The technological Practices of Integrating Information Securtiy, Change Management and Compliance - Information Security as Everyone's Job, Every Day
21 important questions on The technological Practices of Integrating Information Securtiy, Change Management and Compliance - Information Security as Everyone's Job, Every Day
Name a few books about integrating InfoSec into DevOps.
Rugged DevOps by James Wickett and Josh Corman
DevOpsSec by Dr. Tapabrate Pal
How can you make Information Security (InfoSec) everyone's job?
- Integrate security into development iteration demonstrations
- Integrate security into defect tracking and post-mortems
- Integrate preventive security controls into shared source code repositories and shared services
- Integrate security into our deploument pipeline
- Ensure security of the application
- Ensure security of our sogtware supply chain
- Ensure security of the environment
- Integrate information security into production telemetry
- Creating security telemetry in our applications
- Creating security telemetry in our environment
- Protect the deployment pipeline.
What are the advantages if security is integrated into development iteration demonstrations?
- InfoSec gain better understanding of Dev team goals.
- Can early provide guidance and feedback which saves money
- Higher grades + faster learning
- Never study anything twice
- 100% sure, 100% understanding
For my 1st exam I got a C. Then, I started looking for ways to learn better and I came across Study Smart. Since then I have scored a A+, A, A- and another A. I highly recommend it to everyone who wants to hear it. I am so happy with it!!
I was struggling to finish all my first-year subjects for 3 years. Then I discovered Study Smart, which helped me to finish all of them within 3 months.
Because of StudySmart, things are going well in many ways. Before, I always had study stress and no time for anything. Now I feel calm and confident (because of the program). I used to score a B, now I usually score an A or A+.
Hey Chris, I really want to thank you very much for developing the platform, I usually got around C for my exams, now I scored an A+, an A and a A- !!
Since using Study Smart, my average has increased significantly. I even completed a statistics course with a A+ while I'm bad at statistics. I took on extra courses this year, because of Study Smart. Thanks so much!
Ever since I started studying with StudySmart I passed all my exams !!! No more re-sits!! At first, I was happy with a pass and now I only get good grades. Many thanks!
I aced all the courses I studied with Study Smart. For law, I first scored a D, and now an A! I’m 100% sure that I’ll pass all the courses I study with Study Smart.
I always thought I studied well. My grades were fine. I could never have imagined that applying these study skills would have such a huge and direct impact on my grades, my speed and the pleasure I have in learning.
For the first time, I finally feel totally confident about the way I learn. I have the perfect overview and make great progress in terms of speed and the grades I get. Thanks, Chris!
I immediately started to enjoy learning again, and my grades soared. All of a sudden, everything went better. I highly recommend Study Smart to all students..
Being able to create my materials online made the process of studying so much smoother and quicker. I no longer have to spend a huge amount of my time on creating my summaries.
At first, my notes were a mess. Now I use Study Smart to take my notes in a perfectly structured way. It helps me to save a lot of time and do other things I enjoy.
Students that study with Study Smart get better grades. The system applies all the learning methods in such a way that both well-performing students and students who struggle perform much better.
Hi Chris, I would like to thank you very much. Last year I scored C on a course, and this year I got an A+ thanks to your method! Thank you very much!
The largest effect is that my child is more enthusiastic about school! Every parent wants their children to be happy at school, Study Smart made it happen.
In high school, I failed several exams, and that has really changed now. I actually needed this tool very much back then. Since I started studying with StudySmart, I haven't had any D's. My average score is now an A and those are results I would have never had in the past
With my old method, I passed only 3 out of 8 courses. Since I started taking my notes digitally in Study Smart, I have passed all my courses on the first try. For me, StudySmart takes away the stress of wondering if I will pass or not.
Thanks to StudySmart, I passed all my exams, and with better grades than before! On top of that, I have mastered a very good study method now, which I am confident will help me earn my degree.
What are the advantages if security is integrated into defect tracking and post-mortems?
- The work is visible for the DevOps team and work can be prioritized
- At a post-mortem the security knowledge is transferred to enginering teams.
Name a few security libraries which an application requires.
- Authentication
- Authorization
- Password management
- Data encryption
Name a few automated security testtools and what are the advantages of these tools?
The tools use Gherkin syntax testscripts, which is already used by a lot developers for unit and functional testing.
What should be in our application to ensure security?
- Static analysis
- Dynamic analysis
- Dependency scanning
- Source code integrity and code signing
What is Static analysis testing and name tools for Static analysis testing.
Brakeman and Code Climate.
What is Dynamic analysis testing and name tools for this kind of testing.
Arachni and OWASP ZAP and Nmap en Metasploit which include penetration testing.
What is Dependency scanning?
How can check for Source code integrity?
What information can be found in the OWASP Cheat Sheet series?
- How to store passwords
- How to handle forgotten passwords
- How to handle logging
- How to prevent cross-site scripting (XSS) vulnerabilities.
What's the problem with (open source) software used for making your own applications?
Name two reports which give information about security vulnerabilities of used software.
What did they conclude?
- DBIR (PCI Data Breach investigation Report); 10 vulnerabilities accounted for 97% of the exploits for credit card data breaches and eight of the vulnerabilities where 10 years old.
- 2015 Sonatype State of the Software Supply Chain Report: A typical organization uses over 7600 build artifacts and more than 18.000 versions and of those components 7.5% had known vulnerabilities which of 66% are more then two years old.
- National Vulnerability database, 41% is only fixed with an average of 390 days and with the highest score it requirws 224 days..
Which aspects are part of security of the environment?
Name s few tools which can help with security correctness testing including automed configuration management systems.
Which tool can be used to test if the environment is hardened against SQL injection attacks?
What can you tell about telemetry and Information security
What kind of telemetry can we use for to detect problematic user behavior in our application?
- Succesfull and unsuccesfull user logins
- User passwords resets
- User e-mail address resets
- User credit card changes
What kind of telemetry can we use for to detect unauthorized access in our environment?
- OS changes
- Security group changes
- Changes to configurations
- Cloud infrastructure changes
- XSS attempts
- SQLi attempts
- Web server errors.
What security measures should be taken for the deployment pipeline?
- That's impossible to compromise the servers running the deployment so the code can not be stolen or injected with malicious changes
- Reviewing all changes introduced into version control, either through pair programming or code review.
- Instrumenting our repository to detect syspicious API calls.
- Ensuring every CI process runt its own isolated container or VM
- Ensuring the version controle creditentials used by the CI system are read-only.
The question on the page originate from the summary of the following study material:
- A unique study and practice tool
- Never study anything twice again
- Get the grades you hope for
- 100% sure, 100% understanding
