Description
Software development today cannot be “business as usual”. Customers, users and management are demanding, even expecting, faster product-to-market delivery of new technologies, services and products. To seize this initiative, business owners, developers, operations personnel, quality assurance testers, security specialists, suppliers and marketers need to work closely in a collaborative manner to deliver software in a continuous manner that puts your business ahead of the competition. This is DevOps. It is not always easy to understand or apply. It is all about continuous development, testing, deployment, monitoring, feedback, vulnerability scanning and auditing!
Auditors need to know how to audit in the continuous process, where to find the risks, how to get to them, what to do and where to focus once you are there. This course is designed to eliminate the complicated clutter, identify what auditors and developers can do to help achieve success, and provide a risk-based approach to auditing both dynamically and knowledgeably as a contributor and not a distractor.
Prerequisite: Intermediate IT Audit School (ITG241 ), Auditing Business Application Systems (ITG103) , Auditing Agile and Scrum Development Projects (ITG213) or equivalent experience.
Advance Preparation: None
Learning Level: Intermediate
Field: Auditing
Delivery Method: Group-Live
What you will learn
You will learn about the DevOps lifecycle, the top myths about it, key problems and controls, how to assess interfaces, change management implications and how to prepare an effective audit program.
Objectives:
- Learn how DevOps evolved from Waterfall to Agile to Scrum to DevOps
- Learn what DevOps is
- Explore what works and does not work in DevOps
- Determine how to do RISK-BASED Auditing of DevOps
- Understand TRIGGER-based DevOps auditing, and what TRIGGERS point you toward the areas of greatest risk and concern
- Getting proactively involved at just the right time
- Furthering the benefits of Application Internal Controls
- What to Audit BEFORE taking on DevOps
- Auditing DevOps Project Management
- Auditing DevOps Projects
- Auditing DevOps Iterations
- Automated Ways to Go
- Metrics That Highlight Problems Quickly
- Containers and Container Security
- The NEW Tool of DevSecOps
- Working DevOps During Covid-19
- How to Communicate Concerns Immediately