Building Secure and Reliable Systems. Best Practices for Designing, Implementing, and Maintaining Systems
![Język publikacji: angielski Język publikacji: angielski](https://static01.helion.com.pl/global/flagi/1.png)
- Autorzy:
- Heather Adkins, Betsy Beyer, Paul Blankinship
![Building Secure and Reliable Systems. Best Practices for Designing, Implementing, and Maintaining Systems Heather Adkins, Betsy Beyer, Paul Blankinship - okładka ebooka](https://static01.helion.com.pl/global/okladki/326x466/e_1uau.png)
![Building Secure and Reliable Systems. Best Practices for Designing, Implementing, and Maintaining Systems Heather Adkins, Betsy Beyer, Paul Blankinship - tył okładki ebooka](https://static01.helion.com.pl/global/okladki-tyl/326x466/e_1uau.png)
- Ocena:
- Bądź pierwszym, który oceni tę książkę
- Stron:
- 558
- Dostępne formaty:
-
ePubMobi
Opis ebooka: Building Secure and Reliable Systems. Best Practices for Designing, Implementing, and Maintaining Systems
Can a system be considered truly reliable if it isn't fundamentally secure? Or can it be considered secure if it's unreliable? Security is crucial to the design and operation of scalable systems in production, as it plays an important part in product quality, performance, and availability. In this book, experts from Google share best practices to help your organization design scalable and reliable systems that are fundamentally secure.
Two previous O’Reilly books from Google—Site Reliability Engineering and The Site Reliability Workbook—demonstrated how and why a commitment to the entire service lifecycle enables organizations to successfully build, deploy, monitor, and maintain software systems. In this latest guide, the authors offer insights into system design, implementation, and maintenance from practitioners who specialize in security and reliability. They also discuss how building and adopting their recommended best practices requires a culture that’s supportive of such change.
You’ll learn about secure and reliable systems through:
- Design strategies
- Recommendations for coding, testing, and debugging practices
- Strategies to prepare for, respond to, and recover from incidents
- Cultural best practices that help teams across your organization collaborate effectively
Wybrane bestsellery
-
In 2016, Google’s Site Reliability Engineering book ignited an industry discussion on what it means to run production services today—and why reliability considerations are fundamental to service design. Now, Google engineers who worked on that bestseller introduce The Site Reliability...
The Site Reliability Workbook. Practical Ways to Implement SRE The Site Reliability Workbook. Practical Ways to Implement SRE
(149.49 zł najniższa cena z 30 dni)148.98 zł
179.00 zł(-17%) -
Jeśli chcesz zrozumieć filozofię SRE, trzymasz w ręku właściwą, choć nietypową książkę. Jest to zbiór najciekawszych esejów i artykułów autorstwa osób odpowiedzialnych za SRE w Google. Z lektury tych esejów dowiesz się, w jaki sposób zaangażowanie w cały cykl życia oprogramowania umożliwił skutec...
Site Reliability Engineering. Jak Google zarządza systemami producyjnymi Site Reliability Engineering. Jak Google zarządza systemami producyjnymi
Betsy Beyer, Chris Jones, Jennifer Petoff, Niall Richard Murphy
(39.50 zł najniższa cena z 30 dni)39.50 zł
79.00 zł(-50%) -
The overwhelming majority of a software systemâ??s lifespan is spent in use, not in design or implementation. So, why does conventional wisdom insist that software engineers focus primarily on the design and development of large-scale computing systems?In this collection of essays and articl...
Site Reliability Engineering. How Google Runs Production Systems Site Reliability Engineering. How Google Runs Production Systems
(173.33 zł najniższa cena z 30 dni)173.23 zł
219.00 zł(-21%) -
Dzięki tej świetnie napisanej, miejscami przezabawnej książce dowiesz się, na czym naprawdę polega testowanie granic bezpieczeństwa fizycznego. To fascynująca relacja o sposobach wynajdywania niedoskonałości zabezpieczeń, stosowania socjotechnik i wykorzystywania słabych stron ludzkiej natury. Wy...(38.35 zł najniższa cena z 30 dni)
35.40 zł
59.00 zł(-40%) -
Oto przewodnik po inżynierii detekcji, przeznaczony dla inżynierów zabezpieczeń i analityków bezpieczeństwa. Zaprezentowano w nim praktyczną metodologię planowania, budowy i walidacji mechanizmów wykrywania zagrożeń. Opisano zasady pracy z frameworkami służącymi do testowania i uwierzytelniania p...
