SlideShare ist ein Scribd-Unternehmen logo

Splitting the Check on Compliance and Security

Als PPTX, PDF herunterladen
Jason Chan
Jason Chan

Abbreviated version of my 2015 AWS Re:invent talk. Presented at Futurestack 2015.

InternetTechnologie
1 von 40
Splitting the Check on Compliance and Security Jason Chan Engineering Director – Cloud Security @chanjbs
2015 for Developers
2015 for Auditors and Security Teams
The Problem
Developers: Incentives • Speed • Features Want • Freedom to innovate • New technology Incentives and Perspectives Auditors: Incentives • Compliance with regulatory obligations • Verifiable processes Want • Well-known technology • Predictability and stability
The Resolution
“You build it, you run it.” -Werner Vogels, Amazon CTO (June 2006)
Who Cares About These Answers? • When did that code change? • Who made the change? • Who logged in to that host? • What did they do? • Who pushed that code? • When was this dependency introduced? • Was that build tested before deployment? • What were the test results? ?
Before Developers and Auditors After AuditorDev Auditor Dev
How Do We Get There?
Two Approaches to Compliance
Pillars for Effective, Efficient, and Flexible Compliance
The Pillars 1. Traceability in development 2. Continuous security visibility 3. Compartmentalization
Discussion Format
Traceability in Development
Common Audit Requirements for Software Development • Review changes. • Track changes. • Test changes. • Deploy only approved code. • For all actions: • Who did it? • When?
Spinnaker for Continuous Deployment • Customizable development pipelines (workflows) • Based on team requirements • Single interface to entire deployment process • Answers who, what, when, and why • For developers and auditors Auditor Dev
Spinnaker: Compliance-Relevant Features • Integrated access to development artifacts • Pull requests, test results, build artifacts, etc. • Push authorization • Restricted deployment windows (time, region) • Deployment notifications
Spinnaker: App-Centric View & Multistage Pipeline Multiple deployment stagesAutomated Manual Failed test, do not proceed Application-specific components Link to build (Jenkins CI), code changes (Stash)
Automated Canary Analysis Canary test score Link to details Result
Manual Approval (Optional)
Restricted Deployment Window (Optional)
Restricted Deployment Window (Optional)
Deployment Notification (Optional)
Spinnaker vs. Manual Deployments • Deployment is independent of languages and other underlying technology. • Java, Python, Linux, Windows… • Multiple stages of automated testing. • Integration, security, functional, production canary. • Fully traceable pipeline. • Changes and change drivers are fully visible. • All artifacts and test results available.
Control Mapping Control Description PCI 6.3.2 Perform code reviews prior to release. PCI 6.4.5 Test changes to verify no adverse security impact. COBIT BAI03.08 Execute solution testing.
Continuous Security Visibility
Issues with Application Security Risk Management • Spreadsheets and surveys! • Human driven. • Presuppose managed intake. • One-time vs. continuous.
Penguin Shortbread – Automated Risk Analysis for Microservice Architectures • Analyze microservice connectivity. • Passively monitor app and cloud configuration. • Develop risk scoring based on observations.
Application Risk Metric Metric summary Metric algorithm Scoring
Application Risk Rollup Metrics Risk metrics by region/environment
Control Mapping Control Description PCI 1.2.1 Restrict traffic to that which is necessary. PCI 12.2 Implement a risk-assessment process. APO 12.03 Maintain a risk profile.
Compartmentalization
Compartmentalization Resilience: Limit blast radius Confidentiality: Need to know
User Payments application Payment processors and partners Encrypted credit card database Name Encrypted CC John Doe XXXXXXXXXX HSM Monolithic Card Processing in the Data Center Sign up/change CC Store/retrieve CC Real-time/batch auth Tax, analytics, fraud, etc. Web server
Microservices and Tokenization in AWS CloudHSM Payment application Token service Token db Token Encrypted CC abc123 XXXXXXXXXXCrypto proxy Name Token John Doe abc123 Payments db Token vault User Sign up/change CC Web server
Control Mapping Control Description PCI 2.2 Implement one primary function per server. DSS05.02 Manage network and connectivity security. DSS05.03 Manage endpoint security.
Wrapping Up! • Limit investments in approaches that meet narrow regulatory needs. • Embrace core security design and operational principles. • Focus on tools and techniques that serve multiple audiences. Auditor Dev
Thank you! @chanjbs - chan@netflix.com

