2 cissp ® Official Study Guide Eighth Edition

Download 19,3 Mb.

Pdf ko'rish

bet	826/881
Sana	08.04.2023
Hajmi	19,3 Mb.
	#925879

1 ... 822 823 824 825 826 827 828 829 ... 881

Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Configuration Control
The configuration control process ensures that changes to soft-
ware versions are made in accordance with the change control and configuration manage-
ment policies. Updates can be made only from authorized distributions in accordance with
those policies.
Configuration Status Accounting
Formalized procedures are used to keep track of all
authorized changes that take place.
Configuration Audit
A periodic configuration audit should be conducted to ensure that
the actual production environment is consistent with the accounting records and that no
unauthorized configuration changes have taken place.
Together, change and configuration management techniques form an important part
of the software engineer’s arsenal and protect the organization from development-related
security issues.
The DevOps Approach
Recently, many technology professionals recognized a disconnect between the major IT
functions of software development, quality assurance, and technology operations. These
functions, typically staffed with very different types of individuals and located in separate
organizational silos, often conflicted with each other. This conflict resulted in lengthy
delays in creating code, testing it, and deploying it onto production systems. When prob-
lems arose, instead of working together to cooperatively solve the issue, teams often “threw
problems over the fence” at each other, resulting in bureaucratic back-and-forth.
The DevOps approach seeks to resolve these issues by bringing the three functions
together in a single operational model. The word
DevOps
is a combination of Development
and Operations, symbolizing that these functions must merge and cooperate to meet busi-
ness requirements. The model in Figure 20.6 illustrates the overlapping nature of software
development, quality assurance, and IT operations.

890
Chapter 20
■
Software Development Security
F I g u r e 2 0 . 6
The DevOps model
Software
Development
Operations
Quality
Assurance
The DevOps model is closely aligned with the Agile development approach and aims
to dramatically decrease the time required to develop, test, and deploy software changes.
Although traditional approaches often resulted in major software deployments on a very
infrequent basis, perhaps annually, organizations using the DevOps model often deploy
code several times per day. Some organizations even strive to reach the goal of continuous
deployment, where code may roll out dozens or even hundreds of times per day.
If you’re interested in learning more about DevOps, the authors highly
recommend the book
The Phoenix Project: A Novel About IT, DevOps, and
Helping Your Business Win
by Gene Kim, Kevin Behr, and George Spafford
(IT Revolution Press, 2013). This book presents the case for DevOps and
shares DevOps strategies in an entertaining, engaging novel form.

Download 19,3 Mb.

Do'stlaringiz bilan baham:

1 ... 822 823 824 825 826 827 828 829 ... 881