CSSLP: Secure Software Lifecycle Management Competency (Intermediate Level)

  • 24m
  • 24 questions
The Secure Software Lifecycle Management Competency benchmark measures your knowledge of secure lifecycle management, including version control, security standards, frameworks, and security metrics, in addition to governance, risk, and compliance (GRC). You will be evaluated on your skills in deploying and maintaining software and operations. A learner who scores high on this benchmark demonstrates that they have the skills necessary to use the secure lifecycle management model and perform software pre- and post-release activities.

Topics covered

  • describe common terminology including threats, vulnerability, residual risk, controls, probability, and impact
  • describe end-of-life policies
  • describe how to obtain security approval to operate
  • describe risk response
  • describe secure configurations and version control
  • describe security standards and frameworks
  • describe strategies including mitigate, accept, transfer, and avoid
  • distinguish between incident management activities
  • ensure secure installations using environment hardening
  • ensure secure installations using least privilege
  • identify characteristics of a post-release plan
  • identify legal factors such as intellectual property and breach notification
  • identify the characteristics of the pre-release testing process
  • recognize acceptance include software qualification testing, planning, and hierarchy
  • recognize best practices for patch and vulnerability management
  • recognize characteristics of backup, recovery, and archiving
  • recognize characteristics of release management activities
  • recognize disaster recovery considerations as they relate to continuity of operations
  • recognize how to perform security monitoring including managing error logs, audits, meeting SLAS, and CIA metrics
  • recognize security metrics
  • recognize steps to perform risk analysis
  • recognize the need to perform post-deployment security testing
  • recognize the secure software methodology
  • securely store and manage configuration data