EnterprisesPartnerships

Individuals

CertificationsCPEs

Products

ITProAuditProPractice Labs & TestsCyberSkillsInsightsPrivate bootcamps
Learning HUBS
  1. <HOME>
  2. Course Catalog>
  3. DevOps, DevSecOps, and Audit - ITG216

DevOps, DevSecOps, and Audit - ITG216

Overview

Organizations are increasingly adopting Development Security Operations (DevSecOps) as an evolutionary extension of Agile principles. 

DevSecOps emphasizes communication and collaboration between development, security, and IT operations, building on Agile and Lean thinking to provide technology faster, with greater stability, quality, scalability, and security. The “Dev” side incorporates developers, front-end designers, and quality assurance. The “Ops” area brings in system administrators and support teams responsible for the product after it’s moved to production. The “Sec” area covers all the cybersecurity professionals responsible for system control, compliance, and secure applications.

This course covers tools used to automate historically manual tasks like code quality checks, execution of test scripts, deployments, and the impact on traditional controls, such as Separation of Duties. It also covers the human-centric aspects of the process and the related risks that should be considered. 

This course examines the DevSecOps methodology, how and where auditors can find their footing, best practices that need to be at the forefront of business leaders’ minds, and the key shifts in mindset that must occur for a seamless transition from manual transactions to automated process flows.

Learning Options

Below are the available learning options for this course:

AuditPro

Online On-Demand

This course is available through AuditPro — a subscription-based, on-demand learning platform. As a subscriber, you will have access to an ‘all you can watch’ library of courses that are built in alignment with the National Association of State Boards of Accountancy (NASBA) standards.

Learn more & subscribe

Enterprise Solutions

Tailored Experience

Bring this course to your organization at your convenience. ACI Learning can deliver this instructor-led course for your team at a chosen location or virtually. Alternatively, choose the topic(s) you need and ACI will craft a training solution to keep your team future-proof.

Customize your training

NASBA Certified CPE

16 Credits

Auditing

Why you should take this course

For users with an introductory knowledge of this topic, and are searching for additional information and its application.

Who should take this course

Internal Auditors seeking to adopt a DevSecOps culture and employ a DevSecOps methodology into current business practices.

Prerequisites

  • Introduction to Information Security
  • or equivalent experience

1.    What is DevOps 

    The 5 Ws and the H

    Plan

    Develop

    Deliver

    Operate


2.    Where do Audit and Risk Fit in?

    Language and culture

    Do risk and DevOps intersect?

    Auditing DevOps

3.    The DevOps process

    Flow

    Feedback

    Continual learning and experimentation


4.    What does a DevOps culture look like?

    Collaboration, visibility and alignment

    Shifts in scope and accountability

    Shorter release cycles

    Continual learning


5.    DevOps practices

    Maturity models overview

    Continual integration and continuous delivery (CI/CD)

    Version control

    Agile software development

    Infrastructure as Code (IaC)

    Configuration management

    Continuous monitoring


6.    DevOps and the Cloud

    Cloud agility

    Kubernetes

    Serverless computing


7.    What is DevSecOps?

    The 5 Ws and the H

    Do risk and DevSecOps intersect?

    Auditing DevSecOps


8.    Best practices for DevSecops

    Shift left

    Security education

    Communication, people, processes and technology

    Traceability, auditability and visibility


9.    Where do we go from here?

    IT audit and DevSecOps

    Tools and Resource


  • Define DevOps and identify the four phases associated with it.
  • Illustrate where and how Audit & Risk fit into DevOps.
  • Explain the components of DevOps Culture.
  • Recognize the scope and impact of Cloud within DevOps.
  • Define DevSecOps and differentiate with DevOps.
  • Outline the DevSecOps practices.
  • Plan a path forward for IT, Audit, and DevSecOps.

ACI Learning is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.nasbaregistry.org.