Author(s): Zaydi, M., Nassereddine, B.
Without appropriate consideration of security best practices, the continuous delivery of IT services facilitated by DevOps is risky. On the other hand, SecOps offers the possibility to reduce security risks if security is integrated into the continuous delivery pipeline according to best practices. The purpose of this paper is to investigate how DevSecOps culture can be applied in IT service management. We interviewed representatives of five Middle East and North Africa MENA organizations that are adopting SecOps in their ITSM daily activities. We note that the majority of respondents expressed the potential of common DevSecOps such as automated monitoring to improve ITSM. The ï¬ndings of this study implies that organizations need a framework for understanding the DevSecops culture before they can adopt these practices in their ITSM. Likewise, this study explores the main DevSecOps practices relevant to efficient ITSM.