CSSLP 2024: Processes & Benchmarks for Secure Lifecycle Management

CSSLP 2024 | Expert

15 videos | 2h 4m 41s
Includes Assessment
Earns a Badge

(2)

Processes and benchmarks for secure lifecycle management ensure consistent security, mitigate risks, comply with standards, and enhance trust in software systems throughout their development and operation. In this course, you will discover the secure software strategy and roadmap, focusing on key attributes such as milestones, checkpoints, and build/break criteria. Then you will contrast various security maturity models and examine the elements of a system security plan (SSP). Next, you will explore the attributes of good metrics for secure software and the importance of effective metrics in lifecycle management. You will use average remediation time (ART) with criticality levels to prioritize security efforts and investigate metrics of code complexity and the impact of different code elements. You will focus on end of life (EOL) policies, data archival during decommissioning, NIST standards for storage media disposal, and key considerations for modifying or terminating service-level agreements (SLAs). Finally, you will delve into security reporting mechanisms within a tiered risk management framework, comprehensive risk management strategies, continuous monitoring, breach notifications, change management, and incident response planning. This course prepares learners for the Certified Secure Software Lifecycle Professional (CSSLP) exam.

WHAT YOU WILL LEARN

Discover the key concepts covered in this course

Describe the attributes of secure software strategy, roadmaps, milestones, checkpoints, and build/break criteria

Compare and contrast different security maturity models, including the open software assurance maturity model (opensamm), the building security in maturity model (bsimm), the devsecops maturity model (dsomm), and the cybersecurity maturity model certification (cmmc)

Analyze the elements of an ssp and outline other security-related documentation

Provide an overview of the attributes of a good metric and list good metrics in secure software lifecycle management

Define average remediation time (art) and use art with criticality levels

Enumerate metrics of code complexity and outline cyclomatic complexity of different code elements

Define eol policies for credential removal, configuration removal, and license cancellation
Define archival of data and list considerations related to retention, destruction, and dependencies

Enumerate national institute of standards and technology (nist) standards for disposal of storage media and outline considerations in modifying or terminating service-level agreements (slas)

Contextualize security reporting in a tiered risk management framework

Define risk avoidance, mitigation, transfer, acceptance, and residual risk

Contrast security information and event management (siem), endpoint detection and response (edr), and vulnerability scanning and outline sound breach notification processes

Provide an overview of the roles of change management and incident response planning throughout the secure lifecycle

Summarize the key concepts covered in this course

IN THIS COURSE

1m 53s

In this video, we will discover the key concepts covered in this course. FREE ACCESS
10m 1s

After completing this video, you will be able to describe the attributes of secure software strategy, roadmaps, milestones, checkpoints, and build/break criteria. FREE ACCESS
3. Contrasting OpenSAMM, BSIMM, DSOMM and CMMC

11m 44s

Upon completion of this video, you will be able to compare and contrast different security maturity models, including the Open Software Assurance Maturity Model (OpenSAMM), the Building Security In Maturity Model (BSIMM), the DevSecOps Maturity Model (DSOMM), and the Cybersecurity Maturity Model Certification (CMMC). FREE ACCESS
4. The System Security Plan (SSP)

9m 54s

In this video, we will analyze the elements of an SSP and outline other security-related documentation. FREE ACCESS
5. Attributes of Good Metrics for Secure Software

11m 59s

After completing this video, you will be able to provide an overview of the attributes of a good metric and list good metrics in secure software lifecycle management. FREE ACCESS
6. Average Remediation Time (ART) and Criticality Levels

7m 2s

Upon completion of this video, you will be able to define average remediation time (ART) and use ART with criticality levels. FREE ACCESS
7. Cyclomatic Complexity

7m 37s

After completing this video, you will be able to enumerate metrics of code complexity and outline cyclomatic complexity of different code elements. FREE ACCESS
8. End of Life (EOL) Policies

9m

Upon completion of this video, you will be able to define EOL policies for credential removal, configuration removal, and license cancellation. FREE ACCESS
9. Archiving Data While Decommissioning Applications

8m 9s

After completing this video, you will be able to define archival of data and list considerations related to retention, destruction, and dependencies. FREE ACCESS
10. Data Disposition and SLA Management

10m 23s

Upon completion of this video, you will be able to enumerate National Institute of Standards and Technology (NIST) standards for disposal of storage media and outline considerations in modifying or terminating service-level agreements (SLAs). FREE ACCESS
11. Security Reporting Mechanisms

6m 36s

After completing this video, you will be able to contextualize security reporting in a tiered risk management framework. FREE ACCESS
12. Risk Avoidance, Mitigation, Transfer, and Acceptance

10m 26s

Upon completion of this video, you will be able to define risk avoidance, mitigation, transfer, acceptance, and residual risk. FREE ACCESS
13. Continuous Monitoring and Breach Notifications

7m 39s

After completing this video, you will be able to contrast security information and event management (SIEM), endpoint detection and response (EDR), and vulnerability scanning and outline sound breach notification processes. FREE ACCESS
14. Change Management and Incident Response Plans

9m 42s

Upon completion of this video, you will be able to provide an overview of the roles of change management and incident response planning throughout the secure lifecycle. FREE ACCESS
15. Course Summary

2m 36s

In this video, we will summarize the key concepts covered in this course. FREE ACCESS

EARN A DIGITAL BADGE WHEN YOU COMPLETE THIS COURSE

Skillsoft is providing you the opportunity to earn a digital badge upon successful completion on some of our courses, which can be shared on any social network or business platform.

Digital badges are yours to keep, forever.

Course CISSP 2021: Software Development Lifecycles & Ecosystems

(59)

Course CSSLP 2024: Secure Software Concepts

(1)

Course SSCP 2021: Asset & Change Management Lifecycles

(79)

Get Started

Sharpen your skills. Upgrade your career. Find the right learning path for you, based on your role and skills. Take part in hands-on practice, study for a certification, and much more - all personalized for you.

*Not included: Compliance, Leadership Development Program content, and Engineering books

Your content + our content + our platform = a path to learning success

Using our learning experience platform, Percipio, your learners can engage in custom learning paths that can feature curated content from all sources.

Learn More

Aspire to something bigger

Aspire Journeys are guided learning paths that set you in motion for career success.

Browse Aspire Journeys

Explore a world of live learning with Global Knowledge

Choose from convenient delivery formats to get the training you and your team need - where, when and how you want it.

Browse Live Learning

IT Skills & Salary Report

ESG Impact Report

CSSLP 2024: Processes & Benchmarks for Secure Lifecycle Management

WHAT YOU WILL LEARN

IN THIS COURSE

EARN A DIGITAL BADGE WHEN YOU COMPLETE THIS COURSE

YOU MIGHT ALSO LIKE