Professional Documents
Culture Documents
1
1
PLATFORM INFORMATION & QUICK TIPS
• Use the HELP icon at the bottom for FAQ’s and system requirements.
2
CPE CREDIT PROCESS
LIVE EVENT & ON DEMAND RECORDING
• You must view the live or recorded webinar for the required amount of time
(50-minutes). Check the CPE Credit window to view the timer.
• Your CPE Certificate will automatically appear in the ISACA CPE RECORDS
tab on the MyISACA page after completing the required viewing time.
• Please be patient. This process could take up to 48 hours for your CPE Certificate
and the CPE credit to be applied to your account.
• As a reminder, ALL ISACA webinars, the CPE credits and CPE certificates expire
365 DAYS POST LIVE EVENT. Please make sure you save the appropriate
documents to your personal records.
3
TODAY’S SPEAKER
4
OVERVIEW
5
Ethnographic Research
• It’s when a sociologist becomes a part of the group they are studying in order to
collect data and understand a social phenomenon or problem
• Huge opportunity for us as security and audit professionals to do the same with
the DevOps culture shift
6
DevOps is About Culture
• Development
• Operations
• Same finger pointing can occur between DevOps and Security & Compliance
today
7
The DevOps Ethos
8
DevOps – Speak the Language
9
Compliance Maturity Model
Optimized Initial
► No dedicated compliance team
► Company culture supports continuous compliance ► No formal processes in place
► Comprehensive processes are risk based and quantified ► No controls exist
► Controls widely implemented, automated, continuous
Managed Repeatable
► Compliance team w/ defined roles and responsibilities ► Dedicated compliance team member(s)
► Formal verification and measurement processes ► Basic governance and risk management processes
► Controls monitored and measured, w/ limited automation ► Limited number of controls in place and documented
10
POLLING QUESTION #1
11
Compliance by Design - OVERVIEW
12
Compliance by Design
Automate Define
Automate repeatable processes Know your requirements
Assess Build
13
Compliance by Design - Define
14
Compliance by Design - Build
16
Compliance by Design - Automate
18
Case Study – Cloud Engineering
19
Case Study - Define
20
Case Study - Build
21
Case Study - Assess
22
Case Study - Automate
23
POLLING QUESTION #3
24
Adopt and Evangelize
25
Q&A
26
THANK YOU FOR ATTENDING