As we move towards architectures designed to cope with changing requirements, and eternal services that go live and iterate, how can we manage change in a secure way? How can we possibly build secure systems in this environment? If you work in a governmental or regulated industry, then you’ll already be familiar with the hollow promises of accreditation. That’s commonly the thing left until the end, about the same time as the testing, and gives rise to the concept that security is the team that just says No. What if it could be different? What if a service could be continually accredited, continually tested against a baseline of security tests, and that the team was able to own and manage the risk register?
In this lesson, Michael Brunton-Spall walks through how government is changing its approach to accreditation, to building secure services. He covers things from continuous security testing through to living risk registers, team threat assessments, and security embracing the entire service design. This clip comes from the 2015 Velocity conference in Amsterdam.
- Title: Agile Security
- Release date: April 2018
- Publisher(s): O'Reilly Media, Inc.
- ISBN: 9781492037682
You might also like
O'Reilly Software Architecture Conference 2020 - New York, NY
O’Reilly Media’s Software Architecture Conference (SACON) New York 2020 was Maggie Carrol’s (MAG Aerospace) compelling examination …
Software Architecture Superstream Series: Software Architecture Fundamentals
This three-part series of half-day online events, hosted by chair Neal Ford, focuses on the hottest …
Agile for Everybody—The Essentials of Agile and Lean
These days, every company wants to be Agile or do Agile. But what exactly does Agile …
Fundamentals of Software Architecture
Salary surveys worldwide regularly place software architect in the top 10 best jobs, yet no real …