Visible Ops Security addresses the people side of IT, empowering security to work with operations teams to achieve closely aligned objectives and with development and release teams to integrate security requirements into pre-production work.
The Visible Ops Security methodology helps IT organizations move beyond a focus on technology to address the core operational aspects of security. It promotes effective teamwork, which helps security professionals ensure that security is built into key development and production processes.
Who should read it?
Visible Ops Security guides information security professionals in strengthening relationships with IT operations and development groups to advance IT objectives and business goals. This book provides all security and IT operations professionals a solid approach to meeting security goals by working with and through other functional groups within IT.
When information security sufficiently integrates into IT operations, both groups can better manage risks, and meet operational commitments.
Phase 1 – Stabilize the patient and get plugged into production
Integrate information security into daily IT operations to more effectively manage both information security and operational risks. Both groups will stop undoing each other’s work.
Phase 2 – Find business risk and fix fragile artifacts
Identify the greatest business risks, discover critical IT functionality, and ensure controls are adequate.
Phase 3 – Implement development and release controls
Move upstream in the software lifecycle to get security involved in development, project management, and release management functions
Phase 4 – Enable continual improvement
For each phase and task, implement metrics that help assess the short-term progress and long-term health of the various processes and controls.