دانلود کتاب The DevSecOps Playbook: Deliver Continuous Security at Speed

فهرست مطالب :

Cover Page
Title Page
Copyright Page
Contents
Foreword
Introduction
Who Should Read This Book?
Who This Book Is Not For
How This Book Is Organized
Conventions Used in This Book
Chapter 1 Introducing DevSecOps
Why DevSecOps? Why Now?
DevOps Overview
Brief History of DevOps
The Three Ways of DevOps
The Five Ideals
The CALMS Framework
DevOps as an Anti-Pattern
Agile and DevOps
DevOps and ITSM
DevSecOps Overview
Rugged DevOps Overview
DevSecOps Business Results
Conclusion
Chapter 2 The Evolution of Cybersecurity (from Perimeter to Zero Trust)
The Evolution of the Threat Landscape
Evolution of Infrastructure
The Evolution of Application Delivery
The Evolution of the Threat Landscape
The Evolution of Cybersecurity Response
Defense in Depth
Zero Trust
Shift Left
Conclusion
Chapter 3 DevSecOps People
Introduction
Collaboration at the Core
DevSecOps Culture
Trust
Transparency
The Shared Responsibility Model
Ownership
Accountability
The Role of the Security Team
Psychological Safety
Empowerment
Learning Culture
Organizing for DevSecOps
Building a DevSecOps Culture
Security Champions
Internal Bug Bounties
The Evolution of the Employee (T-Shaped People)
Hiring for DevSecOps
Key Characteristics
Diversity, Equity, and Inclusion
Conclusion
Chapter 4 DevSecOps Process
Introduction
Understanding Processes at Scale
DevSecOps for IT Service Management
Security Incident Management
Change Management
Adaptive Change Management
Problem Management
The Problem Manager Role
Blameless Postmortems
Release Management
A DevOps Approach to Security Processes
Tabletop Exercises
Attack Simulation: Red Team, Blue Team, Purple Team
Chaos Engineering
Conclusion
Chapter 5 DevSecOps Technology
Introduction
DevSecOps Continuous Integration and Continuous Deployment
The Commit Stage
The Build Stage
The Test Stage
The Deploy Stage
IDE Integration
Infrastructure as Code
Secrets Management
Privileged Access Management
Runtime Application Self-Protection
Monitoring and Observability
Monitoring
Observability
Data Silos
Event Management with SIEM and SOAR
Conclusion
Chapter 6 DevSecOps Governance
Introduction
The Challenge of Compliance
The History of Compliance
The Burden of Compliance
Managing Risk
Risk as a Feature
Risk Management and Controls
DevSecOps Approach to Governance
Compliance as Code
Build-Time Compliance as Code
Inserting Compliance into the Pipeline
Compliance Automation
Runtime Compliance as Code
Compliance as Code for Auditing
A Note of Caution on Compliance
Compliance Foundations
Identity and Access Management
Change Management
Conclusion
Chapter 7 Driving Transformation in Enterprise Environments
Introduction
The Challenge of Cultural Transformation
Resistance to Change
Transforming while Delivering
Transformational Leadership
The Keys to a Successful Transformation
Begin with the End in Mind
Start Small and Find Early Wins
Focus on the Cultural Transformation
Measure Progress
Leverage Outside Help (As Appropriate)
Build a Communications Campaign
Transformation Challenges
Cultural Inertia
Lack of Leadership Support
Lack of Contributor Buy-In
Lack of Sustained Support
Doing Too Much at Once
Failure to Communicate Value
Conclusion
Chapter 8 Measuring DevSecOps
Introduction
Any Metric Can Be Manipulated
Start Small and Iterate
Keys to a Successful Metrics Program
Operational Metrics
Number of Incidents
Vulnerabilities by Service Level Objective
Mean Time to x
Reliability
Board-Level Metrics
Measuring Risk
Risk Work
Spend
Detected Intrusion Attempts
Attack Surface
Performance vs. Peers
Measuring Transformation
Transformational Results
Transformational Competencies
Capability Models
Conclusion
Chapter 9 Conclusion
Introduction
People, Process, and Technology
Collaboration Is at the Core
Making Security Part of How You Work
Where to Start
Begin with the End in Mind
Start Small and Find Early Wins
The Future of DevSecOps
Artificial Intelligence
Experience Management
Product Thinking
Conclusion
Acknowledgments
About the Author
Index
EULA