Introduction au DevSecOps 2/2

Questions and Answers

Parmi les propositions suivantes, laquelle correspond à un des principes du DevSecOps ?

Approche lente mais efficace

Shift Left (correct)

Focus sur les produits

Alignement organisationnel

Quel est le bénéfice de la modélisation des menaces?

Faster response to security incidents

Improved security posture (correct)

Automated deployment and management of infrastructure

Integration with security tools and systems

Quel est l'exemple de sécurité d'orchestration?

Version control and tracking of changes

Consistent application of infrastructure configuration across the organization

Identifying potential attack vectors

Automated workflows for incident response (correct)

Quel est le bénéfice de la version control et du suivi des modifications?

Version control and tracking of changes

Quel est le principal objectif de la modèle de menace?

Identifying and assessing potential security threats to an application or system

Study Notes

Security Automation

• Automating security tasks and processes to reduce manual effort and increase efficiency
• Examples:
  • Automated vulnerability scanning and patching
  • Automated compliance reporting
  • Automated security testing and validation
• Benefits:
  • Faster response to security threats
  • Improved accuracy and consistency
  • Reduced risk of human error

Compliance As Code

• Defining and managing compliance requirements as code
• Storing compliance policies and procedures in a version control system (e.g. Git)
• Benefits:
  • Version control and tracking of changes
  • Automated compliance testing and validation
  • Consistent application of compliance policies across the organization

Infrastructure As Code

• Defining and managing infrastructure configuration as code
• Storing infrastructure configuration in a version control system (e.g. Git)
• Benefits:
  • Version control and tracking of changes
  • Automated deployment and management of infrastructure
  • Consistent application of infrastructure configuration across the organization

Security Orchestration

• Automating and coordinating security incident response and remediation
• Examples:
  • Automated workflows for incident response
  • Integration with security tools and systems
  • Automated reporting and notification
• Benefits:
  • Faster response to security incidents
  • Improved coordination and communication among teams
  • Reduced mean time to detect (MTTD) and mean time to respond (MTTR)

Threat Modeling

• Identifying and assessing potential security threats to an application or system
• Examples:
  • Identifying potential attack vectors
  • Assessing the likelihood and impact of threats
  • Prioritizing security efforts based on threat risk
• Benefits:
  • Improved security posture
  • Reduced risk of security breaches
  • Proactive security efforts rather than reactive