Enabling Security Governance and Compliance in DevSecOps

This course will teach you the importance of strong Security Governance and Compliance. Learn to leverage DevSecOps pipelines for automatic compliance using “Compliance as Code," a critical part of modern cloud strategy to demonstrate Governance.
Course info
Level
Intermediate
Updated
Apr 9, 2021
Duration
1h 37m
Table of contents
Description
Course info
Level
Intermediate
Updated
Apr 9, 2021
Duration
1h 37m
Description

In an ever-changing world security is key. Cloud environments present interesting challenges when it comes to building a strong security infrastructure. In this course, Enabling Security Governance and Compliance in DevSecOps, you’ll learn to how to achieve strong security governance and compliance using DevSecOps. First, you’ll explore why strong governance is essential for all modern environments, in particular cloud environments. Next, you’ll discover the distinction between governance and compliance, and why you need both to be successful. Then, you’ll learn how to utilize you existing DevSecOps pipelines to enable strong governance and compliance practices. Finally, you’ll learn how you can achieve automated security compliance using “Security as Code” in your pipelines. When you’re finished with this course, you’ll have the skills and knowledge of Security Governance and Compliance needed to demonstrate how your DevSecOps pipeline can support this critical requirement.

About the author
About the author

Richard has worked for over 20 years in various technology management roles working in card payments and regulated financial sectors. He spent several years deploying niche payment card solutions in Europe and more recently as CIO, serving the US mortgage sector. Richard specializes in IT Risk and Information Security management.

More from the author
Integrating Incident Response into DevSecOps
Intermediate
1h 47m
Dec 15, 2020
More courses by Richard Harpur
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi, I'm Richard Harpur, and welcome to this Pluralsight course, Enabling Security Governance and Compliance in DevSecOps. Whether you're just starting out with DevOps or have a mature DevSecOps pipeline in your organization, there remains a need to have strong security governance and compliance. In fact, the more freedom we have with cloud environments, the more responsibility we have to adhere to strong governance and compliance practice. This course is designed to give you the necessary skills to enable security governance and compliance in your pipelines. A key part of these pipelines is that developers can retain control and ownership. By incorporating governance and compliance within the pipeline, you will retain that control whilst keeping your GRC, or governance team, happy. After completing this course, you will understand the major approaches to enabling security governance and compliance. In this course, you're going to learn why we need governance and compliance and the difference between the two. You're going to learn what the easy approaches are to get started within your existing pipeline workflow. You're going to learn how best to use these practices to prepare for a security audit, and you'll be introduced to tools that you should consider implementing. I will talk you through the use of AWS Config and Cloud Custodian. You don't need to have completed any other training before you start this course. Now is a great time to learn this skill and mature your DevOps pipelines, so I'm delighted you're going to join me on this course. Let's get started.