Название: Security Chaos Engineering: Sustaining Resilience in Software and Systems (Final) Автор: Kelly Shortridge, Aaron Rinehart Издательство: O’Reilly Media, Inc. Год: 2023 Страниц: 555 Язык: английский Формат: epub (true), mobi Размер: 11.5 MB
Cybersecurity is broken. Year after year, attackers remain unchallenged and undeterred, while engineering teams feel pressure to design, build, and operate "secure" systems. Attacks can't be prevented, mental models of systems are incomplete, and our digital world constantly evolves. How can we verify that our systems behave the way we expect? What can we do to improve our systems' resilience?
In this comprehensive guide, authors Kelly Shortridge and Aaron Rinehart help you navigate the challenges of sustaining resilience in complex software systems by using the principles and practices of security chaos engineering. By preparing for adverse events, you can ensure they don't disrupt your ability to innovate, move quickly, and achieve your engineering and business goals.
This book is an attack on current cybersecurity strategy and execution. To evoke author and activist Jane Jacobs, this attack is on the principles and aims that have shaped traditional cybersecurity strategy and execution, not quibbles about specific methods or design patterns. We call this transformation “Security Chaos Engineering,” the subject of this tome.
“Resilience is the intrinsic ability of a system to adjust its functioning prior to, during, or following changes and disturbances, so that it can sustain required operations under both expected and unexpected conditions.“ Why talk about resilience for systems security? Why not just talk about security? Resilience is about ensuring systems can operate successfully now and into the future despite the dangers lurking in our digital world. It isn’t just about checking a box that affirms you’ve achieved some arbitrary property that’s deemed “secure” by some regulator or standards body for an individual machine. Resilience is about how all the machines and humans interact towards a common goal and how they respond to disruption. From a security perspective, you must understand security stuff to properly protect things. From a resilience perspective, you can’t protect a system if you don’t understand it.
Learn how to design a modern security program Make informed decisions at each phase of software delivery to nurture resilience to attack Understand the complex systems dynamics upon which security outcomes depend Navigate technical and organizational trade-offs that distort defensive decision-making Explore chaos experimentation to verify critical assumptions about systems security Learn how major enterprises leverage security chaos engineering