产品的web主控端... 内⽹⽇志服务器 内⽹补丁服务器 内⽹各类OA,ERP,CRM,SRM,HR系统... 内⽹打印服务器 内⽹ MES 系统 内⽹虚拟化服务器 / 超融合平台 [Vmware ESX] 内⽹堡垒机... 内⽹运维,研发 部⻔员⼯的机器 内⽹路由,交换设备... 等等等... 针对以上的各种常规内⽹探测扫描,其实在流量上都会有⾮常清晰的表现 通过在⼀

small-medium-large as units for assigning story points. Over time, as the teams accumulate performance data, this iterative and incremental4 process improves accuracy in allocating points. Point values are typically is the contractor team of software developers, including software and security engineers, data specialists, testers, quality assurance, and configuration managers. Ideally these participants active coordination of efforts across the teams to ensure they are developing towards a common solution. Adding development teams enables more software to be delivered sooner, yet comes with increased

proceeds the data • Put the data in • Fast to use • Can lose subtle contexts • Good for exploitation; not for exploration & change Sense-making Frameworks Sense-making framework - the data proceeds proceeds the framework • Capture the data • Patterns emerge from the data • Provides context and awareness • Good for non-trivial domainsObvious • Cause & Effect Relationships exist • Relationships commanders will get lots of people from lots of backgrounds and hope someone comes up with the right solution Chaotic - Power hungry individuals take absolute command, give orders, everybody does as their

Architecture Enterprise Architecture, the domain of the IT bureaucrats, is the place we must look for the solution to our Agile challenges. We shall journey to the land of the template zombies to retrieve our golden about 100 different piles of paper.  Now, I believe that this was a dead end: it was a Waterfall solution to the problem. A Better Way - Develop an Agile oversight process incrementally: The overseers

a higher-level language than was presently available to the programmer • In essence, it is the solution method, not the problem, whose specification has to be givenProgram verification • Program verification

Architecture: Enterprise Architecture, the domain of the IT bureaucrats, is the place we must look for the solution to our Agile challenges. We shall journey to the land of the template zombies to retrieve our golden

problem-solving. ii. Telemetry – An automated communications process by which measurements and other data are collected at remote points and are subsequently transmitted to receiving equipment for monitoring development. Operations don’t just monitor what’s up or down. ii. Modern Monitoring architecture 1. Data Collection at business logic, application, & environments layer a. Events, logs, & metrics b. Common 1. Authentication/authorization decisions 2. System and data access 3. System and application changes, especially privileged changes 4. Data changes (CRUD) 5. Invalid input, possible malicious injections

Operations to improve outcomes 2. Ch. 9 – Create the Foundations of Our Deployment Pipeline a. Enterprise Data Warehouse program by Em Campbell-Pretty - $200M, All streams of work were significantly behind schedule Application code & dependencies 2. Environment scripts & creation tools 3. DB scripts and reference data 4. Containers 5. Automated tests 6. Project artifacts – documentation, procedures, etc. 7. Application Smoke testing our deployments – test connections to supporting services and systems, run sample data/transaction tests, fail deployment if needed 3. Ensure we maintain consistent environments – continually

environment and ensuring service levels are met v. Infosec – team responsible for securing systems and data vi. Release Managers – the people responsible for coordinating the production deployment processes PLANNING HORIZONS SHORT i. Act like a startup, strive to generate measurable improvement or actionable data within weeks f. RESERVE 20% OF CYCLES FOR NON-FUNCTIONAL REQUIREMENTS AND REDUCING TECHNICAL DEBT

known vulnerabilities and consolidate multiple versions of the same library iii. 2014 Verizon PCI Data Breach Investigation Report – studies over 85K cardholder breaches. 10 vulnerabilities accounted environments with infrastructure-as-code and auto- scaling. Must create alternatives methods of providing the data to show auditors controls are in place and operating. 1. Work closely to identify the evidence needed