SlideShare uma empresa Scribd logo

Splitting the Check on Compliance and Security

Transferir como PPTX, PDF
Jason Chan
Jason Chan

Abbreviated version of my 2015 AWS Re:invent talk. Presented at Futurestack 2015.

InternetTecnologia
1 de 40
Splitting the Check on Compliance and Security Jason Chan Engineering Director – Cloud Security @chanjbs
2015 for Developers
2015 for Auditors and Security Teams
The Problem
Developers: Incentives • Speed • Features Want • Freedom to innovate • New technology Incentives and Perspectives Auditors: Incentives • Compliance with regulatory obligations • Verifiable processes Want • Well-known technology • Predictability and stability
The Resolution
“You build it, you run it.” -Werner Vogels, Amazon CTO (June 2006)
Who Cares About These Answers? • When did that code change? • Who made the change? • Who logged in to that host? • What did they do? • Who pushed that code? • When was this dependency introduced? • Was that build tested before deployment? • What were the test results? ?
Before Developers and Auditors After AuditorDev Auditor Dev
How Do We Get There?
Two Approaches to Compliance
Pillars for Effective, Efficient, and Flexible Compliance
The Pillars 1. Traceability in development 2. Continuous security visibility 3. Compartmentalization
Discussion Format
Traceability in Development
Common Audit Requirements for Software Development • Review changes. • Track changes. • Test changes. • Deploy only approved code. • For all actions: • Who did it? • When?
Spinnaker for Continuous Deployment • Customizable development pipelines (workflows) • Based on team requirements • Single interface to entire deployment process • Answers who, what, when, and why • For developers and auditors Auditor Dev
Spinnaker: Compliance-Relevant Features • Integrated access to development artifacts • Pull requests, test results, build artifacts, etc. • Push authorization • Restricted deployment windows (time, region) • Deployment notifications
Spinnaker: App-Centric View & Multistage Pipeline Multiple deployment stagesAutomated Manual Failed test, do not proceed Application-specific components Link to build (Jenkins CI), code changes (Stash)
Automated Canary Analysis Canary test score Link to details Result
Manual Approval (Optional)
Restricted Deployment Window (Optional)
Restricted Deployment Window (Optional)
Deployment Notification (Optional)
Spinnaker vs. Manual Deployments • Deployment is independent of languages and other underlying technology. • Java, Python, Linux, Windows… • Multiple stages of automated testing. • Integration, security, functional, production canary. • Fully traceable pipeline. • Changes and change drivers are fully visible. • All artifacts and test results available.
Control Mapping Control Description PCI 6.3.2 Perform code reviews prior to release. PCI 6.4.5 Test changes to verify no adverse security impact. COBIT BAI03.08 Execute solution testing.
Continuous Security Visibility
Issues with Application Security Risk Management • Spreadsheets and surveys! • Human driven. • Presuppose managed intake. • One-time vs. continuous.
Penguin Shortbread – Automated Risk Analysis for Microservice Architectures • Analyze microservice connectivity. • Passively monitor app and cloud configuration. • Develop risk scoring based on observations.
Application Risk Metric Metric summary Metric algorithm Scoring
Application Risk Rollup Metrics Risk metrics by region/environment
Control Mapping Control Description PCI 1.2.1 Restrict traffic to that which is necessary. PCI 12.2 Implement a risk-assessment process. APO 12.03 Maintain a risk profile.
Compartmentalization
Compartmentalization Resilience: Limit blast radius Confidentiality: Need to know
User Payments application Payment processors and partners Encrypted credit card database Name Encrypted CC John Doe XXXXXXXXXX HSM Monolithic Card Processing in the Data Center Sign up/change CC Store/retrieve CC Real-time/batch auth Tax, analytics, fraud, etc. Web server
Microservices and Tokenization in AWS CloudHSM Payment application Token service Token db Token Encrypted CC abc123 XXXXXXXXXXCrypto proxy Name Token John Doe abc123 Payments db Token vault User Sign up/change CC Web server
Control Mapping Control Description PCI 2.2 Implement one primary function per server. DSS05.02 Manage network and connectivity security. DSS05.03 Manage endpoint security.
Wrapping Up! • Limit investments in approaches that meet narrow regulatory needs. • Embrace core security design and operational principles. • Focus on tools and techniques that serve multiple audiences. Auditor Dev
Thank you! @chanjbs - chan@netflix.com

