I'm coming from the dark side, compliance, and am looking to gain better knowledge on DevOps & how to implement SOX controls on these processes. I'm hoping to build a good knowledge base in order to be able to recommend controls that will provide good assurance to the auditors while minimizing the impact on the actual operations. Also, so that when I meet with our internal DevOps teams, I can speak knowledgably on this.
我通過ISACA白皮書和其他各種來源做了一些研究:
- https://www.oreilly.com/learning/compliance-as-code
- https:/ /www.oreilly.com/webops-perf/free/devopssec.csp?intcmp=il-webops-free-product-na_new_site_compliance_as_code_text_cta
- https://www.contino.io /見解/為什麽-devsecops-是-AN-審計員-最好的朋友
- https://start.jcolemorrison.com/
對於構建DevOps工作流程控制框架的資源,您有任何其他建議嗎?或者只是DevOps?
