Certified Secure Software Lifecycle Professional (CSSLP) 2019: Supply Chain & Software Acquisition
CSSLP 2019
20 Videos | 1h 2m 54s - Includes Assessment
- Earns a Badge
This 20-video course examines a variety of best practices for supply chain and software acquisitions. Begin by watching demonstrations of how to analyze security for a third-party software and how to verify secure transfers. Then learn the steps involved in securely interconnecting and sharing systems; how to implement code repository security; how to build environment security; and how to work with digitally-signed components. Next, explore such important topics as compliance auditing, vulnerability response and reporting, supplier sourcing challenges, contractual integrity controls, and vendor technical integrity controls. Learn the basics of how to verify pedigree and provenance. The course also covers topics such as managed services controls, service level agreements (SLAs), support structure, and software development lifecycle approaches, as well as how to secure information systems, security track records, and product deployment. Finally, you will review the configuration identification scheme, a crucial tool in configuration management. The course prepares learners for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.
WHAT YOU WILL LEARN
-
discover the key concepts covered in this course
analyze security for third party software
recognize how to verify secure transfers
describe how to securely interconnect and share systems
describe code repository security
recognize how to secure the build environment
recognize cryptographically hashed or digitally signed components
recognize how to audit security policy compliance
recognize how to perform vulnerability/incident response and reporting
distinguish between different security trade-offs in supplier sourcing -
identify best practices for contractual integrity controls
identify best practices for vendor technical integrity controls
identify best secure control practices for managed services from a supplier
distinguish between the two rules SLAs should provide
recognize maintenance and support structures such as community vs. commercial
recognize how to assess software engineering and SDLC approaches
recognize how to assess information systems security policy compliance
assess a security track record
recognize product deployment and sustainment controls such as upgrades, secure configuration, custom code extensions, operational readiness, and GPL requirements
summarize the key concepts covered in this course
IN THIS COURSE
-
1.Course Overview1m 57sUP NEXT
-
2.Third Party Software4m 20s
-
3.Secure Transfers1m 19s
-
4.Systems Sharing2m 13s
-
5.Code Repository Security4m 5s
-
6.Build Environment Security2m 45s
-
7.Digitally Signed Components2m 1s
-
8.Compliance Auditing2m 42s
-
9.Vulnerability Response and Reporting2m 7s
-
10.Supplier Sourcing Challenges4m 23s
-
11.Contractual Integrity Controls2m 16s
-
12.Vendor Technical Integrity Controls3m 56s
-
13.Managed Services Controls2m 7s
-
14.Service-level Agreements2m 56s
-
15.Support Structure2m 18s
-
16.SDLC Approaches4m 53s
-
17.Securing Information Systems2m 16s
-
18.Security Track Record1m 56s
-
19.Product Deployment and Configuration Management1m 59s
-
20.Course Summary1m 23s
EARN A DIGITAL BADGE WHEN YOU COMPLETE THIS COURSE
Skillsoft is providing you the opportunity to earn a digital badge upon successful completion of this course, which can be shared on any social network or business platform
Digital badges are yours to keep, forever.