Inżynieria detekcji cyberzagrożeń w praktyce. Planowanie, tworzenie i walidacja mechanizmów wykrywania zagrożeń Inżynieria detekcji cyberzagrożeń w praktyce. Planowanie, tworzenie i walidacja mechanizmów wykrywania zagrożeń
(53.40 zł najniższa cena z 30 dni)53.40 zł
89.00 zł(-40%) -
Opracowanie odnosi się do kwestii cyberbezpieczeństwa w sferze nie tylko krajowej, ale również międzynarodowej, co pozwala na szersze spojrzenie na przedmiotową problematykę. W związku z tym należy je nie tylko ocenić wysoko, ale też szczególnie podkreślić ten fakt. Umiędzynarodowienie cyberbezpi...
Strategie cyberbezpieczeństwa współczesnego świata Strategie cyberbezpieczeństwa współczesnego świata
(28.11 zł najniższa cena z 30 dni)28.08 zł
39.00 zł(-28%) -
Ta książka jest przewodnikiem dla profesjonalistów do spraw cyberbezpieczeństwa. Przedstawia podstawowe zasady reagowania na incydenty bezpieczeństwa i szczegółowo, na przykładach, omawia proces tworzenia zdolności szybkiej i skutecznej reakcji na takie zdarzenia. Zaprezentowano tu techniki infor...
Informatyka śledcza. Narzędzia i techniki skutecznego reagowania na incydenty bezpieczeństwa. Wydanie III Informatyka śledcza. Narzędzia i techniki skutecznego reagowania na incydenty bezpieczeństwa. Wydanie III
(59.40 zł najniższa cena z 30 dni)59.40 zł
99.00 zł(-40%) -
Dzięki tej książce nauczysz się gromadzić publicznie dostępne informacje, korzystać z wiedzy o cyklu życia wrażliwych danych i przekształcać je w informacje wywiadowcze przydatne dla zespołów zajmujących się bezpieczeństwem. Opanujesz proces gromadzenia i analizy danych, poznasz również strategie...
Prawdziwa głębia OSINT. Odkryj wartość danych Open Source Intelligence Prawdziwa głębia OSINT. Odkryj wartość danych Open Source Intelligence
(59.40 zł najniższa cena z 30 dni)59.40 zł
99.00 zł(-40%) -
Rozwiązanie problemu znajdziesz w tej książce. Została ona napisana specjalnie z myślą o osobach, które administrują małymi sieciami, dysponują niewielkim budżetem i ograniczonym wsparciem profesjonalistów. Dzięki niej zrozumiesz podstawy zabezpieczania łączności sieciowej i poznasz sposoby zabez...
