December 2020
Intermediate to advanced
90 pages
2h 14m
English
Content preview from Security Chaos Engineering
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
The Case for Security Chaos Engineering
Definition of security chaos engineering: The identification of security control failures through proactive experimentation to build confidence in the system’s ability to defend against malicious conditions in production.1
Information security is broken. Our users and our customers—who make up our world—are entrusting us with more and more of their lives, and we are failing to keep that trust. Year after year, the same sort of attacks are successful, and the impact of those attacks becomes greater. Meanwhile, the security industry keeps chasing after the shiny new tech and maybe incremental improvement in the process.
A fundamental shift in both philosophy and practice is necessary. Information security must embrace the reality that failure will happen. People will click on the wrong thing. Security implications of simple code changes won’t be clear. Mitigations will accidentally be disabled. Things will break.
By accepting this reality, information security can move from trying to build the perfect secure system to continually asking questions like “How will I know this control continues to be effective?”, “What will happen if this mitigation is disabled, and will I be able to see it?”, or “Is my team—including executives making critical decisions—ready to handle this sort of incident tomorrow?”
Hope isn’t a strategy. Likewise, perfection isn’t a plan. The systems we are responsible for are failing as a normal function of how they operate, ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.