Empfohlen

Benefits of DevSecOps
Benefits of DevSecOpsBenefits of DevSecOps
Benefits of DevSecOpsFinto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
DevOps Tutorial For Beginners | DevOps Tutorial | DevOps Tools | DevOps Train...
DevOps Tutorial For Beginners | DevOps Tutorial | DevOps Tools | DevOps Train...DevOps Tutorial For Beginners | DevOps Tutorial | DevOps Tools | DevOps Train...
DevOps Tutorial For Beginners | DevOps Tutorial | DevOps Tools | DevOps Train...Simplilearn
 
Devops Mindset Essentials
Devops Mindset EssentialsDevops Mindset Essentials
Devops Mindset EssentialsWilly-Peter Schaub
 
What is Ad-Hoc Testing
What is Ad-Hoc TestingWhat is Ad-Hoc Testing
What is Ad-Hoc TestingExforsys Inc
 
DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD PipelineJames Wickett
 
Static code analysis with sonar qube
Static code analysis with sonar qubeStatic code analysis with sonar qube
Static code analysis with sonar qubeHayi Nukman
 
Agile vs. waterfall - The fundamentals differences
Agile vs. waterfall - The fundamentals differencesAgile vs. waterfall - The fundamentals differences
Agile vs. waterfall - The fundamentals differencesDavid Tzemach
 
Intro to Knative
Intro to KnativeIntro to Knative
Intro to KnativeChristian Posta
 

Empfohlen

Benefits of DevSecOps
Benefits of DevSecOpsBenefits of DevSecOps
Benefits of DevSecOpsFinto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
DevOps Tutorial For Beginners | DevOps Tutorial | DevOps Tools | DevOps Train...
DevOps Tutorial For Beginners | DevOps Tutorial | DevOps Tools | DevOps Train...DevOps Tutorial For Beginners | DevOps Tutorial | DevOps Tools | DevOps Train...
DevOps Tutorial For Beginners | DevOps Tutorial | DevOps Tools | DevOps Train...Simplilearn
 
Devops Mindset Essentials
Devops Mindset EssentialsDevops Mindset Essentials
Devops Mindset EssentialsWilly-Peter Schaub
 
What is Ad-Hoc Testing
What is Ad-Hoc TestingWhat is Ad-Hoc Testing
What is Ad-Hoc TestingExforsys Inc
 
DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD PipelineJames Wickett
 
Static code analysis with sonar qube
Static code analysis with sonar qubeStatic code analysis with sonar qube
Static code analysis with sonar qubeHayi Nukman
 
Agile vs. waterfall - The fundamentals differences
Agile vs. waterfall - The fundamentals differencesAgile vs. waterfall - The fundamentals differences
Agile vs. waterfall - The fundamentals differencesDavid Tzemach
 
Intro to Knative
Intro to KnativeIntro to Knative
Intro to KnativeChristian Posta
 
New relic
New relicNew relic
New relicShubhani Jain
 
Observability
ObservabilityObservability
ObservabilityMartin Gross
 
Application Performance Monitoring (APM)
Application Performance Monitoring (APM)Application Performance Monitoring (APM)
Application Performance Monitoring (APM)Site24x7
 
Dynatrace
DynatraceDynatrace
DynatracePurnima Kurella
 
Network Reliability Engineering and DevNetOps - Presented at ONS March 2018
Network Reliability Engineering and DevNetOps - Presented at ONS March 2018Network Reliability Engineering and DevNetOps - Presented at ONS March 2018
Network Reliability Engineering and DevNetOps - Presented at ONS March 2018James Kelly
 
Devops maturity model
Devops maturity modelDevops maturity model
Devops maturity modelทวิร พานิชสมบัติ
 
DevOps introduction
DevOps introductionDevOps introduction
DevOps introductionChristian F. Nissen
 
Secure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSecure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSalil Kumar Subramony
 
Domain Driven Design - Strategic Patterns and Microservices
Domain Driven Design - Strategic Patterns and MicroservicesDomain Driven Design - Strategic Patterns and Microservices
Domain Driven Design - Strategic Patterns and MicroservicesRadosław Maziarka
 
What is Shift Left Testing.pdf
What is Shift Left Testing.pdfWhat is Shift Left Testing.pdf
What is Shift Left Testing.pdfTestbytes
 
devops
devops devops
devops Somkiat Puisungnoen
 
The Paved Road at Netflix
The Paved Road at NetflixThe Paved Road at Netflix
The Paved Road at NetflixDianne Marsh
 
Burp suite
Burp suiteBurp suite
Burp suiteSOURABH DESHMUKH
 
How We Do DevOps at Walmart: OneOps OSS Application Lifecycle Management Plat...
How We Do DevOps at Walmart: OneOps OSS Application Lifecycle Management Plat...How We Do DevOps at Walmart: OneOps OSS Application Lifecycle Management Plat...
How We Do DevOps at Walmart: OneOps OSS Application Lifecycle Management Plat...WalmartLabs
 
An introduction to DevOps
An introduction to DevOpsAn introduction to DevOps
An introduction to DevOpsAlexander Meijers
 
SCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsSCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsStefan Streichsbier
 
DevOps intro
DevOps introDevOps intro
DevOps introAbdelrhman Shawky
 
Fundamental Test Process New
Fundamental Test Process NewFundamental Test Process New
Fundamental Test Process NewNikita Knysh
 
What is pentest
What is pentestWhat is pentest
What is pentestitissolutions
 
Shift Left Security - The What, Why and How
Shift Left Security - The What, Why and HowShift Left Security - The What, Why and How
Shift Left Security - The What, Why and HowDevOps.com
 
Defending Netflix from Abuse
Defending Netflix from AbuseDefending Netflix from Abuse
Defending Netflix from AbuseJason Chan
 
The Psychology of Security Automation
The Psychology of Security AutomationThe Psychology of Security Automation
The Psychology of Security AutomationJason Chan
 

Weitere ähnliche Inhalte

Was ist angesagt?

Application Performance Monitoring (APM)
Application Performance Monitoring (APM)Application Performance Monitoring (APM)
Application Performance Monitoring (APM)Site24x7
 
Network Reliability Engineering and DevNetOps - Presented at ONS March 2018
Network Reliability Engineering and DevNetOps - Presented at ONS March 2018Network Reliability Engineering and DevNetOps - Presented at ONS March 2018
Network Reliability Engineering and DevNetOps - Presented at ONS March 2018James Kelly
 
Secure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSecure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSalil Kumar Subramony
 
Domain Driven Design - Strategic Patterns and Microservices
Domain Driven Design - Strategic Patterns and MicroservicesDomain Driven Design - Strategic Patterns and Microservices
Domain Driven Design - Strategic Patterns and MicroservicesRadosław Maziarka
 
What is Shift Left Testing.pdf
What is Shift Left Testing.pdfWhat is Shift Left Testing.pdf
What is Shift Left Testing.pdfTestbytes
 
The Paved Road at Netflix
The Paved Road at NetflixThe Paved Road at Netflix
The Paved Road at NetflixDianne Marsh
 
How We Do DevOps at Walmart: OneOps OSS Application Lifecycle Management Plat...
How We Do DevOps at Walmart: OneOps OSS Application Lifecycle Management Plat...How We Do DevOps at Walmart: OneOps OSS Application Lifecycle Management Plat...
How We Do DevOps at Walmart: OneOps OSS Application Lifecycle Management Plat...WalmartLabs
 
SCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsSCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsStefan Streichsbier
 
Fundamental Test Process New
Fundamental Test Process NewFundamental Test Process New
Fundamental Test Process NewNikita Knysh
 
