Trainer gesucht
IT-Trainer Jobs und Stellenangebote: ISC2 CSSLP - Certified Secure Software Lifecycle Professional, (ISC2), IT Security, IT-Security Spezialist.
Anmelden / Registrieren als Trainer
Agenda
Domain 1: Secure Software Concepts
- Core Concepts
- Security Design Principles
Domain 2: Secure Software Requirements
- Define Software Security Requirements
- Identify and Analyze Compliance Requirements
- Identify and Analyze Data Classification Requirements
- Identify and Analyze Privacy Requirements
- Develop Misuse and Abuse Cases
- Develop Security Requirement Traceability Matrix (STRM)
- Ensure Security Requirements Flow Down to Suppliers/Providers
Domain 3: Secure Software Architecture and Design
- Perform Threat Modeling
- Define the Security Architecture
- Performing Secure Interface Design
- Performing Architectural Risk Assessment
- Model (Non-Functional) Security Properties and Constraints
- Model and Classify Data
- Evaluate and Select Reusable Secure Design
- Perform Security Architecture and Design Review
- Define Secure Operational Architecture
- Use Secure Architecture and Design Principles, Patterns, and Tools
Domain 4: Secure Software Implentation
- Adhere to Relevant Secure Coding Practices
- Analyze Code for Security Risks
- Implement Security Controls
- Address Security Risks (e.g. remediation, mitigation, transfer, accept)
- Securely Reuse Third-Party Code or Libraries
- Securely Integrate Components
- Apply Security During the Build Process
Domain 5: Secure Software Testing
- Develop Security Test Cases
- Develop Security Testing Strategy and Plan
- Verify and Validate Documentation
- Identify Undocumented Functionality
- Analyze Security Implications of Test Results
- Classify and Track Security Errors
- Secure Test Data
- Perform Verification and Validation Testing
Domain 6: Secure Software Lifecycle Management
- Secure Configuration and Version Control
- Define Strategy and Roadmap
- Manage Security Within a Software Development Methodology
- Identify Security Standards and Frameworks
- Define and Develop Security Documentation
- Develop Security Metrics
- Decommission Software
- Report Security Status
- Incorporate Integrated Risk Management (IRM)
- Promote Security Culture in Software Development
- Implement Continuous Improvement
Domain 7: Secure Software Deployment, Operations, Maintenance
- Perform Operational Risk Analysis
- Release Software Securely
- Securely Store and Manage Security Data
- Ensure Secure Installation
- Perform Post-Deployment Security Testing
- Obtain Security Approval to Operate
- Perform Information Security Continuous Monitoring (ISCM)
- Support Incident Response
- Perform Patch Management (e.g. secure release, testing)
- Perform Vulnerability Management
- Runtime Protection
- Support Continuity of Operations
- Integrate Service Level Objectives (SLO) and Service Level Agreements (SLA)
Domain 8: Secure Software Supply Chain
- Implement Software Supply Chain Risk Management
- Analyze Security of Third-Party Software
- Verify Pedigree and Provenance
- Ensure Supplier Security Requirements in the Acquisition Process
- Support contractual requirements