Case Studies

There is no Security in DevSecOps

Open-CISO

Business Challenge: "No security-visibility in the DevOps-CI/CD Pipeline"

Evaluation Approach:

  • Purpose Built Cyber Awareness
  • Threat Modelling and Integrate Security and Testing (Mandatory)
  • Create Mis-Used cases in the Backlog

Solution:

  • DevOps Team comprises of expert category engineers who can configure automation in the software development and deployment - Most Often with little or no insights into Cybersecurity - Hence the goal is to elucidate the need for a Security Engineer to be an integral part of the Team; the role of who is to ensure Security is embedded right from the design phase.
  • Develop a DevSecOps Framework, Integrate security user stories and Automate testing in the CI/CD pipeline with an in-depth and collective orientation for the team members
  • Model Threats Specific to the Application being developed
    • Identify systems and assets; their corresponding threats in the existing environment; apply legitimate controls based on the Risk appetite and tolerance levels of the governing body.
    • Outline Security requirements in the User Stories
  • Create Mis-Used Cases; write Security Test-Cases and include them in the Backlog
  • Ensure security is built into entire CI/CD Pipeline using automation tools and audit the process from time to time for configuration assurance.

How it addressed the Business Challenge:

If the Security Test Case Fails - Continuous Deployment would fail ensuring security being embedded during the development and deployment phases

Reference: MITRE DevSecOps Automation Briefing

With expanding IoT - Only DevSecOps can ensure Security in Design, Development and Deployment
Cybersecurity is best when seeded into Business Functions. FnCyber assures you Direct and Uncomplicated Cybersecurity Consulting.

Contact Us

Get in Touch

mail
one@fncyber.com
location
2069386 Alberta Inc, 48 Martinbrook Link NE, Calgary, Alberta-T3J 3N9 Canada

Follow us on Social Media

linkedin
@fncyber
twitter
@FnCyberSecurity