The CISO is responsible for ensuring that the organization and its customers' data remain secure, and that the organization remains compliant with applicable security legislation.
As CISO, I need to be able to ensure that everything that we produce, conforms to our security policy. I need to maintain a culture of personal accountability for security, across the organization. I must be sure that we have the ability to recover rapidly from a disaster scenario such as the loss of a data center. I need to be informed immediately of any intrusions into our systems and must be able to implement an effective incident response in a timely manner. I need the ability to maintain audit trails of all activity across sensitive areas of the system and to be able to preserve forensic records to support potential legal action.
Value Add from Continuous Delivery
- Ability to shift-left on security, embedding security concerns into design, implementation and testing phases
- Ability to automate security compliance testing and apply it to every build
- Ability to react to Zero Day issues and release patches in hours
- Ability to monitor asset security quality on an ongoing basis
- Ability to apply security policy to all build and release activities consistently
- Ability to audit and monitor all release activity
- Leverage the automated CI/CD process to rebuild rapidly following a disaster