Recomendados

Best Practices for Security in Microsoft SharePoint 2013
Best Practices for Security in Microsoft SharePoint 2013Best Practices for Security in Microsoft SharePoint 2013
Best Practices for Security in Microsoft SharePoint 2013AntonioMaio2
 
Incident Response
Incident ResponseIncident Response
Incident ResponseMichaelRodriguesdosS1
 
Bug Bounty Hunter Tools.pdf
Bug Bounty Hunter Tools.pdfBug Bounty Hunter Tools.pdf
Bug Bounty Hunter Tools.pdfinfosec train
 
Desktop Security
Desktop SecurityDesktop Security
Desktop SecurityHardikBhandari7
 
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...PECB
 
what is data security full ppt
what is data security full pptwhat is data security full ppt
what is data security full pptShahbaz Khan
 
Hacking ATM machines for fun and profit!
Hacking ATM machines for fun and profit!Hacking ATM machines for fun and profit!
Hacking ATM machines for fun and profit!Zigoo0
 
Vulnerability and Patch Management
Vulnerability and Patch ManagementVulnerability and Patch Management
Vulnerability and Patch Managementn|u - The Open Security Community
 

Recomendados

Best Practices for Security in Microsoft SharePoint 2013
Best Practices for Security in Microsoft SharePoint 2013Best Practices for Security in Microsoft SharePoint 2013
Best Practices for Security in Microsoft SharePoint 2013AntonioMaio2
 
Incident Response
Incident ResponseIncident Response
Incident ResponseMichaelRodriguesdosS1
 
Bug Bounty Hunter Tools.pdf
Bug Bounty Hunter Tools.pdfBug Bounty Hunter Tools.pdf
Bug Bounty Hunter Tools.pdfinfosec train
 
Desktop Security
Desktop SecurityDesktop Security
Desktop SecurityHardikBhandari7
 
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...PECB
 
what is data security full ppt
what is data security full pptwhat is data security full ppt
what is data security full pptShahbaz Khan
 
Hacking ATM machines for fun and profit!
Hacking ATM machines for fun and profit!Hacking ATM machines for fun and profit!
Hacking ATM machines for fun and profit!Zigoo0
 
Vulnerability and Patch Management
Vulnerability and Patch ManagementVulnerability and Patch Management
Vulnerability and Patch Managementn|u - The Open Security Community
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 
Access Controls
Access ControlsAccess Controls
Access Controlsprimeteacher32
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentationSuryansh Srivastava
 
Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...
Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...
Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...Simplilearn
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control PresentationWajahat Rajab
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security PresentationSimplex
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCreekside Marketing Group, LLC
 
Security awareness training - 4 topics that matter most
Security awareness training - 4 topics that matter mostSecurity awareness training - 4 topics that matter most
Security awareness training - 4 topics that matter mostInfosec
 
Firewall & its configurations
Firewall & its configurationsFirewall & its configurations
Firewall & its configurationsStudent
 
Deploying Privileged Access Workstations (PAWs)
Deploying Privileged Access Workstations (PAWs)Deploying Privileged Access Workstations (PAWs)
Deploying Privileged Access Workstations (PAWs)Blue Teamer
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
Best Practices for Identity Management Projects
Best Practices for Identity Management ProjectsBest Practices for Identity Management Projects
Best Practices for Identity Management ProjectsHitachi ID Systems, Inc.
 
