Course

Course Summary
Credit Type:
Course
ACE ID:
ISCT-0003
Organization:
International Information System Security Certification Consortium ISC2
Location:
Classroom-based
Length:
40 hours
Dates Offered:
Credit Recommendation & Competencies
Level Credits (SH) Subject
Lower-Division Baccalaureate 2 Information Security, Cyber Security, or Computer Security
Description

Objective:

The course objective is to provide a comprehensive review of the knowledge required to incorporate security practices - authentication, authorization and auditing - into each phase of the Software Development Lifecycle (SDLC), from software design and implementation to testing and deployment. This training course will help students review and refresh their knowledge and identify areas they need to study for the CSSLP exam. Taught by an (ISC)² authorized instructor, the course covers six domains, including: domain 1: secure software concepts; domain 2: secure software requirements; domain 3: secure software design; domain 4: secure software implementation/programming; domain 5: secure software testing; domain 6: secure lifecycle management; domain 7: software deployment, operations and maintenance; and domain 8: supply chain and software acquisition.

Learning Outcomes:

  • Incorporate security requirements in the development of software to produce software that is reliable, resilient and recoverable
  • Understand the importance of programming concepts that can effectively protect software from vulnerabilities. Learners will touch on topics such as software coding vulnerabilities, defensive coding techniques and processes, code analysis and protection, and environmental security considerations that should be factored into software
  • Identify the software methodologies needed to develop software that is secure and resilient to attacks
  • Understand how to ensure that software security requirements are included in the design of the software, gain knowledge of secure design principles and processes, and gain exposure to different architectures and technologies for securing software
  • Address issues pertaining to proper testing of software for security, including the overall strategies and plans. Learners will gain an understanding of the different types of functional and security testing that should be performed, the criteria for testing, concepts related to impact assessment and corrective actions, and the test data lifecycle
  • Understand the requirements for software acceptance, paying specific attention to compliance, quality, functionality and assurance. Participants will learn about pre- and post-release validation requirements as well as pre-deployment criteria
  • Understand the deployment, operations, maintenance and disposal of software from a secure perspective. This is achieved by identifying processes during installation and deployment, operations and maintenance, and disposal that can affect the ability of the software to remain reliable, resilient and recoverable in its prescribed manner
  • Understand how to perform effective assessments on an organization's cyber-supply chain, and describe how security applies to the supply chain and software acquisition process. Learners will understand the importance of supplier sourcing and being able t

General Topics:

  • Domain 1: secure software concepts
  • Domain 2: secure software requirements
  • Domain 3: secure software design
  • Domain 4: secure software implementation/programming
  • Domain 5: secure software testing
  • Domain 6: secure lifecycle management
  • Domain 7: software deployment, operations and maintenance
  • Domain 8: supply chain and software acquisition
Instruction & Assessment

Instructional Strategies:

  • Audio Visual Materials
  • Case Studies
  • Classroom Exercise
  • Discussion
  • Lectures
  • Practical Exercises

Methods of Assessment:

  • Examinations

Minimum Passing Score:

70%
Supplemental Materials