Shift Left Security - The What, Why and How
Shift Left Security - The What, Why and HowShift Left Security - The What, Why and How
Shift Left Security - The What, Why and HowDevOps.com
 

Was ist angesagt? (20)

New relic
New relicNew relic
New relic
 
Observability
ObservabilityObservability
Observability
 
Application Performance Monitoring (APM)
Application Performance Monitoring (APM)Application Performance Monitoring (APM)
Application Performance Monitoring (APM)
 
Dynatrace
DynatraceDynatrace
Dynatrace
 
Network Reliability Engineering and DevNetOps - Presented at ONS March 2018
Network Reliability Engineering and DevNetOps - Presented at ONS March 2018Network Reliability Engineering and DevNetOps - Presented at ONS March 2018
Network Reliability Engineering and DevNetOps - Presented at ONS March 2018
 
Devops maturity model
Devops maturity modelDevops maturity model
Devops maturity model
 
DevOps introduction
DevOps introductionDevOps introduction
DevOps introduction
 
Secure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSecure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green Method
 
Domain Driven Design - Strategic Patterns and Microservices
Domain Driven Design - Strategic Patterns and MicroservicesDomain Driven Design - Strategic Patterns and Microservices
Domain Driven Design - Strategic Patterns and Microservices
 
What is Shift Left Testing.pdf
What is Shift Left Testing.pdfWhat is Shift Left Testing.pdf
What is Shift Left Testing.pdf
 
devops
devops devops
devops
 
The Paved Road at Netflix
The Paved Road at NetflixThe Paved Road at Netflix
The Paved Road at Netflix
 
Burp suite
Burp suiteBurp suite
Burp suite
 
How We Do DevOps at Walmart: OneOps OSS Application Lifecycle Management Plat...
How We Do DevOps at Walmart: OneOps OSS Application Lifecycle Management Plat...How We Do DevOps at Walmart: OneOps OSS Application Lifecycle Management Plat...
How We Do DevOps at Walmart: OneOps OSS Application Lifecycle Management Plat...
 
An introduction to DevOps
An introduction to DevOpsAn introduction to DevOps
An introduction to DevOps
 
SCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsSCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOps
 
DevOps intro
DevOps introDevOps intro
DevOps intro
 
Fundamental Test Process New
Fundamental Test Process NewFundamental Test Process New
Fundamental Test Process New
 
What is pentest
What is pentestWhat is pentest
What is pentest
 
Shift Left Security - The What, Why and How
Shift Left Security - The What, Why and HowShift Left Security - The What, Why and How
Shift Left Security - The What, Why and How
 

Andere mochten auch

Defending Netflix from Abuse
Defending Netflix from AbuseDefending Netflix from Abuse
Defending Netflix from AbuseJason Chan
 
The Psychology of Security Automation
The Psychology of Security AutomationThe Psychology of Security Automation
The Psychology of Security AutomationJason Chan
 
Careers in Security
Careers in SecurityCareers in Security
Careers in SecurityJason Chan
 
Amazon Web Services Security
Amazon Web Services SecurityAmazon Web Services Security
Amazon Web Services SecurityJason Chan
 
Resilience and Compliance at Speed and Scale
Resilience and Compliance at Speed and ScaleResilience and Compliance at Speed and Scale
Resilience and Compliance at Speed and ScaleJason Chan
 
From Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product SecurityFrom Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product SecurityJason Chan
 
Practical Security Automation
Practical Security AutomationPractical Security Automation
Practical Security AutomationJason Chan
 
Cloud Security @ Netflix
Cloud Security @ NetflixCloud Security @ Netflix
Cloud Security @ NetflixJason Chan
 
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedCloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedJason Chan
 
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedCloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedJason Chan
 
Beyond DevOps - How Netflix Bridges the Gap
Beyond DevOps - How Netflix Bridges the GapBeyond DevOps - How Netflix Bridges the Gap
Beyond DevOps - How Netflix Bridges the GapJosh Evans
 
Practical Cloud Security
Practical Cloud SecurityPractical Cloud Security
Practical Cloud SecurityJason Chan
 
building microservices
building microservicesbuilding microservices
building microservicesCisco DevNet
 