Automotive Cybersecurity: Test Like a Hacker
Automotive Cybersecurity: Test Like a HackerAutomotive Cybersecurity: Test Like a Hacker
Automotive Cybersecurity: Test Like a HackerForAllSecure
 
API Security Best Practices and Guidelines
API Security Best Practices and GuidelinesAPI Security Best Practices and Guidelines
API Security Best Practices and GuidelinesWSO2
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationAmandeep Kaur
 
Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...
Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...
Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...Edureka!
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network securityAPNIC
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecuritysommerville-videos
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Defending Netflix from Abuse
Defending Netflix from AbuseDefending Netflix from Abuse
Defending Netflix from AbuseJason Chan
 
The Psychology of Security Automation
The Psychology of Security AutomationThe Psychology of Security Automation
The Psychology of Security AutomationJason Chan
 

Mais conteúdo relacionado

Mais procurados

VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 
Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...
Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...
Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...Simplilearn
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control PresentationWajahat Rajab
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security PresentationSimplex
 
Security awareness training - 4 topics that matter most
Security awareness training - 4 topics that matter mostSecurity awareness training - 4 topics that matter most
Security awareness training - 4 topics that matter mostInfosec
 
Firewall & its configurations
Firewall & its configurationsFirewall & its configurations
Firewall & its configurationsStudent
 
Deploying Privileged Access Workstations (PAWs)
Deploying Privileged Access Workstations (PAWs)Deploying Privileged Access Workstations (PAWs)
Deploying Privileged Access Workstations (PAWs)Blue Teamer
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
Best Practices for Identity Management Projects
Best Practices for Identity Management ProjectsBest Practices for Identity Management Projects
Best Practices for Identity Management ProjectsHitachi ID Systems, Inc.
 
Automotive Cybersecurity: Test Like a Hacker
Automotive Cybersecurity: Test Like a HackerAutomotive Cybersecurity: Test Like a Hacker
Automotive Cybersecurity: Test Like a HackerForAllSecure
 
API Security Best Practices and Guidelines
API Security Best Practices and GuidelinesAPI Security Best Practices and Guidelines
API Security Best Practices and GuidelinesWSO2
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationAmandeep Kaur
 
Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...
Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...
Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...Edureka!
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network securityAPNIC
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecuritysommerville-videos
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 

Mais procurados (20)

VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
 
Access Controls
Access ControlsAccess Controls
Access Controls
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentation
 
Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...
Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...
Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security Presentation
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoT
 
Security awareness training - 4 topics that matter most
Security awareness training - 4 topics that matter mostSecurity awareness training - 4 topics that matter most
Security awareness training - 4 topics that matter most
 
Firewall & its configurations
Firewall & its configurationsFirewall & its configurations
Firewall & its configurations
 
Deploying Privileged Access Workstations (PAWs)
Deploying Privileged Access Workstations (PAWs)Deploying Privileged Access Workstations (PAWs)
Deploying Privileged Access Workstations (PAWs)
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
 
Best Practices for Identity Management Projects
Best Practices for Identity Management ProjectsBest Practices for Identity Management Projects
Best Practices for Identity Management Projects
 
Automotive Cybersecurity: Test Like a Hacker
Automotive Cybersecurity: Test Like a HackerAutomotive Cybersecurity: Test Like a Hacker
Automotive Cybersecurity: Test Like a Hacker
 
API Security Best Practices and Guidelines
API Security Best Practices and GuidelinesAPI Security Best Practices and Guidelines
API Security Best Practices and Guidelines
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...
Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...
Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network security
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
 

Destaque

Defending Netflix from Abuse
Defending Netflix from AbuseDefending Netflix from Abuse
Defending Netflix from AbuseJason Chan
 
The Psychology of Security Automation
The Psychology of Security AutomationThe Psychology of Security Automation
The Psychology of Security AutomationJason Chan
 
Careers in Security
Careers in SecurityCareers in Security
Careers in SecurityJason Chan
 
Amazon Web Services Security
Amazon Web Services SecurityAmazon Web Services Security
Amazon Web Services SecurityJason Chan
 
Resilience and Compliance at Speed and Scale
Resilience and Compliance at Speed and ScaleResilience and Compliance at Speed and Scale
Resilience and Compliance at Speed and ScaleJason Chan
 
From Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product SecurityFrom Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product SecurityJason Chan
 
Practical Security Automation
Practical Security AutomationPractical Security Automation
Practical Security AutomationJason Chan
 
Cloud Security @ Netflix
Cloud Security @ NetflixCloud Security @ Netflix
Cloud Security @ NetflixJason Chan
 
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedCloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedJason Chan
 
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedCloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedJason Chan
 
