Security Chaos Engineering: Sustaining Resilience in Software and Systems

Cybersecurity is broken. Year after year, attackers remain unchallenged and undeterred, while engineering teams feel pressure to design, build, and operate "secure" systems. Failure can't be prevented, mental models of systems are incomplete, and our digital world constantly evolves. How can we verify that our systems behave the way we expect? What can we do to improve our systems' resilience?

In this comprehensive guide, authors Kelly Shortridge and Aaron Rinehart help you navigate the challenges of sustaining resilience in complex software systems by using the principles and practices of security chaos engineering. By preparing for adverse events, you can ensure they don't disrupt your ability to innovate, move quickly, and achieve your engineering and business goals.

• Learn how to design a modern security program
• Make informed decisions at each phase of software delivery to nurture resilience and adaptive capacity
• Understand the complex systems dynamics upon which resilience outcomes depend
• Navigate technical and organizational trade-offs that distort decision making in systems
• Explore chaos experimentation to verify critical assumptions about software quality and security
• Learn how major enterprises leverage security chaos engineering

網路安全已經破碎不堪。年復一年，攻擊者仍然無人能敵，而工程團隊則感受到設計、建構和運營「安全」系統的壓力。無法預防失敗，系統的心智模型不完整，而我們的數位世界不斷演進。我們如何驗證我們的系統是否按照我們的期望運作？我們可以做些什麼來提升系統的彈性？

在這本全面指南中，作者Kelly Shortridge和Aaron Rinehart通過使用安全混沌工程的原則和實踐，幫助您應對在複雜軟體系統中維持彈性的挑戰。通過為逆境事件做好準備，您可以確保它們不會干擾您創新、快速行動並實現工程和業務目標的能力。

本書內容包括：
- 學習如何設計現代安全計劃
- 在軟體交付的每個階段做出明智決策，培養彈性和適應能力
- 了解影響彈性結果的複雜系統動態
- 應對技術和組織上的權衡，以免扭曲系統決策
- 探索混沌實驗以驗證軟體品質和安全性的關鍵假設
- 學習大型企業如何運用安全混沌工程的方法

這本書將幫助您建立更強大的安全防護系統，以應對不斷變化的威脅和挑戰。