceedings of the 12th International Conference on Availability, Reliability and Security. 2017. Pp. 1–8. Doi: https://doi.org/10.1145/3098954.3103171.
  3. Siponen M. et al. Integrating Security into Agile Development Methods. Information Management & Computer Security. 2005. 13(5). 390–405. Doi: https://doi.org/10.1108/09685220510627268.
  4. Abiona O. O. et al. The Emergence and Importance of DevSecOps: Integrating and Reviewing Security Practices. WJAETS. 2024. 11(2), 0093. Doi: https://doi.org/10.30574/wjaets.2024.11.2.0093.
  5. Veeramachaneni V. A Systematic Review of DevSecOps: Bridging Security and Agile Development. NQ, 2023. 21(7), nq23114. Doi: https://doi.org/10.48047/nq.2023.21.7.nq23114.
  6. Salin H., Lundgren M. Towards Agile Cybersecurity Risk Management for Autonomous Teams. JCP. 2022. 2(2), 0015. Doi: https://doi.org/10.3390/jcp2020015.
  7. Rafi S. et al. Prioritization Based Taxonomy of DevOps Security Challenges Using PROMETHEE. IEEE Access. 2020. 8, 999887. Doi: https://doi.org/10.1109/ACCESS.2020.2999887.
  8. Rajapakse R. N. et al. An Empirical Analysis of Practitioners’ Perspectives on Security Tool Integration into DevOps. In Proceedings of the 15th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement. 2021. Pp. 1–11. Doi: https://doi.org/10.1145/3475716.3475776.
  9. Prates L., Pereira R. DevSecOps Practices and Tools: A Multivocal Literature Review. International Journal of Information Security. 2025. 24(1), 914. Doi: https://doi.org/10.1007/s10207-024-00914-z.
  10. Маруняк С. Т. Застосування сучасних підходів до забезпечення інформаційної безпеки в інфоко- мунікаційних мережах. Вісник Хмельницького національного університету. 2024(3.2), 08. Doi: https://doi.org/ 10.32782/2663-5941/2024.3.2/08.
  11. IEEE. The Practice and Application of a Novel DevSecOps Platform in Cloud Internet Integration. In Proceedings of the IEEE International Conference on Software Engineering. 2023 (pp. 00035). Doi: https://doi.org/10.1109/ICSE59065.2023.00035.
  12. IEEE. Action Research on the DevSecOps Pipeline. In Proceedings of the IEEE International Conference on Software Engineering. 2023 (pp. 00036). Doi: https://doi.org/10.1109/ICSE59065.2023.00036.
  13. Myrbakken H., Colomo-Palacios R. DevSecOps: A Multivocal Literature Review. In Software Process Improvement and Capability Determination. 2017. Pp. 17–29. Doi: https://doi.org/10.1007/978-3-319-67383-7_2.
  14. Moyon F. et al. Integration of Security Standards in DevOps Pipelines: An Industry Case Study. In Product-Focused Software Process Improvement. 2020. Pp. 434–452. Doi: https://doi.org/10.1007/978-3-030-64148- 1_27.
  15. Efendi M. et al. DevSecOps Approach in Software Development – Case Study. In Proceedings of the International Conference on Informatics, Multimedia, Cyber and Information System. 2021 (pp. 9699316). Doi: https://doi.org/10.1109/ICIMCIS53775.2021.9699316.
  16. Boehm B., Turner R. Using Risk to Balance Agile and Plan-Driven Methods. Computer. 2003. 36(6). 57– 66. Doi: https://doi.org/10.1109/MC.2003.1204376.
  17. Valdés-Rodríguez Y. et al. Towards the Integration of Security Practices in Agile Software Development: A Mapping Review. Applied Sciences. 2023. 13(7), 4578. Doi: https://doi.org/10.3390/app13074578.
  18. Mao R. et al. DevSecOps in Practice: A Multivocal Literature Review on Security Integration. Journal of Systems and Software. 2023. 205, 111823. Doi: https://doi.org/10.1016/j.jss.2023.111823.
  19. DevSecOps: A Comprehensive Review of Practices, Tools, and Challenges. Information and Software Technology. 2021. 138, 106700. Doi: https://doi.org/10.1016/j.infsof.2021.106700.
  20. Security in  Agile Development: A Practitioner’s Perspective.  In Sixth International Conference on Availability, Reliability and Security. 2011 (pp. 82–89). Doi: https://doi.org/10.1109/ARES.2011.82.