Beyond DevOps - How Netflix Bridges the Gap
Beyond DevOps - How Netflix Bridges the GapBeyond DevOps - How Netflix Bridges the Gap
Beyond DevOps - How Netflix Bridges the GapJosh Evans
 
Practical Cloud Security
Practical Cloud SecurityPractical Cloud Security
Practical Cloud SecurityJason Chan
 
building microservices
building microservicesbuilding microservices
building microservicesCisco DevNet
 
Canary Analyze All the Things
Canary Analyze All the ThingsCanary Analyze All the Things
Canary Analyze All the Thingsroyrapoport
 
Engineering Tools at Netflix: Enabling Continuous Delivery
Engineering Tools at Netflix: Enabling Continuous DeliveryEngineering Tools at Netflix: Enabling Continuous Delivery
Engineering Tools at Netflix: Enabling Continuous DeliveryMike McGarr
 
Implementing DevOps
Implementing DevOpsImplementing DevOps
Implementing DevOpsMike McGarr
 
Resources (Links) for 2016
Resources (Links) for 2016Resources (Links) for 2016
Resources (Links) for 2016Andrew Newman
 
Past, Present & Future of Recommender Systems: An Industry Perspective
Past, Present & Future of Recommender Systems: An Industry PerspectivePast, Present & Future of Recommender Systems: An Industry Perspective
Past, Present & Future of Recommender Systems: An Industry PerspectiveJustin Basilico
 
Factorization Meets the Item Embedding: Regularizing Matrix Factorization wit...
Factorization Meets the Item Embedding: Regularizing Matrix Factorization wit...Factorization Meets the Item Embedding: Regularizing Matrix Factorization wit...
Factorization Meets the Item Embedding: Regularizing Matrix Factorization wit...Dawen Liang
 

Destaque (20)

Defending Netflix from Abuse
Defending Netflix from AbuseDefending Netflix from Abuse
Defending Netflix from Abuse
 
The Psychology of Security Automation
The Psychology of Security AutomationThe Psychology of Security Automation
The Psychology of Security Automation
 
Careers in Security
Careers in SecurityCareers in Security
Careers in Security
 
Amazon Web Services Security
Amazon Web Services SecurityAmazon Web Services Security
Amazon Web Services Security
 
Resilience and Compliance at Speed and Scale
Resilience and Compliance at Speed and ScaleResilience and Compliance at Speed and Scale
Resilience and Compliance at Speed and Scale
 
From Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product SecurityFrom Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product Security
 
Practical Security Automation
Practical Security AutomationPractical Security Automation
Practical Security Automation
 
Cloud Security @ Netflix
Cloud Security @ NetflixCloud Security @ Netflix
Cloud Security @ Netflix
 
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedCloud Application Security: Lessons Learned
Cloud Application Security: Lessons Learned
 
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedCloud Application Security: Lessons Learned
Cloud Application Security: Lessons Learned
 
Beyond DevOps - How Netflix Bridges the Gap
Beyond DevOps - How Netflix Bridges the GapBeyond DevOps - How Netflix Bridges the Gap
Beyond DevOps - How Netflix Bridges the Gap
 
Practical Cloud Security
Practical Cloud SecurityPractical Cloud Security
Practical Cloud Security
 
building microservices
building microservicesbuilding microservices
building microservices
 
Canary Analyze All the Things
Canary Analyze All the ThingsCanary Analyze All the Things
Canary Analyze All the Things
 
Engineering Tools at Netflix: Enabling Continuous Delivery
Engineering Tools at Netflix: Enabling Continuous DeliveryEngineering Tools at Netflix: Enabling Continuous Delivery
Engineering Tools at Netflix: Enabling Continuous Delivery
 
Culture
CultureCulture
Culture
 
Implementing DevOps
Implementing DevOpsImplementing DevOps
Implementing DevOps
 
Resources (Links) for 2016
Resources (Links) for 2016Resources (Links) for 2016
Resources (Links) for 2016
 
Past, Present & Future of Recommender Systems: An Industry Perspective
Past, Present & Future of Recommender Systems: An Industry PerspectivePast, Present & Future of Recommender Systems: An Industry Perspective
Past, Present & Future of Recommender Systems: An Industry Perspective
 
Factorization Meets the Item Embedding: Regularizing Matrix Factorization wit...
Factorization Meets the Item Embedding: Regularizing Matrix Factorization wit...Factorization Meets the Item Embedding: Regularizing Matrix Factorization wit...
Factorization Meets the Item Embedding: Regularizing Matrix Factorization wit...
 

