---
_id: '65583'
abstract:
- lang: eng
  text: 'As digital products become increasingly embedded in organisational operations,
    cyber resilience – the ability to anticipate, withstand, recover from and adapt
    to cyber disruptions – has become essential. This paper investigates how professionals
    in German organisations interpret cyber resilience within the software development
    lifecycle and how socio-technical factors influence its implementation. Drawing
    on the MITRE Cyber Resiliency Engineering Framework for data collection and coding
    on Socio-Technical Systems as an interpretive lens, the study adopts a qualitative
    approach based on semi-structured interviews with 14 professionals across five
    organisations. The findings reveal a pronounced socio-technical imbalance: while
    technical measures centred on anticipate and withstand are comparatively established,
    the corresponding social factors – shared understanding, dedicated responsibility
    structures, and systematic learning – remain underdeveloped. These conditions
    are compounded by resource constraints and the absence of strategic prioritisation.
    Six exploratory hypotheses capture these patterns and offer empirically grounded
    starting points for future research on product-level cyber resilience.'
author:
- first_name: Samira
  full_name: Taaibi, Samira
  id: '55800'
  last_name: Taaibi
- first_name: Emanuel
  full_name: Kahraman, Emanuel
  last_name: Kahraman
- first_name: Kevin
  full_name: Berg, Kevin
  last_name: Berg
- first_name: Stefan
  full_name: Dziwok, Stefan
  id: '3901'
  last_name: Dziwok
  orcid: http://orcid.org/0000-0002-8679-6673
citation:
  ama: 'Taaibi S, Kahraman E, Berg K, Dziwok S. Beyond Security: A Qualitative Study
    of Cyber Resilience Across the Software Development Lifecycle in German Organisations.
    In: <i>ECIS 2026 Proceedings</i>.'
  apa: 'Taaibi, S., Kahraman, E., Berg, K., &#38; Dziwok, S. (n.d.). Beyond Security:
    A Qualitative Study of Cyber Resilience Across the Software Development Lifecycle
    in German Organisations. <i>ECIS 2026 Proceedings</i>. 34 European Conference
    on Information Systems, Milan, Italy.'
  bibtex: '@inproceedings{Taaibi_Kahraman_Berg_Dziwok, title={Beyond Security: A Qualitative
    Study of Cyber Resilience Across the Software Development Lifecycle in German
    Organisations}, booktitle={ECIS 2026 Proceedings}, author={Taaibi, Samira and
    Kahraman, Emanuel and Berg, Kevin and Dziwok, Stefan} }'
  chicago: 'Taaibi, Samira, Emanuel Kahraman, Kevin Berg, and Stefan Dziwok. “Beyond
    Security: A Qualitative Study of Cyber Resilience Across the Software Development
    Lifecycle in German Organisations.” In <i>ECIS 2026 Proceedings</i>, n.d.'
  ieee: 'S. Taaibi, E. Kahraman, K. Berg, and S. Dziwok, “Beyond Security: A Qualitative
    Study of Cyber Resilience Across the Software Development Lifecycle in German
    Organisations,” presented at the 34 European Conference on Information Systems,
    Milan, Italy.'
  mla: 'Taaibi, Samira, et al. “Beyond Security: A Qualitative Study of Cyber Resilience
    Across the Software Development Lifecycle in German Organisations.” <i>ECIS 2026
    Proceedings</i>.'
  short: 'S. Taaibi, E. Kahraman, K. Berg, S. Dziwok, in: ECIS 2026 Proceedings, n.d.'
conference:
  end_date: 2026-06-17
  location: Milan, Italy
  name: 34 European Conference on Information Systems
  start_date: 2026-06-15
date_created: 2026-05-08T03:32:48Z
date_updated: 2026-06-18T09:58:01Z
ddc:
- '000'
file:
- access_level: closed
  content_type: application/pdf
  creator: staaibi
  date_created: 2026-06-18T09:56:19Z
  date_updated: 2026-06-18T09:56:19Z
  file_id: '65931'
  file_name: Cyber Resilience in the SDLC.pdf
  file_size: 512850
  relation: main_file
  success: 1
file_date_updated: 2026-06-18T09:56:19Z
has_accepted_license: '1'
keyword:
- Cyber Resilience
- Software Development Lifecycle
- Qualitative Study
- Cyber Resiliency Engineering Framework
language:
- iso: eng
publication: ECIS 2026 Proceedings
publication_status: accepted
status: public
title: 'Beyond Security: A Qualitative Study of Cyber Resilience Across the Software
  Development Lifecycle in German Organisations'
type: conference
user_id: '55800'
year: '2026'
...
