我们管理合规的方式是错误的……而且正在改变！将 DevOps 原则引入控制和审计.pdf

《我们管理合规的方式是错误的……而且正在改变！将 DevOps 原则引入控制和审计.pdf》由会员分享，可在线阅读，更多相关《我们管理合规的方式是错误的……而且正在改变！将 DevOps 原则引入控制和审计.pdf（26页珍藏版）》请在三个皮匠报告上搜索。

1、Bringing DevOps Principles to Controls and AuditIan MiellConsulting Partner,Container Solutionsian.miellcontainer-The Way We Manage Compliance Is Wrong And Is Changing!1.Whats wrong with compliance management today2.What were doing about it3.Where were going with itian.miellcontainer-Who Am I?Consul

2、ting Partner at Container SolutionsEngineer and architect by backgroundBlogger:https:/Author/OReilly Trainer:Docker in PracticeLearn Git/Bash/Terraform the Hard WayGit,Bash,software architecture courses1.Whats Wrong With Compliance and Audit Today?ian.miellcontainer-What Happens NowControlsPreventiv

3、eReactiveDirectiveDeterrentCompensatingDetectiveAuditsian.miellcontainer-Audits I ManualManualWe use:confluence pagesemailed spreadsheetsscreenshotspdfsto track state against specific controlsian.miellcontainer-Audits II PeriodicPeriodicAudits happen every n monthsie they are point-in-time,not conti

4、nuousian.miellcontainer-Audits III Process FocussedProcess-focussedAudits focus on documentation of process,rather than working processesEvidence of process documentation is also manually-taken and periodicEffectiveness of processes not measured!ian.miellcontainer-Audits IV BespokeBespoke,not Standa

5、rdisedThere are many different related audit/sec systemsEveryone manages their management differentlyNot centralisedNot interoperable/not standardisedian.miellcontainer-Why Is It Like This?ian.miellcontainer-Why Does This Matter Now?2.What Were Doing About Itian.miellcontainer-Continuous Compliance

6、Framework-CCFian.miellcontainer-CCF-Findings/Dashboardsian.miellcontainer-CCF-Subjectsian.miellcontainer-CCF-Catalogsian.miellcontainer-How and Why We Got Hereian.miellcontainer-ArchitectureAgent-basedPlugin/policy separationOCI registry fo