Semelhante a Splitting the Check on Compliance and Security

How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks Ulf Mattsson
 
Perforce on Tour 2015 - Grab Testing By the Horns and Move
Perforce on Tour 2015 - Grab Testing By the Horns and MovePerforce on Tour 2015 - Grab Testing By the Horns and Move
Perforce on Tour 2015 - Grab Testing By the Horns and MovePerforce
 
Digital Product Security
Digital Product SecurityDigital Product Security
Digital Product SecuritySoftServe
 
Imagine Digital Safety Assured - Arno van de Velde (Micro Focus)
Imagine Digital Safety Assured - Arno van de Velde (Micro Focus)Imagine Digital Safety Assured - Arno van de Velde (Micro Focus)
Imagine Digital Safety Assured - Arno van de Velde (Micro Focus)Sogeti Nederland B.V.
 
Continuous Integration Practices
Continuous Integration Practices Continuous Integration Practices
Continuous Integration Practices Marcelo Freire
 
Continuous integration practices to improve the software quality
Continuous integration practices to improve the software qualityContinuous integration practices to improve the software quality
Continuous integration practices to improve the software qualityFabricio Epaminondas
 
DevOps Overview in my own words
DevOps Overview in my own wordsDevOps Overview in my own words
DevOps Overview in my own wordsSUBHENDU KARMAKAR
 
Freedom and Responsibility
Freedom and ResponsibilityFreedom and Responsibility
Freedom and ResponsibilityMike Ruangutai
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile WorldDavid Lindner
 
ISO 26262 Approval of Automotive Software Components
ISO 26262 Approval of Automotive Software ComponentsISO 26262 Approval of Automotive Software Components
ISO 26262 Approval of Automotive Software ComponentsReal-Time Innovations (RTI)
 
Agile lifecycle handbook by bhawani nandan prasad
Agile lifecycle handbook by bhawani nandan prasadAgile lifecycle handbook by bhawani nandan prasad
Agile lifecycle handbook by bhawani nandan prasadBhawani N Prasad
 
Innovation in Action - #MFSummit2017
Innovation in Action - #MFSummit2017Innovation in Action - #MFSummit2017
Innovation in Action - #MFSummit2017Micro Focus
 
Managing Continuous Delivery of Mobile Apps - for the Enterprise
Managing Continuous Delivery of Mobile Apps - for the EnterpriseManaging Continuous Delivery of Mobile Apps - for the Enterprise
Managing Continuous Delivery of Mobile Apps - for the EnterpriseSauce Labs
 
Training Bootcamp - MainframeDevOps.pptx
Training Bootcamp - MainframeDevOps.pptxTraining Bootcamp - MainframeDevOps.pptx
Training Bootcamp - MainframeDevOps.pptxNashet Ali
 
Agile for Software as a Medical Device
Agile for Software as a Medical DeviceAgile for Software as a Medical Device
Agile for Software as a Medical DeviceOrthogonal
 
Create code confidence for better application security
Create code confidence for better application security Create code confidence for better application security
Create code confidence for better application security Rogue Wave Software
 
verification and validation
verification and validationverification and validation
verification and validationDinesh Pasi
 
Software devlopment security
Software devlopment securitySoftware devlopment security
Software devlopment securitySuraj Singh
 

Semelhante a Splitting the Check on Compliance and Security (20)

How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks
 
Perforce on Tour 2015 - Grab Testing By the Horns and Move
Perforce on Tour 2015 - Grab Testing By the Horns and MovePerforce on Tour 2015 - Grab Testing By the Horns and Move
Perforce on Tour 2015 - Grab Testing By the Horns and Move
 
Digital Product Security
Digital Product SecurityDigital Product Security
Digital Product Security
 