---
_id: '53811'
abstract:
- lang: eng
  text: Persistent security challenges plague DevOps teams due to a deficiency in
    expertise regarding security tools and methods, as evidenced by frequent security
    incidents. Existing maturity models fail to adequately address the specific needs
    of DevOps teams. In response, this paper proposes "Security Belts," a novel maturity
    model inspired by martial arts ranking systems. This model aims to assist DevOps
    teams in enhancing their security capabilities by providing a structured approach,
    starting with fundamental activities and progressing to more advanced techniques.
    Drawing from the experiences of monitoring 21 teams, the paper presents lessons
    learned and offers actionable advice for refining maturity models tailored to
    software quality improvement.
author:
- first_name: Samira
  full_name: Taaibi, Samira
  id: '55800'
  last_name: Taaibi
- first_name: Stefan
  full_name: Dziwok, Stefan
  id: '3901'
  last_name: Dziwok
  orcid: http://orcid.org/0000-0002-8679-6673
- first_name: Lars
  full_name: Hermerschmidt, Lars
  last_name: Hermerschmidt
- first_name: Thorsten
  full_name: Koch, Thorsten
  id: '13616'
  last_name: Koch
- first_name: Sven
  full_name: Merschjohann, Sven
  id: '11394'
  last_name: Merschjohann
- first_name: Mark
  full_name: Vollmary, Mark
  last_name: Vollmary
citation:
  ama: 'Taaibi S, Dziwok S, Hermerschmidt L, Koch T, Merschjohann S, Vollmary M. Security
    Belts: A Maturity Model for DevOps Teams to Increase the Software Security of
    their Product - An Experience Report. In: <i>AMCIS 2024 Proceedings. 13.</i>'
  apa: 'Taaibi, S., Dziwok, S., Hermerschmidt, L., Koch, T., Merschjohann, S., &#38;
    Vollmary, M. (n.d.). Security Belts: A Maturity Model for DevOps Teams to Increase
    the Software Security of their Product - An Experience Report. <i>AMCIS 2024 Proceedings.
    13.</i>  30th Americas Conference on Information Systems, Salt Lake City.'
  bibtex: '@inproceedings{Taaibi_Dziwok_Hermerschmidt_Koch_Merschjohann_Vollmary,
    title={Security Belts: A Maturity Model for DevOps Teams to Increase the Software
    Security of their Product - An Experience Report}, booktitle={AMCIS 2024 Proceedings.
    13.}, author={Taaibi, Samira and Dziwok, Stefan and Hermerschmidt, Lars and Koch,
    Thorsten and Merschjohann, Sven and Vollmary, Mark} }'
  chicago: 'Taaibi, Samira, Stefan Dziwok, Lars Hermerschmidt, Thorsten Koch, Sven
    Merschjohann, and Mark Vollmary. “Security Belts: A Maturity Model for DevOps
    Teams to Increase the Software Security of Their Product - An Experience Report.”
    In <i>AMCIS 2024 Proceedings. 13.</i>, n.d.'
  ieee: 'S. Taaibi, S. Dziwok, L. Hermerschmidt, T. Koch, S. Merschjohann, and M.
    Vollmary, “Security Belts: A Maturity Model for DevOps Teams to Increase the Software
    Security of their Product - An Experience Report,” presented at the  30th Americas
    Conference on Information Systems, Salt Lake City.'
  mla: 'Taaibi, Samira, et al. “Security Belts: A Maturity Model for DevOps Teams
    to Increase the Software Security of Their Product - An Experience Report.” <i>AMCIS
    2024 Proceedings. 13.</i>'
  short: 'S. Taaibi, S. Dziwok, L. Hermerschmidt, T. Koch, S. Merschjohann, M. Vollmary,
    in: AMCIS 2024 Proceedings. 13., n.d.'
conference:
  end_date: 2024-08-17
  location: Salt Lake City
  name: ' 30th Americas Conference on Information Systems'
  start_date: 2024-08-15
date_created: 2024-05-02T08:57:52Z
date_updated: 2026-05-08T03:26:03Z
ddc:
- '000'
department:
- _id: '662'
file:
- access_level: closed
  content_type: application/pdf
  creator: staaibi
  date_created: 2024-05-02T08:54:21Z
  date_updated: 2024-05-02T08:54:21Z
  file_id: '53812'
  file_name: AMCIS2024_final_submission_maturity model security belt paper.pdf
  file_size: 540990
  relation: main_file
  success: 1
file_date_updated: 2024-05-02T08:54:21Z
has_accepted_license: '1'
keyword:
- Software security
- maturity model
language:
- iso: eng
publication: AMCIS 2024 Proceedings. 13.
publication_status: accepted
status: public
title: 'Security Belts: A Maturity Model for DevOps Teams to Increase the Software
  Security of their Product - An Experience Report'
type: conference
user_id: '55800'
year: '2024'
...
