About the ASCD Project
Context of the ASCD Project
To stay competitive in the global market, software companies have adopted software engineering practices such as DevOps and Microservices, which enable them to deliver and maintain an ever-growing set of functionalities in their products.
A side-effect of this phenomenon is an increased complexity of software architecture and team coordination, which heavily impacts on cybersecurity, i.e., the guarantees that a company can provide about the security and privacy of their applications - e.g., that the software is not vulnerable to a certain spectrum of cyberattacks and/or it properly addresses the privacy concerns of the end-users (e.g., GDPR).
Aim of the Project
There is no report on the current status of awareness and the use of secure and privacy-preserving methods among Danish companies and present the data in a statistically significant manner.
The ASCD project aims to study and report on the existing cybersecurity and privacy protection practices used in large Danish companies and SMEs.
The results obtained by the investigations and reports of the ASCD will be useful to support informed decisions on what, where, and how to invest to improve and secure the critical and not critical applications in the Danish context, including how to address privacy issues that are becoming especially relevant in light of the introduction of the GDPR.
Activities planned within the project include:
- a systematic survey aimed at finding out the extent of employment of cybersecurity practices by software development companies, as well as awareness about security and privacy risks, user concerns, and measures to protect against them among the developers. This systematic survey should involve both university, industry, and relevant public partners of different sizes;
a follow-up qualitative study, involving interviews at selected companies. The study will focus on investigating the mental models of security and privacy among the developers, as well as identifying challenges they face in adhering to best practices of security and privacy protection and in ensuring trust among their customers;
- the redaction of a report collecting all the findings from the previous activities, with the aims of:
- providing an overview of cybersecurity and data protection practices employed within Danish companies;
- describe the extent of security and privacy awareness among developers in the companies;
- describe the challenges companies face in implementing proper measures for security and privacy protection and possible remedies
- outline directions for future research and funding opportunities at the national and international level (e.g., Horizon Europe program) to boost up the security of Danish companies.
The IT University of Copenhagen and the University of Southern Denmark are the host institution of the ASCD project. The universities are front-runners in developing and promoting best security practices for digital services. The scientific responsible scientists for the ASCD project are:
|Oksana Kulyk||IT University of Copenhagen, Assistant Professor||Co-Principal Investigator||Human Factors in Security and Privacy|
|Jacopo Mauro||University of Southern Denmark, Associate Professor||Co-Principal Investigator||Software Engineering and DevSecOps|
The other team members are:
|Asmita Dalela||IT University of Copenhagen, Research Assistant||Researcher||Techno-Anthropologist|
|Saverio Giallorenzo||Università di Bologna, Assistant Professor
Formerly, University of Southern Denmark, Postdoctoral Researcher
|Co-principal Investigator||Microservice Security|
|Bjørn Høj Jakobsen||University of Southern Denmark, Compliance Consultant||Security Consultant||Security Standards|
|Elda Paja||IT University of Copenhagen, Assistant Professor||Researcher||Software Engineering|