PPT-Continuous Security: Security in Continuous Delivery

Lianping Chen lianpingchenoutlookcom lianpingchen The presentation represents only my own views and doesnt necessarily reflect those of my employer Build Test Run Design Threat Modeling. Derek . Zernach. Overview. Definitions. Background/History. Continuous Delivery. How to practice Continuous Delivery. Continuous Integration. Continuous Integration Tools. Continuous Delivery Summary. Jeffrey . knapp. 8/6/14. Introduction. Why is it valuable. How to achieve. What to consider. Why? - Value. To the end client. Rapid delivery, less time from idea to production. To the company. Less software inventory. Proprietary Information of SecureInfo. ®. Corporation © 2011 All Rights Reserved. Agenda. Current State of Continuous Monitoring. Continuous Monitoring Defined. FedRAMP. Status. Continuous Monitoring Solutions. Continuous Delivery (CI/CD) Tool Chain. Who is this dude. Started life as a sysadmin of 5000 servers (physicals). Used programming to aid in managing those servers . Started the path of application delivery . from C&As to . Continuous . Monitoring. Andrew . Patchan. . JD, . CISA. Associate . IG for IT, . FRB . Louis . c. King. , CPA, CISA, CMA, CFM, . CGFM. Assistant . IG for Financial & IT . Audits, DOT. . Integration. in Agile . environment. What is continuous integration ?. “Continuous Integration is a software development practice where members of a team integrate their work frequently, usually each person integrates at least daily - leading to multiple integrations per day. Each integration is verified by an automated build (including test) to detect integration errors as quickly as possible. Many teams find that this approach leads to significantly reduced integration problems and allows a team to develop cohesive software more rapidly.” Martin Fowler. FITSP-A . Module 7. “Continuous monitoring is the backbone of true security.” . -Vivek Kundra. Federal CIO. Leadership. FITSP-A Exam Module Objectives. Audit and Accountability. Manage controls in a system that facilitate the creation, protection, and retention of information system audit records to the extent needed to enable the monitoring, analysis, and investigation of the system. Financial Records. Medical Records. Social Security Records. Insurance Records. Test Records. SOURCE: HUFFINGTON POST. “America’s Schools Have a Cybersecurity Problem.”. Education is Second Only to Healthcare in Number of Data Breaches. An Introduction to DevOps for Project Managers. Today’s Presenters :. Chris Knotts, PMP – . Enterprise training curriculum director: DevOps, emerging technologies, & technology innovation. 62for detailsDimming Lens and Louverdiffusion FBLSS Flat Blade Louver Semi-the chance of breaking Performance OpticsIntellect Enabled Optional Controls dimming occupancy/ vacancy sensing multi-zone da Monitoring Performance Management GuideVersion 21February 21 2018iDOCUMENT REVISION HISTORYDATEVERSIONPAGESDESCRIPTIONAUTHOR07/22/201510AllInitial documentFedRAMP PMO01/06/2016116AddedFormal CAP for s Dr. Asankhaya Sharma. SIT. 20-Feb-16. 2. Secure Software Development. Consider security throughout the software development lifecycle. Requirements. Design. Implementation. Testing. Deployment. 20-Feb-16. Stephen de . Vries. . @. stephendv. w. ith BDD-Security. About me. CTO Continuum Security. 16 years in security. Specialised. in application security. Author of BDD-Security framework. Security testing still stuck in a waterfall world. Simon Gunton . UKNOF April 2017. @. Cessle. Operations Engineer for . AutoTrader. Been here for 3.5 years. Previously worked for M247. Samer. taught me the basics. Odd fact is my arm span is greater than my height.