Cyberbezpieczeństwo w małych sieciach. Praktyczny przewodnik dla umiarkowanych paranoików Cyberbezpieczeństwo w małych sieciach. Praktyczny przewodnik dla umiarkowanych paranoików
(40.20 zł najniższa cena z 30 dni)40.20 zł
67.00 zł(-40%) -
Cyberbezpieczeństwo dotyczy dziś każdego. Nowe, zaktualizowane wydanie Cyberbezpieczeństwa dla bystrzaków pomoże Ci chronić osobiste informacje i zabezpieczyć dane biznesowe. Dowiedz się, co się dzieje z plikami, które przechowujesz online. Pracuj bezpiecznie w domu i unikaj dezinformacji. Upewni...(41.40 zł najniższa cena z 30 dni)
41.40 zł
69.00 zł(-40%)
Ebooka "Building Secure and Reliable Systems. Best Practices for Designing, Implementing, and Maintaining Systems" przeczytasz na:
-
czytnikach Inkbook, Kindle, Pocketbook, Onyx Boox i innych
-
systemach Windows, MacOS i innych
-
systemach Windows, Android, iOS, HarmonyOS
-
na dowolnych urządzeniach i aplikacjach obsługujących formaty: PDF, EPub, Mobi
Masz pytania? Zajrzyj do zakładki Pomoc »
Audiobooka "Building Secure and Reliable Systems. Best Practices for Designing, Implementing, and Maintaining Systems" posłuchasz:
-
w aplikacji Ebookpoint na Android, iOS, HarmonyOs
-
na systemach Windows, MacOS i innych
-
na dowolnych urządzeniach i aplikacjach obsługujących format MP3 (pliki spakowane w ZIP)
Masz pytania? Zajrzyj do zakładki Pomoc »
Kurs Video "Building Secure and Reliable Systems. Best Practices for Designing, Implementing, and Maintaining Systems" zobaczysz:
-
w aplikacjach Ebookpoint i Videopoint na Android, iOS, HarmonyOs
-
na systemach Windows, MacOS i innych z dostępem do najnowszej wersji Twojej przeglądarki internetowej
Szczegóły ebooka
- ISBN Ebooka:
- 978-14-920-8307-8, 9781492083078
- Data wydania ebooka:
-
2020-03-16
Data wydania ebooka często jest dniem wprowadzenia tytułu do sprzedaży i może nie być równoznaczna z datą wydania książki papierowej. Dodatkowe informacje możesz znaleźć w darmowym fragmencie. Jeśli masz wątpliwości skontaktuj się z nami sklep@ebookpoint.pl.
- Język publikacji:
- angielski
- Rozmiar pliku ePub:
- 5.3MB
- Rozmiar pliku Mobi:
- 12.4MB
Spis treści ebooka
- Foreword by Royal Hansen
- Foreword by Michael Wildpaner
- Preface
- Why We Wrote This Book
- Who This Book Is For
- A Note About Culture
- How to Read This Book
- Conventions Used in This Book
- OReilly Online Learning
- How to Contact Us
- Acknowledgments
- I. Introductory Material
- 1. The Intersection of Security and Reliability
- On Passwords and Power Drills
- Reliability Versus Security: Design Considerations
- Confidentiality, Integrity, Availability
- Confidentiality
- Integrity
- Availability
- Reliability and Security: Commonalities
- Invisibility
- Assessment
- Simplicity
- Evolution
- Resilience
- From Design to Production
- Investigating Systems and Logging
- Crisis Response
- Recovery
- Conclusion
- 2. Understanding Adversaries
- Attacker Motivations
- Attacker Profiles
- Hobbyists
- Vulnerability Researchers
- Governments and Law Enforcement
- Intelligence gathering
- Military purposes
- Policing domestic activity
- Protecting your systems from nation-state actors
- Activists
- Protecting your systems from hacktivists
- Criminal Actors
- Protecting your systems from criminal actors
- Automation and Artificial Intelligence
- Protecting your systems from automated attacks
- Insiders
- First-party insiders
- Third-party insiders
- Related insiders
- Threat modeling insider risk
- Designing for insider risk
- Attacker Methods
- Threat Intelligence
- Cyber Kill Chains
- Tactics, Techniques, and Procedures
- Risk Assessment Considerations
- Conclusion
- II. Designing Systems
- 3. Case Study: Safe Proxies
- Safe Proxies in Production Environments
- Google Tool Proxy
- Conclusion
- 4. Design Tradeoffs
- Design Objectives and Requirements
- Feature Requirements
- Nonfunctional Requirements
- Features Versus Emergent Properties
- Example: Google Design Document
- Design Objectives and Requirements
- Balancing Requirements
- Example: Payment Processing
- Security and reliability considerations
- Using a third-party service provider to handle sensitive data
- Benefits
- Costs and nontechnical risks
- Reliability risks
- Security risks
- Example: Payment Processing
- Managing Tensions and Aligning Goals
- Example: Microservices and the Google Web Application Framework
- Aligning Emergent-Property Requirements
- Initial Velocity Versus Sustained Velocity
- Conclusion
- 5. Design for Least Privilege
- Concepts and Terminology
- Least Privilege
- Zero Trust Networking
- Zero Touch
