20. Regulations!
OFAC USA PATRIOT Act Gramm-Leach-Bliley Act Red Flags Rule
Bank Secrecy Act Sarbanes-Oxley Regulation E Dodd-Frank
False Claims Act HIPAA
European Central Bank
regulations
Prudential Regulation
Authority
Financial Conduct
Authority
HITECH PCI DSS
21.
22.
23. "Society's ability to regulate industries
effectively is limited by it's ability to access
and understand code, as we saw with the
VW emissions scandal." @richardjpope
34. Common ground is
Not a "thing"
Not a state
Instead, it is a process
an ongoing action: grounding
http://www.stefanomastrogiacomo.info/wp-content/uploads/2012/11/Common-Ground.png
46. roles and functions
routines
skills and competencies
goals and commitment
stance:
perceptions of time pressure
fatigue
competing priorities
Most important types:
Pertinent Mutual Knowledge,
Beliefs, and Assumptions
47. common ground is created or
lost during handoffs.
https://www.flickr.com/photos/53370644@N06/4976497160
48. Why do teams lose common
ground?
• No experience working together
• Access to different data
• No clear rationale for the directives
• Ignorance of different stances
• Unexpected loss of communications and unskilled
at repairing the disruption
• Failure to monitor confirmation of messages
• Confusion over who knows what – fundamental
common ground breakdown
51. Common ground is not binary!
Teams engage in activities to support common
ground
• structuring preparations(establish routines)
• sustaining (clarifications, reminders)
• updating others about changes
• monitoring other team members
• detecting (anomalies, signals of loss of ground)
repairing the loss
52. "No matter how much care is taken,
breakdowns in common ground are
inevitable. No amount of procedure
or documentation can totally
prevent them."
53. High reliability organizations are marked by a
continual mindfulness, a continual searching for
indications of a loss of common ground
55. Making automation a team player
https://tctechcrunch2011.files.wordpress.com/2015/06/robotdap-e1433960740130.jpg
56.
57. InSpec is compliance as code – a
human-readable language for
automating the continuous testing and
compliance auditing of your entire
infrastructure.
66. describe security_policy do
its('PasswordComplexity') { should eq 1 }
end
describe sshd_config do
its('Port') { should eq('22') }
End
describe iis_site('Default Web Site') do
it { should
have_app_pool('DefaultAppPool') }
it { should have_binding('http *:80:') }
end
71. Truth can only be
found in one place:
the code.
Only the code can
truly tell you what it
does. It is the only
source of truly
accurate
information.