ITG216: DevOps, DevSecOps, and Audit

Overview

More and more today, companies are deciding to undertake the journey to employ Development Security Operations (DevSecOps) as an evolutionary extension of the Agile principles. Change management processes are continuous and largely automated in a DevSecOps environment, which can be challenging for Internal Audit teams, as they must shift their mindsets about IT risks and the controls in place to mitigate them.
DevSecOps is a software development and delivery approach that emphasizes communication and collaboration between development, security, and IT operations, building on Agile and Lean thinking to provide technology faster, with greater stability, quality, scalability, and security. DevSecOps encompasses many teams involved in the software development and delivery process. The “Dev” side incorporates developers, front-end designers, and quality assurance. The “Ops” area brings in system administrators and support teams responsible for the product after it’s been moved to production. The “Sec” area covers all the cybersecurity professionals responsible for system control, compliance, and secure applications.
In a DevSecOps centric organization, tools are used to automate historically manual tasks, such as code quality checks, execution of test scripts, and deployments. These factors raise some questions about the efficacy of traditional change management controls in the environment, especially Separation of Duties (SoD).
Automation does not have to mean that humans are left out of the process. Manual decisions still need to be made to tell the automated tools how to perform. These human-centric aspects of the process should also be considered in the risk-management approach.
All these challenges and more need to be identified, discussed, and put into perspective as organizations seek to make the transition towards a DevSecOps methodology. The benefits can be numerous, but the risks are plentiful, and the decisions your customers make are the difference between successful implementation and failure.                                                                                    In this course, we will delve into the DevSecOps methodology, assessing how and where auditors can find their footing. We will cover best practices that need to be on the forefront of business leaders’ minds as a DevSecOps culture is adopted, identifying key shifts in mindset that must occur for a seamless transition from manual transactions to automated process flows. Finally, with a forward-thinking approach, we will address how organizational teams can work together in a DevSecOps environment, prioritizing tools and resources that will facilitate meaningful collaboration.

Learning Options

Below are the available learning options for this course:

AuditProTV

Online On-Demand

This course is available through AuditProTV — a subscription-based, on-demand learning platform. As a subscriber, you will have access to an ‘all you can watch’ library of courses that are built in alignment with the National Association of State Boards of Accountancy (NASBA) standards.

Learn More & Subscribe

Enterprise Solutions

Tailored Experience

Bring this course to your organization at your convenience. ACI Learning can deliver this instructor-led course for your team at a chosen location or virtually. Alternatively, choose the topic(s) you need and ACI will craft a training solution to keep your team future-proof.

Customize Your Training

NASBA Certified CPE

16 Credits

Auditing

Learning Options

Below are the available learning options for this course:

AuditProTV

Online On-Demand

This course is available through AuditProTV — a subscription-based, on-demand learning platform. As a subscriber, you will have access to an ‘all you can watch’ library of courses that are built in alignment with the National Association of State Boards of Accountancy (NASBA) standards.

Learn More & Subscribe

Enterprise Solutions

Tailored Experience

Bring this course to your organization at your convenience. ACI Learning can deliver this instructor-led course for your team at a chosen location or virtually. Alternatively, choose the topic(s) you need and ACI will craft a training solution to keep your team future-proof.

Customize Your Training