- Concepts and Terminology
- Classifying Access Based on Risk
- Best Practices
- Small Functional APIs
- Breakglass
- Auditing
- Collecting good audit logs
- Choosing an auditor
- Testing and Least Privilege
- Testing of least privilege
- Testing with least privilege
- Diagnosing Access Denials
- Graceful Failure and Breakglass Mechanisms
- Worked Example: Configuration Distribution
- POSIX API via OpenSSH
- Software Update API
- Custom OpenSSH ForceCommand
- Custom HTTP Receiver (Sidecar)
- Custom HTTP Receiver (In-Process)
- Tradeoffs
- A Policy Framework for Authentication and Authorization Decisions
- Using Advanced Authorization Controls
- Investing in a Widely Used Authorization Framework
- Avoiding Potential Pitfalls
- Advanced Controls
- Multi-Party Authorization (MPA)
- Three-Factor Authorization (3FA)
- Business Justifications
- Temporary Access
- Proxies
- Tradeoffs and Tensions
- Increased Security Complexity
- Impact on Collaboration and Company Culture
- Quality Data and Systems That Impact Security
- Impact on User Productivity
- Impact on Developer Complexity
- Conclusion
- 6. Design for Understandability
- Why Is Understandability Important?
- System Invariants
- Analyzing Invariants
- Mental Models
- Why Is Understandability Important?
- Designing Understandable Systems
- Complexity Versus Understandability
- Breaking Down Complexity
- Centralized Responsibility for Security and Reliability Requirements
- System Architecture
- Understandable Interface Specifications
- Prefer narrow interfaces that offer less room for interpretation
- Prefer interfaces that enforce a common object model
- Pay attention to idempotent operations
- Understandable Interface Specifications
- Understandable Identities, Authentication, and Access Control
- Identities
- Example: Identity model for the Google production system
- Identities
- Authentication and transport security
- Access control
- Security Boundaries
- Small TCBs and strong security boundaries
- Security boundaries and threat models
- TCBs and understandability
- Software Design
- Using Application Frameworks for Service-Wide Requirements
- Understanding Complex Data Flows
- Considering API Usability
- Example: Secure cryptographic APIs and the Tink crypto framework
- Conclusion
- 7. Design for a Changing Landscape
- Types of Security Changes
- Designing Your Change
- Architecture Decisions to Make Changes Easier
- Keep Dependencies Up to Date and Rebuild Frequently
- Release Frequently Using Automated Testing
- Use Containers
- Use Microservices
- Example: Googles frontend design
- Different Changes: Different Speeds, Different Timelines
- Short-Term Change: Zero-Day Vulnerability
- Example: Shellshock
- Short-Term Change: Zero-Day Vulnerability
- Medium-Term Change: Improvement to Security Posture
- Example: Strong second-factor authentication using FIDO security keys
- Long-Term Change: External Demand
- Example: Increasing HTTPS usage
- Complications: When Plans Change
- Example: Growing ScopeHeartbleed
- Conclusion
- 8. Design for Resilience
- Design Principles for Resilience
- Defense in Depth
- The Trojan Horse
- Threat modeling and vulnerability discovery
- Deployment of the attack
- Execution of the attack
- Compromise
- The Trojan Horse
- Google App Engine Analysis
- Risky APIs
- Runtime layers
- Controlling Degradation
- Differentiate Costs of Failures
- Computing resources
- User experience
- Speed of mitigation
- Differentiate Costs of Failures
- Deploy Response Mechanisms
- Load shedding
- Throttling
- Automated response
- Automate Responsibly
- Failing safe versus failing secure
- A foothold for humans
- Controlling the Blast Radius
- Role Separation
- Location Separation
- Aligning physical and logical architecture
- Isolation of trust
- Limitations of location-based trust
- Isolation of confidentiality
- Time Separation
- Failure Domains and Redundancies
- Failure Domains
- Functional isolation
- Data isolation
- Practical aspects
- Failure Domains
- Component Types
- High-capacity components
- High-availability components
- Low-dependency components
- Controlling Redundancies
- Failover strategies
- Common pitfalls
- Continuous Validation
- Validation Focus Areas
- Validation in Practice
- Inject anticipated changes of behavior
- Exercise emergency components as part of normal workflows
- Split when you cannot mirror traffic
- Oversubscribe but prevent complacency
- Measure key rotation cycles
- Practical Advice: Where to Begin
- Conclusion
- 9. Design for Recovery
- What Are We Recovering From?
- Random Errors
- Accidental Errors
- Software Errors
- Malicious Actions
- What Are We Recovering From?
- Design Principles for Recovery
- Design to Go as Quickly as Possible (Guarded by Policy)
- Limit Your Dependencies on External Notions of Time
- Rollbacks Represent a Tradeoff Between Security and Reliability
- Deny lists
- Minimum Acceptable Security Version Numbers
- Rotating signing keys
- Rolling back firmware and other hardware-centric constraints
- Use an Explicit Revocation Mechanism
- A centralized service to revoke certificates
- Failing open
- Handling emergencies directly
- Removing dependency on accurate notions of time
- Revoking credentials at scale
- Avoiding risky exceptions
- Know Your Intended State, Down to the Bytes
- Host management
- Device firmware
- Global services
- Persistent data
- Design for Testing and Continuous Validation
- Emergency Access
- Access Controls
- Communications
- Responder Habits
- Unexpected Benefits
- Conclusion
- 10. Mitigating Denial-of-Service Attacks
- Strategies for Attack and Defense
- Attackers Strategy
- Defenders Strategy
- Strategies for Attack and Defense
- Designing for Defense
- Defendable Architecture
- Defendable Services
- Mitigating Attacks
- Monitoring and Alerting
- Graceful Degradation
- A DoS Mitigation System
- Strategic Response
- Dealing with Self-Inflicted Attacks
- User Behavior
- Client Retry Behavior
- Conclusion
- III. Implementing Systems
- 11. Case Study: Designing, Implementing, and Maintaining a Publicly Trusted CA
- Background on Publicly Trusted Certificate Authorities
- Why Did We Need a Publicly Trusted CA?
- The Build or Buy Decision
- Design, Implementation, and Maintenance Considerations
- Programming Language Choice
- Complexity Versus Understandability
- Securing Third-Party and Open Source Components
- Testing
- Resiliency for the CA Key Material
- Data Validation
- Conclusion
- 12. Writing Code
- Frameworks to Enforce Security and Reliability
- Benefits of Using Frameworks
- Example: Framework for RPC Backends
- Example code snippets
- Frameworks to Enforce Security and Reliability
- Common Security Vulnerabilities
- SQL Injection Vulnerabilities: TrustedSqlString
- Preventing XSS: SafeHtml
- Lessons for Evaluating and Building Frameworks
- Simple, Safe, Reliable Libraries for Common Tasks
- Rollout Strategy
- Incremental rollout
- Legacy conversions
- Simplicity Leads to Secure and Reliable Code
- Avoid Multilevel Nesting
- Eliminate YAGNI Smells
- Repay Technical Debt
- Refactoring
- Security and Reliability by Default
- Choose the Right Tools
- Use memory-safe languages
- Use strong typing and static type checking
- Choose the Right Tools
- Use Strong Types
- Sanitize Your Code
- C++: Valgrind or Google Sanitizers
- Go: Race Detector
- Conclusion
- 13. Testing Code
- Unit Testing
- Writing Effective Unit Tests
- When to Write Unit Tests
- How Unit Testing Affects Code
- Unit Testing
- Integration Testing
- Writing Effective Integration Tests
- Dynamic Program Analysis
- Fuzz Testing
- How Fuzz Engines Work
- Writing Effective Fuzz Drivers
- An Example Fuzzer
- Continuous Fuzzing
- Example: ClusterFuzz and OSSFuzz
- Static Program Analysis
- Automated Code Inspection Tools
- Integration of Static Analysis in the Developer Workflow
- Abstract Interpretation
- Formal Methods
- Conclusion
- 14. Deploying Code
- Concepts and Terminology
- Threat Model
- Best Practices
- Require Code Reviews
- Rely on Automation
- Verify Artifacts, Not Just People
- Treat Configuration as Code
- Securing Against the Threat Model
- Advanced Mitigation Strategies
- Binary Provenance
- What to put in binary provenance
