11 Assessing risks
This chapter covers
-
An introduction to risk management
-
Categorizing information into confidentiality, integrity, and availability requirements
-
Threat modeling with the STRIDE and DREAD frameworks
-
Using rapid risk assessment to integrate reviews in the DevOps process
-
Recording and tracking risks in the organization
At the start of the book, you secured a single, small invoicer service hosted in a basic AWS environment. Yet, it took the better part of 10 chapters to cover all the controls necessary to properly secure that one service.
Organizations don’t stay small; they grow, and as they do, security teams must audit more deployment pipelines, implement more controls in more services, and perform more incident response. ...
Get Securing DevOps now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
