DevOps, DevSecOps, and Audit

CybersecurityIT Audit

Overview

Organizations are increasingly adopting Development Security Operations (DevSecOps) as an evolutionary extension of Agile principles.

DevSecOps emphasizes communication and collaboration between development, security, and IT operations, building on Agile and Lean thinking to provide technology faster, with greater stability, quality, scalability, and security. The “Dev” side incorporates developers, front-end designers, and quality assurance. The “Ops” area brings in system administrators and support teams responsible for the product after it’s moved to production. The “Sec” area covers all the cybersecurity professionals responsible for system control, compliance, and secure applications.

This course covers tools used to automate historically manual tasks like code quality checks, execution of test scripts, deployments, and the impact on traditional controls, such as Separation of Duties. It also covers the human-centric aspects of the process and the related risks that should be considered.

This course examines the DevSecOps methodology, how and where auditors can find their footing, best practices that need to be at the forefront of business leaders’ minds, and the key shifts in mindset that must occur for a seamless transition from manual transactions to automated process flows.

Why you should take this course.

For users with an introductory knowledge of this topic, and are searching for additional information and its application.

Here are the topics we'll cover.

  1. What is DevOps?

    • The 5 Ws and the H
    • Plan
    • Develop
    • Deliver
    • Operate

  2. Where do Audit and Risk Fit in?

    • Language and culture
    • Do risk and DevOps intersect?
    • Auditing DevOps

  3. The DevOps process

    • Flow
    • Feedback
    • Continual learning and experimentation

  4. What does a DevOps culture look like?

    • Collaboration, visibility and alignment
    • Shifts in scope and accountability
    • Shorter release cycles
    • Continual learning

  5. DevOps practices

    • Maturity models overview
    • Continual integration and continuous delivery (CI/CD)
    • Version control
    • Agile software development
    • Infrastructure as Code (IaC)
    • Configuration management
    • Continuous monitoring

  6. DevOps and the Cloud

    • Cloud agility
    • Kubernetes
    • Serverless computing

  7. What is DevSecOps?

    • The 5 Ws and the H
    • Do risk and DevSecOps intersect?
    • Auditing DevSecOps

  8. Best practices for DevSecops

    • Shift left
    • Security education
    • Communication, people, processes and technology
    • Traceability, auditability and visibility

  9. Where do we go from here?

    • IT audit and DevSecOps
    • Tools and Resource

Learning Style

Instructor Led

Level

Intermediate

Who this course is for

Internal Auditors seeking to adopt a DevSecOps culture and employ a DevSecOps methodology into current business practices.

NASBA Certified CPE

16 credits

Field of Study

Auditing

Length of course

16h

Prerequisites

Introduction to Information Security
or equivalent experience

Advanced Preparation

None
Start Learning Today
Stay ahead of the curve and future-proof your business with training programs designed for you.
Contact Sales

Here are the learning objectives we'll cover

  • Define DevOps and identify the four phases associated with it.
  • Illustrate where and how Audit & Risk fit into DevOps.
  • Explain the components of DevOps Culture.
  • Recognize the scope and impact of Cloud within DevOps.
  • Define DevSecOps and differentiate with DevOps.
  • Outline the DevSecOps practices.
  • Plan a path forward for IT, Audit, and DevSecOps.

Attendance policy for on-site and online instructor-led training

Students are expected to arrive on time for classes with the proper materials and attitude. An overall attendance rate of 100% is expected to fully absorb the materials and to complete labs. If you have an expected absence, please email support@acilearning.com or your instructor ahead of time. The number of CPEs awarded will be equivalent to the number of hours attended.

ACI Learning is registered with NASBA

ACI Learning is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: https://www.nasbaregistry.org/