Securing DevOps is the approach of embedding information security into a DevOps style of a software engineering, so making DevOps secure by design. For example with continuous training of developers, inventory analysis and monitoring of reusable code, static and dynamic scans of code, etc.

SecDevOps vs DevSecOps

Adopting DevOps to SecOps is the approach of implementing DevOps concept into Security Operations, so employing a DevOps principle to perform routine security processes, generally with the use of a cloud. For example: Identity as a Service (IDaaS) from external provider instead of full Identity and Access Management (IAM) on premises, or cloud based SIEM from 3rd party rather than in-house, full scale security log monitoring.

Information Security with Kali Linux

Risk control of fileless malware

Fileless malware can create “the uncertainty” that falls outside of established set of security controls. The potential threat of a fileless attack raises the risk to IT operations beyond level acceptable for most organisations. By challenging traditional security products, fileless malware can be classified as an emerging threat, with potentially significant negative consequences, and for which immediate countermeasure may not be available.

GDPR in 3 steps with risk frameworks

Although EU GDPR adopts “risk-based compliance” (high/risk/low) and encourages formal risk analysis, it does not mention how organisations should evaluate, assess and measure the risk. Suggested concept of “privacy by design” by GDPR should be applicable to all new business initiatives and technology developments, but how to evaluate existing processes and environments?

Phishing techniques

The most widely used social engineering techniques by threat actors according to recent reports are: reported public credential leaks, phishing kits based on HTML/PHP source code or .htaccess files and keyloggers.