IT-Trainer Jobs und Stellenangebote: ISC2 CSSLP - Certified Secure Software Lifecycle Professional

Seminardauer: 5 Tage

Trainer gesucht

IT-Trainer Jobs und Stellenangebote: ISC2 CSSLP - Certified Secure Software Lifecycle Professional, (ISC2), IT Security, IT-Security Spezialist.

Anmelden / Registrieren als Trainer

Agenda

Domain 1: Secure Software Concepts

  • Core Concepts
  • Security Design Principles

Domain 2: Secure Software Requirements

  • Define Software Security Requirements
  • Identify and Analyze Compliance Requirements
  • Identify and Analyze Data Classification Requirements
  • Identify and Analyze Privacy Requirements
  • Develop Misuse and Abuse Cases
  • Develop Security Requirement Traceability Matrix (STRM)
  • Ensure Security Requirements Flow Down to Suppliers/Providers

Domain 3: Secure Software Architecture and Design

  • Perform Threat Modeling
  • Define the Security Architecture
  • Performing Secure Interface Design
  • Performing Architectural Risk Assessment
  • Model (Non-Functional) Security Properties and Constraints
  • Model and Classify Data
  • Evaluate and Select Reusable Secure Design
  • Perform Security Architecture and Design Review
  • Define Secure Operational Architecture
  • Use Secure Architecture and Design Principles, Patterns, and Tools

Domain 4: Secure Software Implentation

  • Adhere to Relevant Secure Coding Practices
  • Analyze Code for Security Risks
  • Implement Security Controls
  • Address Security Risks (e.g. remediation, mitigation, transfer, accept)
  • Securely Reuse Third-Party Code or Libraries
  • Securely Integrate Components
  • Apply Security During the Build Process

Domain 5: Secure Software Testing

  • Develop Security Test Cases
  • Develop Security Testing Strategy and Plan
  • Verify and Validate Documentation
  • Identify Undocumented Functionality
  • Analyze Security Implications of Test Results
  • Classify and Track Security Errors
  • Secure Test Data
  • Perform Verification and Validation Testing

Domain 6: Secure Software Lifecycle Management

  • Secure Configuration and Version Control
  • Define Strategy and Roadmap
  • Manage Security Within a Software Development Methodology
  • Identify Security Standards and Frameworks
  • Define and Develop Security Documentation
  • Develop Security Metrics
  • Decommission Software
  • Report Security Status
  • Incorporate Integrated Risk Management (IRM)
  • Promote Security Culture in Software Development
  • Implement Continuous Improvement

Domain 7: Secure Software Deployment, Operations, Maintenance

  • Perform Operational Risk Analysis
  • Release Software Securely
  • Securely Store and Manage Security Data
  • Ensure Secure Installation
  • Perform Post-Deployment Security Testing
  • Obtain Security Approval to Operate
  • Perform Information Security Continuous Monitoring (ISCM)
  • Support Incident Response
  • Perform Patch Management (e.g. secure release, testing)
  • Perform Vulnerability Management
  • Runtime Protection
  • Support Continuity of Operations
  • Integrate Service Level Objectives (SLO) and Service Level Agreements (SLA)

Domain 8: Secure Software Supply Chain

  • Implement Software Supply Chain Risk Management
  • Analyze Security of Third-Party Software
  • Verify Pedigree and Provenance
  • Ensure Supplier Security Requirements in the Acquisition Process
  • Support contractual requirements