This 20-video course examines a variety of best practices for supply chain and software acquisitions. Begin by watching demonstrations of how to analyze security for a third-party software and how to verify secure transfers. Then learn the steps involved in securely interconnecting and sharing systems; how to implement code repository security; how to build environment security; and how to work with digitally-signed components. Next, explore such important topics as compliance auditing, vulnerability response and reporting, supplier sourcing challenges, contractual integrity controls, and vendor technical integrity controls. Learn the basics of how to verify pedigree and provenance. The course also covers topics such as managed services controls, service level agreements (SLAs), support structure, and software development lifecycle approaches, as well as how to secure information systems, security track records, and product deployment. Finally, you will review the configuration identification scheme, a crucial tool in configuration management. The course prepares learners for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.
describe how to securely interconnect and share systems
describe code repository security
recognize how to secure the build environment
recognize cryptographically hashed or digitally signed components
recognize how to audit security policy compliance
recognize how to perform vulnerability/incident response and reporting
distinguish between different security trade-offs in supplier sourcing
identify best practices for contractual integrity controls
identify best practices for vendor technical integrity controls
identify best secure control practices for managed services from a supplier
distinguish between the two rules SLAs should provide
recognize maintenance and support structures such as community vs. commercial
recognize how to assess software engineering and SDLC approaches
recognize how to assess information systems security policy compliance
assess a security track record
recognize product deployment and sustainment controls such as upgrades, secure configuration, custom code extensions, operational readiness, and GPL requirements