Canary Analyze All the Things
Canary Analyze All the ThingsCanary Analyze All the Things
Canary Analyze All the Thingsroyrapoport
 
Engineering Tools at Netflix: Enabling Continuous Delivery
Engineering Tools at Netflix: Enabling Continuous DeliveryEngineering Tools at Netflix: Enabling Continuous Delivery
Engineering Tools at Netflix: Enabling Continuous DeliveryMike McGarr
 
Implementing DevOps
Implementing DevOpsImplementing DevOps
Implementing DevOpsMike McGarr
 
Resources (Links) for 2016
Resources (Links) for 2016Resources (Links) for 2016
Resources (Links) for 2016Andrew Newman
 
Past, Present & Future of Recommender Systems: An Industry Perspective
Past, Present & Future of Recommender Systems: An Industry PerspectivePast, Present & Future of Recommender Systems: An Industry Perspective
Past, Present & Future of Recommender Systems: An Industry PerspectiveJustin Basilico
 
Factorization Meets the Item Embedding: Regularizing Matrix Factorization wit...
Factorization Meets the Item Embedding: Regularizing Matrix Factorization wit...Factorization Meets the Item Embedding: Regularizing Matrix Factorization wit...
Factorization Meets the Item Embedding: Regularizing Matrix Factorization wit...Dawen Liang
 

Andere mochten auch (20)

Defending Netflix from Abuse
Defending Netflix from AbuseDefending Netflix from Abuse
Defending Netflix from Abuse
 
The Psychology of Security Automation
The Psychology of Security AutomationThe Psychology of Security Automation
The Psychology of Security Automation
 
Careers in Security
Careers in SecurityCareers in Security
Careers in Security
 
Amazon Web Services Security
Amazon Web Services SecurityAmazon Web Services Security
Amazon Web Services Security
 
Resilience and Compliance at Speed and Scale
Resilience and Compliance at Speed and ScaleResilience and Compliance at Speed and Scale
Resilience and Compliance at Speed and Scale
 
From Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product SecurityFrom Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product Security
 
Practical Security Automation
Practical Security AutomationPractical Security Automation
Practical Security Automation
 
Cloud Security @ Netflix
Cloud Security @ NetflixCloud Security @ Netflix
Cloud Security @ Netflix
 
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedCloud Application Security: Lessons Learned
Cloud Application Security: Lessons Learned
 
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedCloud Application Security: Lessons Learned
Cloud Application Security: Lessons Learned
 
Beyond DevOps - How Netflix Bridges the Gap
Beyond DevOps - How Netflix Bridges the GapBeyond DevOps - How Netflix Bridges the Gap
Beyond DevOps - How Netflix Bridges the Gap
 
Practical Cloud Security
Practical Cloud SecurityPractical Cloud Security
Practical Cloud Security
 
building microservices
building microservicesbuilding microservices
building microservices
 
Canary Analyze All the Things
Canary Analyze All the ThingsCanary Analyze All the Things
Canary Analyze All the Things
 
Engineering Tools at Netflix: Enabling Continuous Delivery
Engineering Tools at Netflix: Enabling Continuous DeliveryEngineering Tools at Netflix: Enabling Continuous Delivery
Engineering Tools at Netflix: Enabling Continuous Delivery
 
Culture
CultureCulture
Culture
 
Implementing DevOps
Implementing DevOpsImplementing DevOps
Implementing DevOps
 
Resources (Links) for 2016
Resources (Links) for 2016Resources (Links) for 2016
Resources (Links) for 2016
 
Past, Present & Future of Recommender Systems: An Industry Perspective
Past, Present & Future of Recommender Systems: An Industry PerspectivePast, Present & Future of Recommender Systems: An Industry Perspective
Past, Present & Future of Recommender Systems: An Industry Perspective
 
Factorization Meets the Item Embedding: Regularizing Matrix Factorization wit...
Factorization Meets the Item Embedding: Regularizing Matrix Factorization wit...Factorization Meets the Item Embedding: Regularizing Matrix Factorization wit...
Factorization Meets the Item Embedding: Regularizing Matrix Factorization wit...
 

