DigeeBooks

Information security is broken. Year after year, attackers remain unchallenged and undeterred, while engineering teams feel mounting pressure to design, build, and operate secure systems. Attacks can't be prevented, mental models of systems are incomplete, and our digital world constantly evolves. How can we verify that our systems behave the way we expect? What can we do to improve our systems' resilience?In this pragmatic and comprehensive guide, authors Kelly Shortridge and Aaron Rinehart help you navigate the challenges of securing complex software systems. Using the principles and practices of security chaos engineering, they explore how you can cultivate resilience across the software delivery lifecycle. Attackers and systems will change, but by preparing for adverse events you can ensure it does not disrupt your ability to innovate, move quickly, and achieve your engineering and business goals.You will: Learn how to design a modern security program aligned to business and engineering goals Make informed decisions at each phase of software delivery to nurture resilience to attack Understand the complex systems dynamics upon which security outcomes depend Navigate technical and organizational trade-offs that distort defensive decision making Explore chaos experimentation as a tool for verifying critical assumptions about systems security and the ROI of security investments Peek behind the scenes of major enterprises that leverage security chaos engineering and learn from their practices

In "Security Chaos Engineering: Sustaining Resilience in Software and Systems", Kelly Shortridge presents a comprehensive guide to adopting chaos engineering practices for enhanced security resilience. This book is essential reading for security and reliability professionals seeking to proactively identify and mitigate vulnerabilities in their systems.

Shortridge begins by establishing the importance of chaos engineering in today's rapidly evolving software landscape. She emphasizes the need for continuous testing and experimentation to uncover hidden vulnerabilities and ensure systems can withstand unexpected disruptions.

The book delves into key concepts and principles of chaos engineering, providing a solid foundation for readers to understand and implement these practices. Shortridge covers topics such as fault injection, blast radius analysis, and game days, offering practical guidance on how to conduct effective chaos engineering experiments.

A significant focus of the book is on applying chaos engineering specifically to security. Shortridge explores techniques for uncovering vulnerabilities in authentication and authorization mechanisms, access control configurations, and data protection measures. She also provides insights into integrating chaos engineering with security testing and incident response processes.

Throughout the book, Shortridge emphasizes the importance of collaboration between security and engineering teams. She advocates for a shared responsibility model where both teams work together to design and implement chaos engineering experiments that align with overall security objectives.

To help readers apply the concepts discussed in the book, Shortridge includes real-world case studies and examples. These case studies showcase how organizations have successfully adopted chaos engineering to improve their security posture and resilience.

Overall, "Security Chaos Engineering: Sustaining Resilience in Software and Systems" is a valuable resource for security professionals seeking to enhance the resilience of their systems. Shortridge's expertise and practical insights make this book an essential guide for anyone looking to integrate chaos engineering into their security practices.