DevOps, DevSecOps, and Audit
Overview
Organizations are increasingly adopting Development Security Operations (DevSecOps) as an evolutionary extension of Agile principles.
DevSecOps emphasizes communication and collaboration between development, security, and IT operations, building on Agile and Lean thinking to provide technology faster, with greater stability, quality, scalability, and security. The “Dev” side incorporates developers, front-end designers, and quality assurance. The “Ops” area brings in system administrators and support teams responsible for the product after it’s moved to production. The “Sec” area covers all the cybersecurity professionals responsible for system control, compliance, and secure applications.
This course covers tools used to automate historically manual tasks like code quality checks, execution of test scripts, deployments, and the impact on traditional controls, such as Separation of Duties. It also covers the human-centric aspects of the process and the related risks that should be considered.
This course examines the DevSecOps methodology, how and where auditors can find their footing, best practices that need to be at the forefront of business leaders’ minds, and the key shifts in mindset that must occur for a seamless transition from manual transactions to automated process flows.
Why you should take this course.
For users with an introductory knowledge of this topic, and are searching for additional information and its application.
Here are the learning objectives we'll cover.
- Define DevOps and identify the four phases associated with it.
- Illustrate where and how Audit & Risk fit into DevOps.
- Explain the components of DevOps Culture.
- Recognize the scope and impact of Cloud within DevOps.
- Define DevSecOps and differentiate with DevOps.
- Outline the DevSecOps practices.
- Plan a path forward for IT, Audit, and DevSecOps.
Here are the topics we'll cover.
-
What is DevOps?
- The 5 Ws and the H
- Plan
- Develop
- Deliver
- Operate
-
Where do Audit and Risk Fit in?
- Language and culture
- Do risk and DevOps intersect?
- Auditing DevOps
-
The DevOps process
- Flow
- Feedback
- Continual learning and experimentation
-
What does a DevOps culture look like?
- Collaboration, visibility and alignment
- Shifts in scope and accountability
- Shorter release cycles
- Continual learning
-
DevOps practices
- Maturity models overview
- Continual integration and continuous delivery (CI/CD)
- Version control
- Agile software development
- Infrastructure as Code (IaC)
- Configuration management
- Continuous monitoring
-
DevOps and the Cloud
- Cloud agility
- Kubernetes
- Serverless computing
-
What is DevSecOps?
- The 5 Ws and the H
- Do risk and DevSecOps intersect?
- Auditing DevSecOps
-
Best practices for DevSecops
- Shift left
- Security education
- Communication, people, processes and technology
- Traceability, auditability and visibility
-
Where do we go from here?
- IT audit and DevSecOps
- Tools and Resource
Learning Style
Level
Includes
Assessment