InfoQ Homepage Risk Management Content on InfoQ
-
Why Software Engineering Governance Matters: Reducing Risk without Slowing down
Software engineering governance helps teams make decisions, Sarah Wells said at Goto Copenhagen. She argued it should support value delivery, not hinder it. Poor governance slows progress and can increase costs. A technical strategy with a radar can help teams to make better decisions, and aligning with DORA capabilities can boost their performance.
-
Ensuring Security without Harming Software Development Productivity
Security can be at odds with a fast and efficient development process. At QCon San Francisco Dorota Parad presented how to create a foundation for security without negatively impacting engineering productivity. She showed how you can make your security strategy almost invisible to the engineers while embedding it deep into the culture at the same time.
-
AWS Adds Automated Detection of Unused IAM Roles, Users, and Permissions
AWS recently added support for detecting unused access granted to IAM roles and users within their AWS IAM Access Analyzer tool. The new analyzer can identify unused roles, unused IAM user access keys and passwords, and unused permissions within a defined usage window. This analysis can be done across accounts within the organization and be controlled from a delegated administrator account.
-
A Ruthless Approach for Better Security by Identifying Key Risks and Ignoring Others
Risk management techniques can be used to decide which security and privacy aspects are important. You can simplify the risk impact calculations by identifying low, medium and high and critical losses, and by taking likelihoods from the industry to do likelihood calculations. This helps you to identify a few key risks, and ruthlessly ignore the rest.
-
How to Build a Successful Cloud Capability on a Heavily Regulated Organization
Ana Sirvent, AWS practice lead at KPMG UK, shared her experience at QCon London on how to work with public cloud on heavily regulated organizations. Sirvent explained how to build trust with security, compliance, and client risk teams while delivering quickly and leveraging cloud services.
-
How to Test Low Code Applications
For low code applications there are technical things you don’t have to test, like the integration with the database and the syntax of a screen. But you still have to test functionally, to check if you’re building the right thing. End-to-end testing and non-functional testing can be very important for low code applications.
-
How Security by Design Helped to Manage Risks in a Cloud Migration
When a company migrated to the cloud, security issues arose due to difficulties in getting stakeholders on board and involving security from the start. Embedding security assessments as part of the continuous cloud DevOps process and adopting an agile strategy for security risk management throughout the lifecycle of the project helped to increase the governance of security during the migration.
-
Microsoft Releases Azure AD My App and New Risk Detections for Identity Protection into GA
Microsoft recently released a few new Azure Active Directory (AD) features, namely My Apps "collections" and new "risk detections" capabilities, into general availability (GA). With these features, the company intends to simplifying identity and access management while also enhancing the customization and controls.
-
Airbnb: Using Guardrails to Identify Changes with Negative Impact across Teams
Airbnb rolled out an internal Experiment Guardrails system to identify potentially negative impacts of changes across different teams. Whenever a proposed change does not pass any of the guardrails, it is escalated for further analysis by affected teams and stakeholders, explains Airbnb data scientist Tatiana Xifara.
-
DOES London: Mark Schwartz on War & Peace & IT
Mark Schwartz, former CIO and self-described iconoclast, spoke recently at DevOps Enterprise Summit London. Schwartz is the author of three books published by IT Revolution: ‘The Art of Business’, ‘A Seat at the Table’ and ‘War & Peace & IT,’ and is currently an enterprise strategist at Amazon Web Services.
-
XebiaLabs DevOps Platform Provides New Risk and Compliance Capability for Software Releases
XebiaLabs, a provider of DevOps and continuous delivery software tools, has launched new capabilities for custody, security and compliance risk assessment tracking for software releases via their DevOps Platform.
-
Challenges of Moving from Projects to Products
Carmen DeArdo, former DevOps technology director at Nationwide Insurance, and Nicole Bryan, vice-president of product management at Tasktop, recently spoke at the DevOps Enterprise Summit London on the importance of moving from a project-based to a product-based organization.
-
Meeting Regulatory Demands with Agile Software Development
InfoQ interviewed Jan van Moll about regulatory demands for software in healthcare, satisfying these demands with waterfall project or with a mix of waterfall and agile, and introducing agile in an R&D organization that needs to fulfill regulatory demands.
-
Delivering Value on Time by Using #NoEstimates
Vasco Duarte suggests that people should experiment with #NoEstimates to learn and find ways in which it can help them to deliver value on time and under budget. He is writing a book on #NoEstimates in which he explains why estimation does not work and how you can use #NoEstimates to manage projects.
-
Exploring the Causes of Problems with the Analysis of Competing Hypothesis Method
The analysis of competing hypotheses (ACH) method can be used to evaluate multiple competing hypotheses when investigating problems. The method mitigates cognitive biases that humans experience when exploring the causes of problems.