Journal of
Systemics, Cybernetics and Informatics
HOME   |   CURRENT ISSUE   |   PAST ISSUES   |   RELATED PUBLICATIONS   |   SEARCH     CONTACT US
 



ISSN: 1690-4524 (Online)

Peer Reviewed Journal via three different mandatory reviewing processes, since 2006, and, from September 2020, a fourth mandatory peer-editing has been added.

Indexed by
DOAJ (Directory of Open Access Journals)Benefits of supplying DOAJ with metadata:
  • DOAJ's statistics show more than 900 000 page views and 300 000 unique visitors a month to DOAJ from all over the world.
  • Many aggregators, databases, libraries, publishers and search portals collect our free metadata and include it in their products. Examples are Scopus, Serial Solutions and EBSCO.
  • DOAJ is OAI compliant and once an article is in DOAJ, it is automatically harvestable.
  • DOAJ is OpenURL compliant and once an article is in DOAJ, it is automatically linkable.
  • Over 95% of the DOAJ Publisher community said that DOAJ is important for increasing their journal's visibility.
  • DOAJ is often cited as a source of quality, open access journals in research and scholarly publishing circles.
JSCI Supplies DOAJ with Meta Data
, Academic Journals Database, and Google Scholar

Listed in
Cabell Directory of Publishing Opportunities and in Ulrich’s Periodical Directory

Published by
The International Institute of Informatics and Cybernetics

Re-Published in
Academia.edu
(A Community of about 40.000.000 Academics)

Honorary Editorial Advisory Board's Chair
William Lesso (1931-2015)

Editor-in-Chief
Nagib C. Callaos

Sponsored by
The International Institute of
Informatics and Systemics
www.iiis.org
 

Editorial Advisory Board

Quality Assurance

Editors
Journal's Reviewers
Call for Special Articles
 

Description and Aims

Submission of Articles
Areas and Subareas

Information to Contributors

Editorial Peer Review Methodology

Integrating Reviewing Processes


Current Issue:
(Volume 23 - Number 7 - Year 2025)


Analogical and Logical Thinking – In the Context of Inter- or Trans-Disciplinary Communication and Real-Life Problems
Nagib Callaos, Jeremy Horne
(pages: 1-17)

Artificial Intelligence for Drone Swarms
Mohammad Ilyas
(pages: 18-22)

Brains, Minds, and Science: Digging Deeper
Maurício Vieira Kritz
(pages: 23-28)

Can AI Truly Understand Us? (The Challenge of Imitating Human Identity)
Jeremy Horne
(pages: 29-38)

Comparison of Three Methods to Generate Synthetic Datasets for Social Science
Li-jing Arthur Chang
(pages: 39-44)

Digital and Transformational Maturity: Key Factors for Effective Leadership in the Industry 4.0 Era
Pawel Poszytek
(pages: 45-48)

Does AI Represent Authentic Intelligence, or an Artificial Identity?
Jeremy Horne
(pages: 49-68)

Embracing Transdisciplinary Communication: Redefining Digital Education Through Multimodality, Postdigital Humanism and Generative AI
Rusudan Makhachashvili, Ivan Semenist
(pages: 69-76)

Engaged Immersive Learning: An Environment-Driven Framework for Higher Education Integrating Multi-Stakeholder Collaboration, Generative AI, and Practice-Based Assessment
Atsushi Yoshikawa
(pages: 77-94)

Focus On STEM at the Expense of Humanities: A Wrong Turn in Educational Systems
Kleanthis Kyriakidis
(pages: 95-101)

From Disciplinary Silos to Cyber-Transdisciplinary Networks: A Plural Epistemic Model for AGI-Era Knowledge Production
Cristo Leon, James Lipuma
(pages: 102-115)

Generative AI (Artificial Intelligence): What Is It? & What Are Its Inter- And Transdisciplinary Applications?
Richard S. Segall
(pages: 116-125)

How Does the CREL Framework Facilitate Effective Interdisciplinary Collaboration and Experiential Learning Through Role-Playing?
James Lipuma, Cristo Leon
(pages: 126-145)

