CISSP: Software Development Security


Overview/Description
Target Audience
Prerequisites
Expected Duration
Lesson Objectives
Course Number
Expertise Level


Overview/Description
While information systems security professionals are not generally involved in software development, they are responsible to assess and implement security controls on software being used within the organizational environment. In this course you'll learn about best practices for implementing and enforcing software security controls. This course also covers best practices for assessing software security effectiveness, such as using change logs and audits, software security risk analysis, and software security acceptance testing. Finally this course covers best practices for assessing security impacts of acquired or third-party software, and software assurance. This course is one of a series in the Skillsoft learning path that covers the objectives for the Certified Information Systems Security Professional (CISSP) exam.

Target Audience
Individuals interested in information systems security concepts, methodologies and best practices; candidates for the Certified Information Systems Security Professional (CISSP) exam

Prerequisites
None

Expected Duration (hours)
1.4

Lesson Objectives

CISSP: Software Development Security

  • start the course
  • distinguish between the basic phases of the SDLC
  • describe characteristics of non-iterative development methodologies and their role in software development security
  • describe characteristics of iterative development methodologies and their role in software development security
  • identify characteristics of capability maturity models and their role in software development life cycle security
  • identify secure operations and maintenance best practices during the software development lifecycle
  • identify secure change management best practices during the software development lifecycle
  • describe the purpose and best practices of IPTs and their role in secure software development
  • distinguish between security controls and best practices for the software environment
  • identify source-code level security vulnerabilities and methods to mitigate risk from them
  • use configuration management as a method for securing the coding environment
  • describe best practices for code repository security
  • describe best practices for application programming interface security
  • use audits and change logs to assess the effectiveness of software security
  • describe risk analysis and mitigation best practices when assessing the effectiveness of software security
  • describe acceptance testing best practices when assessing the effectiveness of software security
  • distinguish between the three major phases of SwA
  • identify the general questions that should be answered as part of an effective software assurance policy
  • identify appropriate options for assessing software security

    • Course Number:
    sp_cisp_a12_it_enus

    Expertise Level
    Intermediate