Skip to main content
OpenConf small logo

Providing all your submission and review needs
Abstract and paper submission, peer-review, discussion, shepherding, program, proceedings, and much more

Worldwide & Multilingual
OpenConf has powered thousands of events and journals in over 100 countries and more than a dozen languages.

Visit OpenConf.com


ZIP
0.9MB

Operationalizing Ai Risk Management In Devsecops: A Governance-Oriented Architecture For Public Sector Systems

The growing adoption of DevSecOps practices in medium and large organizations has improved the integration of security into software development pipelines. However, most existing solutions focus on isolated security checks at specific stages of the software development life cycle (SDLC), lacking a holistic, intelligence-driven governance perspective. This paper proposes an AI-driven DevSecOps governance architecture that embeds automated security intelligence throughout the SDLC. The architecture integrates secure identity management, data governance pipelines, immutable audit logging, and anomaly detection mechanisms, aligning with the NIST AI Risk Management Framework's functions (Govern, Map, Measure, Manage). Beyond static compliance verification, the system converts operational signals, such as audit logs and access patterns, into actionable risk insights through rule-based and machine learning based detection mechanisms. A visual intelligence layer, implemented through interactive dashboards, enables continuous monitoring and feedback to development, security, and governance teams. This layer operationalizes AI risk management maturity concepts by transitioning from reactive controls to predictive and risk-informed decision support, in line with emerging AI governance maturity models. The proposed solution follows an open-source core design principle for essential security orchestration components, complemented by a sustainable service-oriented business model for advanced analytics and compliance customization. The architecture is demonstrated through a case study of a public sector electoral governance system, where automated monitoring of budget execution and compliance indicators supports proactive risk detection. Results indicate that integrating AI-driven intelligence into DevSecOps pipelines enhances visibility, reduces detection latency for anomalous patterns, and strengthens alignment between technical security controls and organizational governance objectives.

Fabio Lucio Lopes de Mendonca
University of Brasília (UnB)
Brazil

Edna Dias Canedo
University of Brasília (UnB)
Brazil

Guilherme Fay Vergara
University of Brasília (UnB)
Brazil

Marilia Cristina Sassim Jesus
University of Brasília (UnB)
Brazil

Wesley Nogueira Amaral
Regional Electoral Court - TRE
Brazil

Daniel Alves da Silva
University of Brasília (UnB)
Brazil