- Binary Provenance
- Provenance-Based Deployment Policies
- Implementing policy decisions
- Verifiable Builds
- Verifiable build architectures
- Implementing verifiable builds
- Untrusted inputs
- Unauthenticated inputs
- Deployment Choke Points
- Post-Deployment Verification
- Practical Advice
- Take It One Step at a Time
- Provide Actionable Error Messages
- Ensure Unambiguous Provenance
- Create Unambiguous Policies
- Include a Deployment Breakglass
- Securing Against the Threat Model, Revisited
- Conclusion
- 15. Investigating Systems
- From Debugging to Investigation
- Example: Temporary Files
- Debugging Techniques
- Distinguish horses from zebras
- Set aside time for debugging and investigations
- Record your observations and expectations
- Know whats normal for your system
- Reproduce the bug
- Isolate the problem
- Be mindful of correlation versus causation
- Test your hypotheses with actual data
- Reread the docs
- Practice!
- What to Do When Youre Stuck
- Improve observability
- Take a break
- Clean up code
- Delete it!
- Stop when things start to go wrong
- Improve access and authorization controls, even for nonsensitive systems
- From Debugging to Investigation
- Collaborative Debugging: A Way to Teach
- How Security Investigations and Debugging Differ
- Collect Appropriate and Useful Logs
- Design Your Logging to Be Immutable
- Take Privacy into Consideration
- Determine Which Security Logs to Retain
- Operating system logs
- Host agents
- Application logs
- Cloud logs
- Network-based logging and detection
- Budget for Logging
- Robust, Secure Debugging Access
- Reliability
- Security
- Conclusion
- IV. Maintaining Systems
- 16. Disaster Planning
- Defining Disaster
- Dynamic Disaster Response Strategies
- Disaster Risk Analysis
- Setting Up an Incident Response Team
- Identify Team Members and Roles
- Establish a Team Charter
- Establish Severity and Priority Models
- Define Operating Parameters for Engaging the IR Team
- Develop Response Plans
- Create Detailed Playbooks
- Ensure Access and Update Mechanisms Are in Place
- Prestaging Systems and People Before an Incident
- Configuring Systems
- Training
- Processes and Procedures
- Testing Systems and Response Plans
- Auditing Automated Systems
- Conducting Nonintrusive Tabletops
- Testing Response in Production Environments
- Single system testing/fault injection
- Human resource testing
- Multicomponent testing
- System-wide failures/failovers
- Red Team Testing
- Evaluating Responses
- Google Examples
- Test with Global Impact
- DiRT Exercise Testing Emergency Access
- Industry-Wide Vulnerabilities
- Conclusion
- 17. Crisis Management
- Is It a Crisis or Not?
- Triaging the Incident
- Compromises Versus Bugs
- Is It a Crisis or Not?
- Taking Command of Your Incident
- The First Step: Dont Panic!
- Beginning Your Response
- Establishing Your Incident Team
- Operational Security
- Trading Good OpSec for the Greater Good
- The Investigative Process
- Sharding the investigation
- Keeping Control of the Incident
- Parallelizing the Incident
- Handovers
- Morale
- Communications
- Misunderstandings
- Hedging
- Meetings
- Keeping the Right People Informed with the Right Levels of Detail
- Putting It All Together
- Triage
- Declaring an Incident
- Communications and Operational Security
- Beginning the Incident
- Handover
- Handing Back the Incident
- Preparing Communications and Remediation
- Closure
- Conclusion
- 18. Recovery and Aftermath
- Recovery Logistics
- Recovery Timeline
- Planning the Recovery
- Scoping the Recovery
- Recovery Considerations
- How will your attacker respond to your recovery effort?
- Is your recovery infrastructure or tooling compromised?
- What variants of the attack exist?
- Will your recovery reintroduce attack vectors?
- What are your mitigation options?
- Recovery Checklists
- Initiating the Recovery
- Isolating Assets (Quarantine)
- System Rebuilds and Software Upgrades
- Data Sanitization
- Recovery Data
- Credential and Secret Rotation
- After the Recovery
- Postmortems
- Examples
- Compromised Cloud Instances
- Large-Scale Phishing Attack
- Targeted Attack Requiring Complex Recovery
- Conclusion
- V. Organization and Culture
- 19. Case Study: Chrome Security Team
- Background and Team Evolution
- Security Is a Team Responsibility
- Help Users Safely Navigate the Web
- Speed Matters
- Design for Defense in Depth
- Be Transparent and Engage the Community
- Conclusion
- 20. Understanding Roles and Responsibilities
- Who Is Responsible for Security and Reliability?
- The Roles of Specialists
- Understanding Security Expertise
- Certifications and Academia
- Who Is Responsible for Security and Reliability?
- Integrating Security into the Organization
- Embedding Security Specialists and Security Teams
- Example: Embedding Security at Google
- Special Teams: Blue and Red Teams
- External Researchers
- Conclusion
- 21. Building a Culture of Security and Reliability
- Defining a Healthy Security and Reliability Culture
- Culture of Security and Reliability by Default
- Culture of Review
- Culture of Awareness
- Culture of Yes
- Culture of Inevitably
- Culture of Sustainability
- Defining a Healthy Security and Reliability Culture
- Changing Culture Through Good Practice
- Align Project Goals and Participant Incentives
- Reduce Fear with Risk-Reduction Mechanisms
- Make Safety Nets the Norm
- Increase Productivity and Usability
- Overcommunicate and Be Transparent
- Build Empathy
- Convincing Leadership
- Understand the Decision-Making Process
- Build a Case for Change
- Pick Your Battles
- Escalations and Problem Resolution
- Conclusion
- Conclusion
- A. A Disaster Risk Assessment Matrix
- Index
O'Reilly Media - inne książki
-
Keeping up with the Python ecosystem can be daunting. Its developer tooling doesn't provide the out-of-the-box experience native to languages like Rust and Go. When it comes to long-term project maintenance or collaborating with others, every Python project faces the same problem: how to build re...(201.03 zł najniższa cena z 30 dni)
200.93 zł
239.00 zł(-16%) -
Bringing a deep-learning project into production at scale is quite challenging. To successfully scale your project, a foundational understanding of full stack deep learning, including the knowledge that lies at the intersection of hardware, software, data, and algorithms, is required.This book il...(241.36 zł najniższa cena z 30 dni)
241.26 zł
289.00 zł(-17%) -
Frontend developers have to consider many things: browser compatibility, usability, performance, scalability, SEO, and other best practices. But the most fundamental aspect of creating websites is one that often falls short: accessibility. Accessibility is the cornerstone of any website, and if a...(200.59 zł najniższa cena z 30 dni)
200.09 zł
239.00 zł(-16%) -
In this insightful and comprehensive guide, Addy Osmani shares more than a decade of experience working on the Chrome team at Google, uncovering secrets to engineering effectiveness, efficiency, and team success. Engineers and engineering leaders looking to scale their effectiveness and drive tra...(114.93 zł najniższa cena z 30 dni)
114.88 zł
149.00 zł(-23%) -
Data modeling is the single most overlooked feature in Power BI Desktop, yet it's what sets Power BI apart from other tools on the market. This practical book serves as your fast-forward button for data modeling with Power BI, Analysis Services tabular, and SQL databases. It serves as a starting ...(199.08 zł najniższa cena z 30 dni)
