My notes from the DevOps Handbook

by Gene Kim, Jez Humble, Patrick Debois, John Willis

66. Integrate information security into production telemetry

Internal security controls are often ineffective because of blind spots in our monitoring or because no one in our organization is examining the relevant telemetry in their daily work.

Deploy the monitoring, logging, and alerting required to fulfill our information security objectives throughout our applications and environments, as well as ensure that it is adequately centralized to facilitate easy and meaningful analysis and response.

Integrate our security telemetry into the same tools that Development, QA, and Operations are using,

Creating security telemetry in our applications

Detect problematic user behavior with relevant telemetry in our applications.

Creating security telemetry in our environment

Create sufficient telemetry in our environments so that we can detect early indicators of unauthorized access,

Monitor and alert on these items:

Protect our deployment pipeline

Mitigate the attack vectors on our deployment pipeline. our mitigation strategies may include: