CSSLP: Secure Software Requirements Competency (Intermediate Level)

  • 18m
  • 18 questions
The Secure Software Requirements Competency benchmark measures your ability to define software security requirements and identify and analyze compliance requirements, data classification requirements, and privacy requirements. You will be evaluated on your skills in developing misuse and abuse cases, using the Security Requirements Traceability Matrix (STRM), and ensuring security requirements flow down to the suppliers/providers. A learner who scores high on this benchmark demonstrates that they have the skills to recognize secure software requirements such as abuse cases, software specifications, and traceability matrixes.

Topics covered

  • describe data lifecycle requirements such as generation, retention, and disposal
  • describe how use cases model the intended behavior of the software or system
  • describe information used to specifically identify an individual
  • describe policy decomposition
  • describe the benefits of breach notifications
  • describe the importance of security during the disposal stage
  • describe when to use misuse/abuse cases
  • differentiate between data owner and data custodian
  • differentiate between labeling requirements such as sensitivity and impact
  • list software requirement specifications such as confidentiality, integrity, availability, authentication, authorization, and accountability
  • list the benefits of RTM for software development
  • list types of data including structured and unstructured data
  • recognize characteristics of legal and regulatory requirements, as well as compliance with them
  • recognize data protection principles including user consent
  • recognize functional requirements
  • recognize how security requirements are aligned with functional and non-functional requirements
  • recognize non-functional requirements such as reliability, performance, security, accuracy, costs, and maintainability
  • recognize the importance of a high-level privacy policy