198.88 zł
239.00 zł(-17%) -
C# is undeniably one of the most versatile programming languages available to engineers today. With this comprehensive guide, you'll learn just how powerful the combination of C# and .NET can be. Author Ian Griffiths guides you through C# 12.0 and .NET 8 fundamentals and techniques for building c...(241.02 zł najniższa cena z 30 dni)
240.92 zł
289.00 zł(-17%) -
Learn how to get started with Futures Thinking. With this practical guide, Phil Balagtas, founder of the Design Futures Initiative and the global Speculative Futures network, shows you how designers and futurists have made futures work at companies such as Atari, IBM, Apple, Disney, Autodesk, Luf...(148.10 zł najniższa cena z 30 dni)
148.00 zł
179.00 zł(-17%) -
Augmented Analytics isn't just another book on data and analytics; it's a holistic resource for reimagining the way your entire organization interacts with information to become insight-driven.Moving beyond traditional, limited ways of making sense of data, Augmented Analytics provides a dynamic,...(174.74 zł najniższa cena z 30 dni)
174.54 zł
219.00 zł(-20%) -
Learn how to prepare for—and pass—the Kubernetes and Cloud Native Associate (KCNA) certification exam. This practical guide serves as both a study guide and point of entry for practitioners looking to explore and adopt cloud native technologies. Adrián González Sánchez ...
Kubernetes and Cloud Native Associate (KCNA) Study Guide Kubernetes and Cloud Native Associate (KCNA) Study Guide
(169.14 zł najniższa cena z 30 dni)177.65 zł
199.00 zł(-11%) -
Python is an excellent way to get started in programming, and this clear, concise guide walks you through Python a step at a time—beginning with basic programming concepts before moving on to functions, data structures, and object-oriented design. This revised third edition reflects the gro...(140.34 zł najniższa cena z 30 dni)
140.14 zł
179.00 zł(-22%)
Dzieki opcji "Druk na żądanie" do sprzedaży wracają tytuły Grupy Helion, które cieszyły sie dużym zainteresowaniem, a których nakład został wyprzedany.
Dla naszych Czytelników wydrukowaliśmy dodatkową pulę egzemplarzy w technice druku cyfrowego.
Co powinieneś wiedzieć o usłudze "Druk na żądanie":
- usługa obejmuje tylko widoczną poniżej listę tytułów, którą na bieżąco aktualizujemy;
- cena książki może być wyższa od początkowej ceny detalicznej, co jest spowodowane kosztami druku cyfrowego (wyższymi niż koszty tradycyjnego druku offsetowego). Obowiązująca cena jest zawsze podawana na stronie WWW książki;
- zawartość książki wraz z dodatkami (płyta CD, DVD) odpowiada jej pierwotnemu wydaniu i jest w pełni komplementarna;
- usługa nie obejmuje książek w kolorze.
Masz pytanie o konkretny tytuł? Napisz do nas: sklep[at]helion.pl.
Książka, którą chcesz zamówić pochodzi z końcówki nakładu. Oznacza to, że mogą się pojawić drobne defekty (otarcia, rysy, zagięcia).
Co powinieneś wiedzieć o usłudze "Końcówka nakładu":
- usługa obejmuje tylko książki oznaczone tagiem "Końcówka nakładu";
- wady o których mowa powyżej nie podlegają reklamacji;
Masz pytanie o konkretny tytuł? Napisz do nas: sklep[at]helion.pl.
Książka drukowana
![Loader](https://static01.helion.com.pl/ebookpoint/img/ajax-loader.gif)
![ajax-loader](https://static01.helion.com.pl/ebookpoint/img/ajax-loader.gif)
Oceny i opinie klientów: Building Secure and Reliable Systems. Best Practices for Designing, Implementing, and Maintaining Systems Heather Adkins, Betsy Beyer, Paul Blankinship (0)
Weryfikacja opinii następuję na podstawie historii zamówień na koncie Użytkownika umieszczającego opinię. Użytkownik mógł otrzymać punkty za opublikowanie opinii uprawniające do uzyskania rabatu w ramach Programu Punktowego.