Certified Secure Software Lifecycle Professional (CSSLP) 2019: Supply Chain & Software Acquisition
CSSLP 2019
| Intermediate
- 20 Videos | 53m 54s
- Includes Assessment
- Earns a Badge
This 20-video course examines a variety of best practices for supply chain and software acquisitions. Begin by watching demonstrations of how to analyze security for a third-party software and how to verify secure transfers. Then learn the steps involved in securely interconnecting and sharing systems; how to implement code repository security; how to build environment security; and how to work with digitally-signed components. Next, explore such important topics as compliance auditing, vulnerability response and reporting, supplier sourcing challenges, contractual integrity controls, and vendor technical integrity controls. Learn the basics of how to verify pedigree and provenance. The course also covers topics such as managed services controls, service level agreements (SLAs), support structure, and software development lifecycle approaches, as well as how to secure information systems, security track records, and product deployment. Finally, you will review the configuration identification scheme, a crucial tool in configuration management. The course prepares learners for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.
WHAT YOU WILL LEARN
-
discover the key concepts covered in this courseanalyze security for third party softwarerecognize how to verify secure transfersdescribe how to securely interconnect and share systemsdescribe code repository securityrecognize how to secure the build environmentrecognize cryptographically hashed or digitally signed componentsrecognize how to audit security policy compliancerecognize how to perform vulnerability/incident response and reportingdistinguish between different security trade-offs in supplier sourcing
-
identify best practices for contractual integrity controlsidentify best practices for vendor technical integrity controlsidentify best secure control practices for managed services from a supplierdistinguish between the two rules SLAs should providerecognize maintenance and support structures such as community vs. commercialrecognize how to assess software engineering and SDLC approachesrecognize how to assess information systems security policy complianceassess a security track recordrecognize product deployment and sustainment controls such as upgrades, secure configuration, custom code extensions, operational readiness, and GPL requirementssummarize the key concepts covered in this course
IN THIS COURSE
-
1.Course Overview1m 57sUP NEXT
-
2.Third Party Software4m 20s
-
3.Secure Transfers1m 19s
-
4.Systems Sharing2m 13s
-
5.Code Repository Security4m 5s
-
6.Build Environment Security2m 45s
-
7.Digitally Signed Components2m 1s
-
8.Compliance Auditing2m 42s
-
9.Vulnerability Response and Reporting2m 7s
-
10.Supplier Sourcing Challenges4m 23s
-
11.Contractual Integrity Controls2m 16s
-
12.Vendor Technical Integrity Controls3m 56s
-
13.Managed Services Controls2m 7s
-
14.Service-level Agreements2m 56s
-
15.Support Structure2m 18s
-
16.SDLC Approaches4m 53s
-
17.Securing Information Systems2m 16s
-
18.Security Track Record1m 56s
-
19.Product Deployment and Configuration Management1m 59s
-
20.Course Summary1m 23s
EARN A DIGITAL BADGE WHEN YOU COMPLETE THIS COURSE
Skillsoft is providing you the opportunity to earn a digital badge upon successful completion of this course, which can be shared on any social network or business platform
Digital badges are yours to keep, forever.