Ähnlich wie Splitting the Check on Compliance and Security

How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks Ulf Mattsson
 
Perforce on Tour 2015 - Grab Testing By the Horns and Move
Perforce on Tour 2015 - Grab Testing By the Horns and MovePerforce on Tour 2015 - Grab Testing By the Horns and Move
Perforce on Tour 2015 - Grab Testing By the Horns and MovePerforce
 
Digital Product Security
Digital Product SecurityDigital Product Security
Digital Product SecuritySoftServe
 
Imagine Digital Safety Assured - Arno van de Velde (Micro Focus)
Imagine Digital Safety Assured - Arno van de Velde (Micro Focus)Imagine Digital Safety Assured - Arno van de Velde (Micro Focus)
Imagine Digital Safety Assured - Arno van de Velde (Micro Focus)Sogeti Nederland B.V.
 
Continuous Integration Practices
Continuous Integration Practices Continuous Integration Practices
Continuous Integration Practices Marcelo Freire
 
Continuous integration practices to improve the software quality
Continuous integration practices to improve the software qualityContinuous integration practices to improve the software quality
Continuous integration practices to improve the software qualityFabricio Epaminondas
 
DevOps Overview in my own words
DevOps Overview in my own wordsDevOps Overview in my own words
DevOps Overview in my own wordsSUBHENDU KARMAKAR
 
Freedom and Responsibility
Freedom and ResponsibilityFreedom and Responsibility
Freedom and ResponsibilityMike Ruangutai
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile WorldDavid Lindner
 
ISO 26262 Approval of Automotive Software Components
ISO 26262 Approval of Automotive Software ComponentsISO 26262 Approval of Automotive Software Components
ISO 26262 Approval of Automotive Software ComponentsReal-Time Innovations (RTI)
 
Agile lifecycle handbook by bhawani nandan prasad
Agile lifecycle handbook by bhawani nandan prasadAgile lifecycle handbook by bhawani nandan prasad
Agile lifecycle handbook by bhawani nandan prasadBhawani N Prasad
 
Innovation in Action - #MFSummit2017
Innovation in Action - #MFSummit2017Innovation in Action - #MFSummit2017
Innovation in Action - #MFSummit2017Micro Focus
 
Managing Continuous Delivery of Mobile Apps - for the Enterprise
Managing Continuous Delivery of Mobile Apps - for the EnterpriseManaging Continuous Delivery of Mobile Apps - for the Enterprise
Managing Continuous Delivery of Mobile Apps - for the EnterpriseSauce Labs
 
Training Bootcamp - MainframeDevOps.pptx
Training Bootcamp - MainframeDevOps.pptxTraining Bootcamp - MainframeDevOps.pptx
Training Bootcamp - MainframeDevOps.pptxNashet Ali
 
Agile for Software as a Medical Device
Agile for Software as a Medical DeviceAgile for Software as a Medical Device
Agile for Software as a Medical DeviceOrthogonal
 
Create code confidence for better application security
Create code confidence for better application security Create code confidence for better application security
Create code confidence for better application security Rogue Wave Software
 
verification and validation
verification and validationverification and validation
verification and validationDinesh Pasi
 
Software devlopment security
Software devlopment securitySoftware devlopment security
Software devlopment securitySuraj Singh
 

Ähnlich wie Splitting the Check on Compliance and Security (20)

How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks
 
Perforce on Tour 2015 - Grab Testing By the Horns and Move
Perforce on Tour 2015 - Grab Testing By the Horns and MovePerforce on Tour 2015 - Grab Testing By the Horns and Move
Perforce on Tour 2015 - Grab Testing By the Horns and Move
 
Digital Product Security
Digital Product SecurityDigital Product Security
Digital Product Security
 
Imagine Digital Safety Assured - Arno van de Velde (Micro Focus)
Imagine Digital Safety Assured - Arno van de Velde (Micro Focus)Imagine Digital Safety Assured - Arno van de Velde (Micro Focus)
Imagine Digital Safety Assured - Arno van de Velde (Micro Focus)
 
