Will on 15 Nov 2018 22:16:10 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] DevOps practices/framework


JP,

We'll have a talk when I can get some time. I can road map what devops can and should be for company guide lines. What I'm seeing in my progress is where the lines should be drawn between what organizations for devops and a better idea of responsibilities within the sub groups. 

-Will

On Thu, Nov 15, 2018, 21:36 KP <kperry@daotechnologies.com wrote:
I was going to ask about context but from a security point of view I do tend to align with NIST. For example when talking about encryption standards for data at rest, I'll talk about FIPS compliance instead of the specific algorithms, MACs, etc.



On November 15, 2018 9:25:45 PM EST, Chad Waters <chad@chadwaters.com> wrote:
DevOps isnt my focus, but there maybe some relevant security guidelines here. I see one on container security:

https://www.nist.gov/itl/nist-special-publication-800-series-general-information

On Thu, Nov 15, 2018, 8:54 PM JP Vossen <jp@jpsdomain.org wrote:
I've been asked at $WORK to see if there is some kind of best
practices/framework/standard thing we can align to so we can be Big
Company Buzzword Compliant.  I'm aware of these so far but I have not
yet read them in depth:
•       https://www.nist.gov/cyberframework
•       https://en.wikipedia.org/wiki/ITIL
•       https://en.wikipedia.org/wiki/ISO/IEC_20000

We call our team "DevOps" but don't let that fool you, we have that name
because we do some "dev" stuff (systems integration, "glue" code, etc.)
and a lot of "ops" stuff (build-out, sysadmin, H/W & S/W maint., etc.).
A "scrum" is a fight you get into when playing sportsball, being "agile"
is not getting hit in the scrum, CI is "continuous improvement" (of
business processes), and asking for a "pull request" would probably
result in a visit from HR.  We do use Git, except when we use
Subversion.  And we're doing more and more in Ansible, which makes me
very happy.  So we're kind of pretend devops.  :-)

With that context, can anyone suggest any other buzzword compliance
checklists I should look at?

TIA,
JP
--  -------------------------------------------------------------------
JP Vossen, CISSP | http://www.jpsdomain.org/ | http://bashcookbook.com/
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

--
Sent from my Android device with K-9 Mail.
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug