PART VI CONCLUSION

Throughout the previous chapters, we explored how to take DevOps principles and apply them to Information Security, helping us achieve our goals and making sure security is a part of everyone’s job, every day. Better security ensures that we are defensible and sensible with our data, that we can recover from security problems before they become catastrophic, and, most importantly, that we can make the security of our systems and data better than ever.

Additional Resources

You can dive deeper into considerations of DevOps and audit with this amazing auditor’s panel for the 2019 DevOps Enterprise Summit. In it, representatives from each of the four big auditing firms took the time to talk about how DevOps and audit can work together (https://videolibrary.doesvirtual.com/?video=485153001).

Sooner Safer Happier: Antipatterns and Patterns for Business Agility has an excellent chapter on building intelligent control, outlining clear patterns and antipatterns for dealing with highly regulated industries. The authors all come from the banking industry and thus have a lot of hard-won experience.

Safety Differently: Human Factors for a New Era by Sidney Dekker addresses how to turn safety from bureaucratic accountability back into an ethical responsibility, and it embraces the human factor not as a problem to control but as a solution to harness.

You can also view a lecture from Dekker on the subject here: https://www.youtube.com/watch?v=oMtLS0FNDZs.