December 2020
Intermediate to advanced
90 pages
2h 14m
English
Content preview from Security Chaos Engineering
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Chapter 3. SCE versus Security Theater—Getting Drama out of Security
No one disputes that the security of our data and systems is important. So why are security goals often rendered secondary to other goals? Traditional security programs commonly add friction to work being conducted (beyond just software development!), requiring organizational users to jump through extra hoops to achieve their goals. Security thereby serves as a gatekeeper—whether requiring user interaction with security tools for account access or making their rubber stamp essential in approving software releases. Of course, businesses need to make money, so anything standing in the way of making widgets or delivering services to customers is, quite understandably, placed at a lower priority.
The solution seems simple—just ensure security programs are enabling the business rather than slowing it down! But, as with many things in life and in technology operations, it’s far easier said than done. Some compliance requirements, such as access controls stipulated by the Payment Card Industry Data Security Standard (PCI DSS) and the Health Insurance Portability and Accountability Act (HIPAA), are nonnegotiable if an organization wants to avoid fines and reputational damage. There can be ethical judgments—like preserving privacy over monetizing as much user data as can be collected—that are also irreconcilable. However, the constraints espoused as valuable by traditional security programs are often artificial in nature—a ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.