Certified Secure Software Lifecycle Professional (CSSLP)
Course Schedule:
Please contact Infotec at 1-800-720-9185 regarding the availability of this class.
Overview
As the global leader in information security education and certification, (ISC)2 has a proven track record of educating and certifying information security professionals. Its newest certification, the Certified Secure Software Lifecycle Professional (CSSLP) is a testament to the organization's ongoing commitment to information and software security.
Many organizations have adopted the CSSLP as the preferred credential to convey one's expertise on security in the software development lifecycle. In today's interconnected world, security must be included within each phase of the software lifecycle. The CSSLP CBK contains the largest, most comprehensive, collection of best practices, policies, and procedures, to ensure a security initiative across all phases of application development, regardless of methodology.
This course is designed for professionals who demonstrate a globally recognized level of competence, as defined in a common body of knowledge, by assuring security throughout the software lifecycle. They incorporate security when planning, designing, developing, acquiring, testing, deploying, maintaining, and/or managing software to increase its trustworthiness.
The course is intended for students who have at least four years of direct full-time secure software lifecycle professional work experience in one or more of the 8 domains of the CSSLP CBK, or three years of direct full-time secure software lifecycle professional work experience in one or more of the eight domains of the CSSLP CBK with a four-year college degree in an information technology discipline. The course builds on and brings together the holistic view of the topics covered in the everyday environment of an information assurance professional. Experience in the following professions will greatly enhance the learning environment.
Many organizations have adopted the CSSLP as the preferred credential to convey one's expertise on security in the software development lifecycle. In today's interconnected world, security must be included within each phase of the software lifecycle. The CSSLP CBK contains the largest, most comprehensive, collection of best practices, policies, and procedures, to ensure a security initiative across all phases of application development, regardless of methodology.
This course is designed for professionals who demonstrate a globally recognized level of competence, as defined in a common body of knowledge, by assuring security throughout the software lifecycle. They incorporate security when planning, designing, developing, acquiring, testing, deploying, maintaining, and/or managing software to increase its trustworthiness.
The course is intended for students who have at least four years of direct full-time secure software lifecycle professional work experience in one or more of the 8 domains of the CSSLP CBK, or three years of direct full-time secure software lifecycle professional work experience in one or more of the eight domains of the CSSLP CBK with a four-year college degree in an information technology discipline. The course builds on and brings together the holistic view of the topics covered in the everyday environment of an information assurance professional. Experience in the following professions will greatly enhance the learning environment.
Objectives
The goal of the Security Software Concepts module is to provide the learner with concepts related to the core software security requirements and foundational design principles as they relate to issues of privacy, governance, risk, and compliance. Learners will understand the software methodologies needed in order to develop software that is secure and resilient to attacks.
The goal of the Security Software Requirements module is to provide the learner with concepts related to understanding the importance of identifying and developing software with secure requirements. The learner will be able to incorporate security requirements in the development of software in order to produce software that is reliable, resilient, and recoverable.
The design phase of secure software development is one of the most important phases in the Software Development Lifecycle. The Security Software Design module provides the learner with an understanding of how to ensure that software security requirements are included in the design of the software. Learners will gain knowledge of secure design principles and processes, and be exposed to different architectures and technologies for securing software.
The Security Software Implementation/Coding module provides the learner with an understanding of the importance of programming concepts that can effectively protect software from vulnerabilities. Learners will touch on topics such as software coding vulnerabilities, defensive coding techniques and processes, code analysis and protection, and environmental security considerations that should be factored into software.
The Security Software Testing module addresses issues pertaining to proper testing of software for security, including the overall strategies and plans. Learners will gain an understanding of the different types of functional and security testing that should be performed, the criteria for testing, concepts related to impact assessment and corrective actions, and the test data lifecycle.
The Software Acceptance module provides an understanding of the requirements for software acceptance, paying specific attention to compliance, quality, functionality, and assurance. Participants will learn about pre- and post-release validation requirements and well as pre-deployment criteria.
The Software Deployment, Operations, Maintenance, and Disposal module provides the learner with knowledge pertaining to the deployment, operations, maintenance, and disposal of software from a secure perspective. This is achieved by identifying processes during installation and deployment, operations and maintenance, and disposal that can affect the ability of the software to remain reliable, resilient, and recoverable in its prescribed manner.
The Supply Chain and Software Acquisition module provides the learner with knowledge on how to perform effective assessments on an organization's cyber-supply chain, and describes how security applies to the supply chain and software acquisition process. Learners will understand the importance of supplier sourcing and being able to validate vendor integrity, from third-party vendors to complete outsourcing. Finally, learners will understand how to manage risk through the adoption of standards and best practices for proper development and testing across the entire lifecycle of products.