expected iv. Great Amazon Reboot of 2014 – 10% of Amazon EC2 servers had to reboot for Xen emergency security patch. At Netflix, zero downtime, no one actively working incidents. They were at a Hollywood party infrastructure, and environments 2. Deployment tools 3. Testing standards and tools, including security 4. Deployment pipeline tools 5. Monitoring and analysis tools 6. Tutorials and standards ii Technical Practices of Integrating Information Security, Change Management, and Compliance 1. Introduction a. Goal to simultaneously achieve Information Security goals and create high degree of assurance

Agile c. Myth—DevOps is incompatible with ITIL d. Myth—DevOps is Incompatible with Information Security and Compliance: e. Myth—DevOps Means Eliminating IT Operations, or “NoOps” f. Myth—DevOps is Just center in queues and making it visible, all stakeholders can more easily prioritize work in the context of global goals. ii. REDUCE BATCH SIZES1. Another key component to creating smooth and fast flow designed. b. automate as much of the quality checking typically performed by a QA or Information Security department as possible c. Gary Gruver observes, “It’s impossible for a developer to learn anything

5. Fatal – forces a termination iv. Examples of potentially significant events (Gartner’s GTP Security & Risk Management group) 1. Authentication/authorization decisions 2. System and data access tools rather than static 3. Graph business metrics with infrastructure metrics to provide deeper context iv. Overlaying other relevant information onto our metrics 1. All production deployments should or those relevant to production incidents 1. Bad pull requests – typically doesn’t have enough context for the reader, little documentation of the changes intended outcome, or explanation of the thought

/etc/selinux/config # setenforce 0 #关闭selinux ④ulimit设置 # cat >> vi /etc/security/limits.conf <context上下文 # kubectl config set-context kube-user01@kubernetes --cluster=kubernetes -- user=kube-user01 # kubectl config use-context kube-user01@kubernetes #切换上下文（指定使用 #切换上下文（指定使用 kube-user01用户去访问k8s集群，此用户目前没有访问集群的权限 # kubectl config use-context kubernetes-admin@kubernetes #切换回管理员用 户 # kubectl --context=kube-user01@kubernetes get pods #临时使用某用户上下 文 ②创建服务账号ServiceAccount

vision, that they understand the business’s intent, and that they will make decisions within the context of that intent.  How will the team determine the specific requirements—that is, determine what AWS he was the CIO of US Citizenship and Immigration Service (part of the Department of Homeland Security), CIO of Intrax, and CEO of Auctiva. He has an MBA from Wharton, a BS in Computer Science from

aims at unifying software development (Dev), security (Sec) and operations (Ops). The main characteristic of DevSecOps is to automate, monitor, and apply security at all phases of the software lifecycle: DevSecOps, testing and security are shifted to the left through automated unit, functional, integration, and security testing - this is a key DevSecOps differentiator since security and functional capabilities continuous monitoring approach in parallel instead of waiting to apply each skill set sequentially.  Security risks of the underlying infrastructure must be measured and quantified, so that the total risks

Installations  Route Adds – requires heightened security access  Database Data Script Execution  Load Balancer Node Disablement  OS and Security Patching  Requesting access to technology specific

automate tests to validate the “-ilities” that are important (availability, capacity, security, etc.) ii. Incorporate security hardening testing and evaluation m. PULL OUR ANDON CORD WHEN THE DEPLOYMENT PIPELINE

AWS he was the CIO of US Citizenship and Immigration Service (part of the Department of Homeland Security), CIO of Intrax, and CEO of Auctiva. He has an MBA from Wharton, a BS in Computer Science from

AWS he was the CIO of US Citizenship and Immigration Service (part of the Department of Homeland Security), CIO of Intrax, and CEO of Auctiva. He has an MBA from Wharton, a BS in Computer Science from