Security and Hardening in Continuous Delivery

Continuous Delivery (CD) as well as the term DevOps have become increasingly more prevalent in recent years and play an important role in today’s modern agile development methods. Unfortunately, security is often disregarded in an agile development process. Additionally, traditional security methods are not suited for the continuous releases. Thus, a problem we analyse in this thesis is the integration of security into CD by assessing the implementability of the security standard DIN ISO/IEC 27001 with CD. At that, we create a list of functional requirements delivery systems have to fulfil in order to comply to the ISO 27001. Additionally, we create models which serve as a guidance for the actual implementation, respectively realization. In the end, we use those requirements to perform an analysis of our industry partner’s CD regarding the state of realization and to gather further insights into the ISO 27001.