Narwhals, Unicorns, and Big Tech's Messiah Complex: A Transdisciplinary Allegory for the Age of AI
Jasmin Cowin
(pages: 146-151)

Playing by Feel: Gender, Emotion, and Social Norms in Overwatch Role Choice
Cristo Leon, Angela Arroyo, James Lipuma
(pages: 152-163)

Responsible Integration of AI in Public Legal Education: Regulatory Challenges and Opportunities in Albania
Adrian Leka, Brunilda Haxhiu
(pages: 164-170)

The Civic Mission of Universities: Transdisciplinary Communication in Practice
Genejane Adarlo
(pages: 171-175)

The Promise and Peril of Artificial Intelligence in Higher Education
James Lipuma, Cristo Leon
(pages: 176-182)

They Learned the Course! Why Then Do They Come to Tutorials?
Russell Jay Hendel
(pages: 183-187)

To Use or Not to Use Artificial Intelligence (AI) to Solve Terminology Issues?
Ekaterini Nikolarea
(pages: 188-195)

Transdisciplinary Supersymmetry: Generative AI in the Vector Space of Postdigital Humanism
Rusudan Makhachashvili, Ivan Semenist
(pages: 196-204)

Why Is Trans-Disciplinarity So Difficult?
Ekaterini Nikolarea
(pages: 205-207)
 

Abstracts
 


ABSTRACT


DevSecOps Pipeline for Complex Software-Intensive Systems: Addressing Cybersecurity Challenges

Carol Woody, Timothy A. Chick, Aaron Reffett, Scott Pavetti, Richard Laughlin, Brent Frye, Michael Bandor


A major challenge for cybersecurity comes from new technology approaches that focus primarily on the benefits of implementation rather than on defining the governance and risk management changes necessary to establish and enforce appropriate protections. This challenge is especially important for the adoption of technology that impacts critical infrastructure and shared services, such as voting and defense. Researchers examined the challenges and the effective cybersecurity options facing Department of Defense (DoD) programs delivering cyber-physical systems and adopting DevSecOps. These researchers found a lack of broad understanding about the level of management and governance responsibility needed to define and use the DevSecOps pipeline. Adopting DevSecOps is a socio-technical decision that links technology with operational process and practice. Researchers identified several areas that require cross-functional and organizational management attention to fit the pipeline for mission use and considerations to address for producing the system. This paper describes the case study and lessons learned to date.

When a program adopts DevSecOps, it creates and supports two major systems concurrently: (1) the product the program was assigned to produce, and (2) the pipeline the program uses to develop and operationalize the product. Both systems need effective built-in security. In addition, neither the product nor the pipeline can remain static, so the cybersecurity of each must change to ensure sufficiency. The product expands with added functionality, which includes added vulnerabilities that tools and developers must address. The pipeline should be continually refined and improved as new tools and techniques better enable the consistent throughput of new features and capabilities. The focus on functionality and throughput is not sufficient for either system because the threat landscape changes constantly with new attacker capabilities. As a result, the need for improved tools to avoid and remove vulnerabilities from the product become critical. These tools must also be patched since they are software and contain vulnerabilities. As more data about the product is collected through the pipeline, it is critical to tap this information to improve the product and pipeline. However, the pipeline is not a single entity. It is a collection of highly configurable pieces built independently and assembled to perform together.

The increased use of the DevSecOps pipeline to automate software assurance, cybersecurity, and safety compliance transfers the responsibilities for identifying and addressing pipeline and product risks to roles that were not involved in the past. For example, acquirers and maintainers of pipeline tools may now be responsible for the level of verification performed on the product and its associated effectiveness. If the criteria for tool selection remains focused only on cost, availability, and compliance, the expectations for this new responsibility could fall short of stakeholder expectations, especially if structuring the pipeline does not include stakeholder requirements. There is a lack of broad understanding about the level of management and governance responsibility needed to define and assure the responsible use of a DevSecOps pipeline. Our work is focused on bringing these under-addressed areas to light.

Full Text