Continuous security is an approach that aims to keep an organization in control from three perspectives: 1. The business perspective: Business value streams are in control of the identified risks by continuously testing the effectiveness of the controls deployed and recording evidence. 2. The development perspective: Development value streams are in control by integrally including the non-functional requirements for information security in the development. 3. The operations perspective: Operations value streams are in control for the production of the new and changed ICT services through an adequate design of the CI/CD secure pipeline in which controls automatically test the non-functional requirements. This book is a publication in the Continuous Everything series. The content consists of a discussion of the application of ISO 27001 on the basis of three sets of security practices, namely Governance, Risk and Quality. The practices are provided with a definition and objective. In addition, examples and best practices are given. The continuous security concept is designed to be used in Agile Scrum (development) and DevOps (Development & Operations) environments. To this end, it connects seamlessly to common Agile management models. This Agile approach to information security provides you with a powerful tool to get a grip on the compliance of your Agile system development and management.
Drs. Ing. B. de Best RI has been active in ICT since 1985. He worked primarily with the top 100 of Dutch business and government organizations. He has acquired experience in different roles within all aspects of system development, including operations for 12 years. After that, he focused on the subject of service management. Currently, as a consultant, he is active in all aspects of the knowledge management cycle of service management, such as training ICT managers and service managers, advising service management organisations, improving service management processes and outsourcing (parts of) service management organisations. He graduated at both the HTS and University level in the management field.