Xhesika Ramaj

Norwegian version of this page Faculty of Computer Science, Engineering and Economics

Norwegian version of this page Position

Doctoral Research Fellow

Contact

+4790528579

ramaj.xhesika@hiof.no

Study place

Halden

Office nr.

Academic interests

Xhesika Ramaj's research interest is related to software engineering and information security. Her PhD project aims to investigate the use of DevSecOps for risk management in critical infrastructures. Critical infrastructures are complex physical and cyber-based systems that form the lifeline of a modern society, and their reliable and secure operation is of paramount importance to national security and economic vitality.

Background

Xhesika holds a bachelor's degree in Business Informatics and a master's degree in Information Security from University of Tirana, Albania. She has been an exchange student at Riga Technical University (RTU), in Latvia and Koblenz University of Applied Sciences, in Germany. She is a doctoral research fellow at Østfold University College (HiØf) and affiliated as a PhD Candidate with Norwegian University of Science and Technology (NTNU).

Projects

A DevSecOps-enabled Framework for Risk Management of Critical Infrastructures
RECYCIN: Reinforcing Competence in Cybersecurity of Critical Infrastructures: A Norway – US Partnership

Research groups

Tags: DevSecOps, Security, Critical Infrastructures, Safety, Risk Management, Digital Society, DigiTech

Publications

Scientific articles and book chapters

Akbarzadeh, Aida; Chockalingam, Sabarathinam; Ramaj, Xhesika; Amro, Lama Mohammad Saed; Sanchez Gordon, Mary Luz & Gkioulos, Vasileios [Show all 10 contributors for this article] (2024). Workshop on Cybersecurity of Critical Infrastructures, Privacy and Identity Management. Sharing in a Digital World. Springer Nature. ISSN 978-3-031-57978-3. p. 325–339. doi: 10.1007/978-3-031-57978-3_21. Show summary
This paper reports the presentation and discussion during the Cybersecurity of Critical Infrastructures workshop organized as a part of the 18 th IFIP Summer School on Privacy and Identity Management. Furthermore, this paper also pointed to several promising future research directions. This workshop was primarily aimed at empowering PhD candidates, MSc students, and early-career researchers with insights into Critical Infrastructure (CI) security. The workshop provided participants with guidance on navigating the intricacies of safeguarding CIs, such as those in the energy and oil and gas sectors. It encompasses various aspects, from familiarizing participants with cybersecurity standards and frameworks to understanding tools and approaches that adversaries might leverage to target a system. Additionally, it also addresses how to mitigate socio-legal implications and security issues, particularly in relation to human factors. This initiative embraced a holistic approach to cybersecurity education, covering vital components like rigorous risk management, comprehensive cybersecurity training and awareness programs. This in turn would equip participants with some essential knowledge and skills to fortify critical operations against the ever-evolving cyber threat landscape.
Ramaj, Xhesika; Colomo-Palacios, Ricardo; Sanchez Gordon, Mary Luz & Gkioulos, Vasileios (2023). Towards a DevSecOps-Enabled Framework for Risk Management of Critical Infrastructures. In Yilmaz, Murat; Clarke, Paul; Riel, Andreas & Messnarz, Richard (Ed.), Systems, Software and Services Process Improvement: 30th European Conference, EuroSPI 2023, Grenoble, France, August 30 – September 1, 2023, Proceedings, Part I. Springer Publishing Company. ISSN 978-3-031-42306-2. p. 47–58. doi: 10.1007/978-3-031-42307-9_4.
Ramaj, Xhesika; Sanchez Gordon, Mary Luz; Gkioulos, Vasileios; Chockalingam, Sabarathinam & Colomo-Palacios, Ricardo (2022). Holding on to Compliance While Adopting DevSecOps: An SLR. Electronics. ISSN 2079-9292. 11(22), p. 1–19. doi: 10.3390/electronics11223707. Full text in Research Archive Show summary
The software industry has witnessed a growing interest in DevSecOps due to the premises of integrating security in the software development lifecycle. However, security compliance cannot be disregarded, given the importance of adherence to regulations, laws, industry standards, and frameworks. This study aims to provide an overview of compliance aspects in the context of DevSecOps and explore how compliance is ensured. Furthermore, this study reveals the trends of compliance according to the extant literature and identifies potential directions for further research in this context. Therefore, we carried out a systematic literature review on the integration of compliance aspects in DevSecOps, which rigorously followed the guidelines proposed by Kitchenham and Charters. We found 934 articles related to the topic by searching five bibliographic databases (163) and Google Scholar (771). Through a rigorous selection process, we selected 15 papers as primary studies. Then, we identified the compliance aspects of DevSecOps and grouped them into three main categories: compliance initiation, compliance management, and compliance technicalities. We observed a low number of studies; therefore, we encourage further efforts into the exploration of compliance aspects, their automated integration, and the development of metrics to evaluate such a process in the context of DevSecOps.
Ramaj, Xhesika; Sánchez-Gordón, Mary; Chockalingam, Sabarathinam & Colomo-Palacios, Ricardo (2022). Unveiling the Safety Aspects of DevSecOps: Evolution, Gaps and Trends. Recent Advances in Computer Science and Communications. ISSN 2666-2558. doi: 10.2174/2666255816666220804143918. Show summary
Background: The popularity of DevSecOps is on the rise because it promises to integrate a greater degree of security into software delivery pipelines. However, there is also an unacceptable risk related to safety that cannot be overlooked, given the importance of this aspect in many industries. Objective: The objective of this study is to provide an overview of the safety aspects reported in the literature on DevSecOps. This study also characterizes such aspects and identifies the gaps that may lead to future research work. Method: A systematic literature review was conducted using five well-known academic databases. The search was executed in September 2021 and March 2022 to identify relevant studies. Results: The search returned 114 academic studies. After the screening process, five primary studies published between 2019 and 2021 were selected. These studies were analyzed thoroughly to identify the safety aspects. Then, we categorized them into three main groups: (i) risk-related safety aspects, (ii) human-related aspects, and (iii) management aspects. Conclusion: Safety is an important characteristic that is becoming more critical as the number of critical systems grows. This review reveals that only a scarce number of studies are focusing on safety in DevSecOps. However, those studies gave us some insights into this topic. Therefore, our main observation is that this topic has not yet been completely explored in the academic literature. This review can encourage reflection and discussion between the safety and security communities.
Ramaj, Xhesika (2022). A DevSecOps-enabled Framework for Risk Management of Critical Infrastructures. In Dwyer, Matthew B (Eds.), 2022 IEEE/ACM 44th International Conference on Software Engineering: Companion Proceedings (ICSE-Companion). IEEE conference proceedings. ISSN 978-1-6654-9599-8. p. 242–244. doi: 10.1109/ICSE-Companion55297.2022.9793812.

View all works in Cristin

Published Sep. 21, 2021 12:32 PM - Last modified Dec. 14, 2022 12:06 PM