Tools
Tools
Metin, Bilgin, Wynn, Martin G 
ORCID: https://orcid.org/0000-0001-7619-6079, Keserel, Ali Can, Demir, Timur and Güngör, Barışcan
(2025)
ADOPTING DEVSECOPS: A FRAMEWORK FOR IT GOVERNANCE
AND CULTURE CHANGE BASED ON A PLAN-DO-CHECK-ACT
(PDCA) APPROACH.
International Conference on Information Resources Management (CONF-IRM) (3).
pp. 1-13.
![[thumbnail of 15307 Metin, B. et al. (2025) ADOPTING DEVSECOPS - A FRAMEWORK FOR IT GOVERNANCE AND CULTURE CHANGE BASED ON A PLAN-DO-CHECK-ACT (PDCA) APPROACH.pdf]](https://eprints.glos.ac.uk/style/images/fileicons/text.png "15307 Metin, B. et al. (2025) ADOPTING DEVSECOPS - A FRAMEWORK FOR IT GOVERNANCE AND CULTURE CHANGE BASED ON A PLAN-DO-CHECK-ACT (PDCA) APPROACH.pdf") |
Text
15307 Metin, B. et al. (2025) ADOPTING DEVSECOPS - A FRAMEWORK FOR IT GOVERNANCE AND CULTURE CHANGE BASED ON A PLAN-DO-CHECK-ACT (PDCA) APPROACH.pdf - Published Version Restricted to Repository staff only Available under License All Rights Reserved. Download (442kB) |
Abstract
As digital transformation accelerates, organizations increasingly turn to agile software development and deployment practices like DevOps. However, incorporating security into these processes through DevSecOps presents significant challenges, particularly in cultural adaptation and alignment with IT governance. This study explores the challenges of adopting DevSecOps from two crucial perspectives: organizational culture and IT governance. Through a thorough literature review and the development of a conceptual framework, we identify human-related barriers such as resistance to change, lack of awareness, and communication gaps, along with governance-related constraints such as inadequate policies, misalignment of risks, and compliance issues. To tackle these challenges, we propose a Plan-Do-Check-Act (PDCA) implementation model that provides a practical approach for transforming organizational culture and improving IT governance. This approach aims to bridge the gap between development, security, and operations while aligning with strategic business objectives. Future research in this field could include empirically validating the model through case studies.
| Item Type: | Article |
|---|---|
| Article Type: | Article |
| Uncontrolled Keywords: | DevOps; DevSecOps; Cybersecurity |
| Related URLs: | |
| Subjects: | T Technology > T Technology (General) |
| Divisions: | Schools and Research Institutes > School of Business, Computing and Social Sciences |
| Depositing User: | Martin Wynn |
| Date Deposited: | 16 Sep 2025 09:29 |
| Last Modified: | 16 Sep 2025 10:30 |
| URI: | https://eprints.glos.ac.uk/id/eprint/15307 |
University Staff: Request a correction | Repository Editors: Update this record
