DevOps, DevSecOps, and Audit

CybersecurityIT AuditInternal Audit

Overview

Organizations are increasingly adopting Development Security Operations (DevSecOps) as an evolutionary extension of Agile principles.

DevSecOps emphasizes communication and collaboration between development, security, and IT operations, building on Agile and Lean thinking to provide technology faster, with greater stability, quality, scalability, and security. The “Dev” side incorporates developers, front-end designers, and quality assurance. The “Ops” area brings in system administrators and support teams responsible for the product after it’s moved to production. The “Sec” area covers all the cybersecurity professionals responsible for system control, compliance, and secure applications.

This course covers tools used to automate historically manual tasks like code quality checks, execution of test scripts, deployments, and the impact on traditional controls, such as Separation of Duties. It also covers the human-centric aspects of the process and the related risks that should be considered.

This course examines the DevSecOps methodology, how and where auditors can find their footing, best practices that need to be at the forefront of business leaders’ minds, and the key shifts in mindset that must occur for a seamless transition from manual transactions to automated process flows.

Why you should take this course.

For users with an introductory knowledge of this topic, and are searching for additional information and its application.

Here are the learning objectives we'll cover.

Define DevOps and identify the four phases associated with it.
Illustrate where and how Audit & Risk fit into DevOps.
Explain the components of DevOps Culture.
Recognize the scope and impact of Cloud within DevOps.
Define DevSecOps and differentiate with DevOps.
Outline the DevSecOps practices.
Plan a path forward for IT, Audit, and DevSecOps.

Here are the topics we'll cover.

What is DevOps?
- The 5 Ws and the H
- Plan
- Develop
- Deliver
- Operate
Where do Audit and Risk Fit in?
- Language and culture
- Do risk and DevOps intersect?
- Auditing DevOps
The DevOps process
- Flow
- Feedback
- Continual learning and experimentation
What does a DevOps culture look like?
- Collaboration, visibility and alignment
- Shifts in scope and accountability
- Shorter release cycles
- Continual learning
DevOps practices
- Maturity models overview
- Continual integration and continuous delivery (CI/CD)
- Version control
- Agile software development
- Infrastructure as Code (IaC)
- Configuration management
- Continuous monitoring
DevOps and the Cloud
- Cloud agility
- Kubernetes
- Serverless computing
What is DevSecOps?
- The 5 Ws and the H
- Do risk and DevSecOps intersect?
- Auditing DevSecOps
Best practices for DevSecops
- Shift left
- Security education
- Communication, people, processes and technology
- Traceability, auditability and visibility
Where do we go from here?
- IT audit and DevSecOps
- Tools and Resource

Learning Style

On Demand

Level

Intermediate

Includes

Assessment

Who this course is for

Internal Auditors seeking to adopt a DevSecOps culture and employ a DevSecOps methodology into current business practices.

NASBA Certified CPE

16 credits

Field of Study

Auditing

Length of course

16h

Prerequisites

Introduction to Information Security

or equivalent experience

Advanced Preparation

None

Start Learning Today

Stay ahead of the curve and future-proof your business with training programs designed for you.

Purchase a Plan Contact Sales

ACI Learning is registered with NASBA

ACI Learning is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: https://www.nasbaregistry.org/