Continuous Integration Practices
Continuous Integration Practices Continuous Integration Practices
Continuous Integration Practices
 
Continuous integration practices to improve the software quality
Continuous integration practices to improve the software qualityContinuous integration practices to improve the software quality
Continuous integration practices to improve the software quality
 
Journey to the center of DevOps - v6
Journey to the center of DevOps - v6Journey to the center of DevOps - v6
Journey to the center of DevOps - v6
 
DevOps Overview in my own words
DevOps Overview in my own wordsDevOps Overview in my own words
DevOps Overview in my own words
 
Freedom and Responsibility
Freedom and ResponsibilityFreedom and Responsibility
Freedom and Responsibility
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile World
 
ISO 26262 Approval of Automotive Software Components
ISO 26262 Approval of Automotive Software ComponentsISO 26262 Approval of Automotive Software Components
ISO 26262 Approval of Automotive Software Components
 
Agile lifecycle handbook by bhawani nandan prasad
Agile lifecycle handbook by bhawani nandan prasadAgile lifecycle handbook by bhawani nandan prasad
Agile lifecycle handbook by bhawani nandan prasad
 
Innovation in Action - #MFSummit2017
Innovation in Action - #MFSummit2017Innovation in Action - #MFSummit2017
Innovation in Action - #MFSummit2017
 
Managing Continuous Delivery of Mobile Apps - for the Enterprise
Managing Continuous Delivery of Mobile Apps - for the EnterpriseManaging Continuous Delivery of Mobile Apps - for the Enterprise
Managing Continuous Delivery of Mobile Apps - for the Enterprise
 
Training Bootcamp - MainframeDevOps.pptx
Training Bootcamp - MainframeDevOps.pptxTraining Bootcamp - MainframeDevOps.pptx
Training Bootcamp - MainframeDevOps.pptx
 
Agile for Software as a Medical Device
Agile for Software as a Medical DeviceAgile for Software as a Medical Device
Agile for Software as a Medical Device
 
Create code confidence for better application security
Create code confidence for better application security Create code confidence for better application security
Create code confidence for better application security
 
verification and validation
verification and validationverification and validation
verification and validation
 
1506.08725v1
1506.08725v11506.08725v1
1506.08725v1
 
Software devlopment security
Software devlopment securitySoftware devlopment security
Software devlopment security
 

Kürzlich hochgeladen

Power point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria IuzzolinoPower point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria Iuzzolinonuriaiuzzolino1
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdfMatthew Sinclair
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查ydyuyu
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Roommeghakumariji156
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsMonica Sydney
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfJOHNBEBONYAP1
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge GraphsEleniIlkou
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查ydyuyu
 
PowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxPowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxgalaxypingy
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"growthgrids
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制pxcywzqs
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样ayvbos
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查ydyuyu
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdfMatthew Sinclair
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrHenryBriggs2
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsMonica Sydney
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoilmeghakumariji156
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样ayvbos
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC
 

Kürzlich hochgeladen (20)

Power point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria IuzzolinoPower point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria Iuzzolino
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
 
PowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxPowerDirector Explination Process...pptx
PowerDirector Explination Process...pptx
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 

Splitting the Check on Compliance and Security

Hinweis der Redaktion

  1. https://www.flickr.com/photos/via/
  2. https://www.flickr.com/photos/anniemole/
  3. http://queue.acm.org/detail.cfm?id=1142065
  4. https://www.flickr.com/photos/boston_public_library/ https://www.flickr.com/photos/28500561@N03/
  5. To do list - https://www.flickr.com/photos/29853404@N03/ Pillars - https://www.flickr.com/photos/sp8254/
  6. https://www.flickr.com/photos/jakerust/
  7. https://www.flickr.com/photos/kizette/
  8. 2 key concepts – limiting access to minimize risk (fewer things to go wrong) and controlling the spread of compromise (bulkhead) and allow better early warning of issues
  9. By Andy Dingley (scanner) [Public domain], via Wikimedia Commons https://www.flickr.com/photos/marcmos/