Page 1421 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1421
Further worsening the situation, hackers have written bots that
scour public code repositories searching for exposed API keys.
These bots may detect an inadvertently posted key in seconds,
allowing the hacker to quickly provision massive computing
resources before the developer even knows of their mistake!
Similarly, developers should also be careful to avoid placing
passwords, internal server names, database names, and other
sensitive information in code repositories.
Service-Level Agreements
Using service-level agreements (SLAs) is an increasingly popular way
to ensure that organizations providing services to internal and/or
external customers maintain an appropriate level of service agreed on
by both the service provider and the vendor. It’s a wise move to put
SLAs in place for any data circuits, applications, information
processing systems, databases, or other critical components that are
vital to your organization’s continued viability. The following issues
are commonly addressed in SLAs:
System uptime (as a percentage of overall operating time)
Maximum consecutive downtime (in seconds/minutes/and so on)
Peak load
Average load
Responsibility for diagnostics
Failover time (if redundancy is in place)
Service-level agreements also commonly include financial and other
contractual remedies that kick in if the agreement is not maintained.
For example, if a critical circuit is down for more than 15 minutes, the
service provider might agree to waive all charges on that circuit for one
week.
Software Acquisition
Most of the software used by enterprises is not developed internally