Imagine Digital Safety Assured - Arno van de Velde (Micro Focus)
Imagine Digital Safety Assured - Arno van de Velde (Micro Focus)Imagine Digital Safety Assured - Arno van de Velde (Micro Focus)
Imagine Digital Safety Assured - Arno van de Velde (Micro Focus)
 
Continuous Integration Practices
Continuous Integration Practices Continuous Integration Practices
Continuous Integration Practices
 
Continuous integration practices to improve the software quality
Continuous integration practices to improve the software qualityContinuous integration practices to improve the software quality
Continuous integration practices to improve the software quality
 
Journey to the center of DevOps - v6
Journey to the center of DevOps - v6Journey to the center of DevOps - v6
Journey to the center of DevOps - v6
 
DevOps Overview in my own words
DevOps Overview in my own wordsDevOps Overview in my own words
DevOps Overview in my own words
 
Freedom and Responsibility
Freedom and ResponsibilityFreedom and Responsibility
Freedom and Responsibility
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile World
 
ISO 26262 Approval of Automotive Software Components
ISO 26262 Approval of Automotive Software ComponentsISO 26262 Approval of Automotive Software Components
ISO 26262 Approval of Automotive Software Components
 
Agile lifecycle handbook by bhawani nandan prasad
Agile lifecycle handbook by bhawani nandan prasadAgile lifecycle handbook by bhawani nandan prasad
Agile lifecycle handbook by bhawani nandan prasad
 
Innovation in Action - #MFSummit2017
Innovation in Action - #MFSummit2017Innovation in Action - #MFSummit2017
Innovation in Action - #MFSummit2017
 
Managing Continuous Delivery of Mobile Apps - for the Enterprise
Managing Continuous Delivery of Mobile Apps - for the EnterpriseManaging Continuous Delivery of Mobile Apps - for the Enterprise
Managing Continuous Delivery of Mobile Apps - for the Enterprise
 
Training Bootcamp - MainframeDevOps.pptx
Training Bootcamp - MainframeDevOps.pptxTraining Bootcamp - MainframeDevOps.pptx
Training Bootcamp - MainframeDevOps.pptx
 
Agile for Software as a Medical Device
Agile for Software as a Medical DeviceAgile for Software as a Medical Device
Agile for Software as a Medical Device
 
Create code confidence for better application security
Create code confidence for better application security Create code confidence for better application security
Create code confidence for better application security
 
verification and validation
verification and validationverification and validation
verification and validation
 
1506.08725v1
1506.08725v11506.08725v1
1506.08725v1
 
Software devlopment security
Software devlopment securitySoftware devlopment security
Software devlopment security
 

Último

VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...SUHANI PANDEY
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdfMatthew Sinclair
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableSeo
 
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...nirzagarg
 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...tanu pandey
 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...SUHANI PANDEY
 
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...SUHANI PANDEY
 
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...SUHANI PANDEY
 
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts ServiceReal Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts ServiceEscorts Call Girls
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...Neha Pandey
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...singhpriety023
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdfMatthew Sinclair
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftAanSulistiyo
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdfMatthew Sinclair
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...Escorts Call Girls
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLimonikaupta
 

Último (20)

VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
 
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
 
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
 
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
 
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
 
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts ServiceReal Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
 
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
 
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck Microsoft
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
 

Splitting the Check on Compliance and Security

Notas do Editor

  1. https://www.flickr.com/photos/via/
  2. https://www.flickr.com/photos/anniemole/
  3. http://queue.acm.org/detail.cfm?id=1142065
  4. https://www.flickr.com/photos/boston_public_library/ https://www.flickr.com/photos/28500561@N03/
  5. To do list - https://www.flickr.com/photos/29853404@N03/ Pillars - https://www.flickr.com/photos/sp8254/
  6. https://www.flickr.com/photos/jakerust/
  7. https://www.flickr.com/photos/kizette/
  8. 2 key concepts – limiting access to minimize risk (fewer things to go wrong) and controlling the spread of compromise (bulkhead) and allow better early warning of issues
  9. By Andy Dingley (scanner) [Public domain], via Wikimedia Commons https://www.flickr.com/photos/marcmos/