CSSLP 2024: Processes & Benchmarks for Secure Lifecycle Management

CSSLP 2024    |    Expert
  • 15 videos | 2h 4m 41s
  • Includes Assessment
  • Earns a Badge
Rating 5.0 of 2 users Rating 5.0 of 2 users (2)
Processes and benchmarks for secure lifecycle management ensure consistent security, mitigate risks, comply with standards, and enhance trust in software systems throughout their development and operation. In this course, you will discover the secure software strategy and roadmap, focusing on key attributes such as milestones, checkpoints, and build/break criteria. Then you will contrast various security maturity models and examine the elements of a system security plan (SSP). Next, you will explore the attributes of good metrics for secure software and the importance of effective metrics in lifecycle management. You will use average remediation time (ART) with criticality levels to prioritize security efforts and investigate metrics of code complexity and the impact of different code elements. You will focus on end of life (EOL) policies, data archival during decommissioning, NIST standards for storage media disposal, and key considerations for modifying or terminating service-level agreements (SLAs). Finally, you will delve into security reporting mechanisms within a tiered risk management framework, comprehensive risk management strategies, continuous monitoring, breach notifications, change management, and incident response planning. This course prepares learners for the Certified Secure Software Lifecycle Professional (CSSLP) exam.

WHAT YOU WILL LEARN

  • Discover the key concepts covered in this course
    Describe the attributes of secure software strategy, roadmaps, milestones, checkpoints, and build/break criteria
    Compare and contrast different security maturity models, including the open software assurance maturity model (opensamm), the building security in maturity model (bsimm), the devsecops maturity model (dsomm), and the cybersecurity maturity model certification (cmmc)
    Analyze the elements of an ssp and outline other security-related documentation
    Provide an overview of the attributes of a good metric and list good metrics in secure software lifecycle management
    Define average remediation time (art) and use art with criticality levels
    Enumerate metrics of code complexity and outline cyclomatic complexity of different code elements
    Define eol policies for credential removal, configuration removal, and license cancellation
  • Define archival of data and list considerations related to retention, destruction, and dependencies
    Enumerate national institute of standards and technology (nist) standards for disposal of storage media and outline considerations in modifying or terminating service-level agreements (slas)
    Contextualize security reporting in a tiered risk management framework
    Define risk avoidance, mitigation, transfer, acceptance, and residual risk
    Contrast security information and event management (siem), endpoint detection and response (edr), and vulnerability scanning and outline sound breach notification processes
    Provide an overview of the roles of change management and incident response planning throughout the secure lifecycle
    Summarize the key concepts covered in this course

IN THIS COURSE

  • 1m 53s
    In this video, we will discover the key concepts covered in this course. FREE ACCESS
  • 10m 1s
    After completing this video, you will be able to describe the attributes of secure software strategy, roadmaps, milestones, checkpoints, and build/break criteria. FREE ACCESS
  • Locked
    3.  Contrasting OpenSAMM, BSIMM, DSOMM and CMMC
    11m 44s
    Upon completion of this video, you will be able to compare and contrast different security maturity models, including the Open Software Assurance Maturity Model (OpenSAMM), the Building Security In Maturity Model (BSIMM), the DevSecOps Maturity Model (DSOMM), and the Cybersecurity Maturity Model Certification (CMMC). FREE ACCESS
  • Locked
    4.  The System Security Plan (SSP)
    9m 54s
    In this video, we will analyze the elements of an SSP and outline other security-related documentation. FREE ACCESS
  • Locked
    5.  Attributes of Good Metrics for Secure Software
    11m 59s
    After completing this video, you will be able to provide an overview of the attributes of a good metric and list good metrics in secure software lifecycle management. FREE ACCESS
  • Locked
    6.  Average Remediation Time (ART) and Criticality Levels
    7m 2s
    Upon completion of this video, you will be able to define average remediation time (ART) and use ART with criticality levels. FREE ACCESS
  • Locked
    7.  Cyclomatic Complexity
    7m 37s
    After completing this video, you will be able to enumerate metrics of code complexity and outline cyclomatic complexity of different code elements. FREE ACCESS
  • Locked
    8.  End of Life (EOL) Policies
    9m
    Upon completion of this video, you will be able to define EOL policies for credential removal, configuration removal, and license cancellation. FREE ACCESS
  • Locked
    9.  Archiving Data While Decommissioning Applications
    8m 9s
    After completing this video, you will be able to define archival of data and list considerations related to retention, destruction, and dependencies. FREE ACCESS
  • Locked
    10.  Data Disposition and SLA Management
    10m 23s
    Upon completion of this video, you will be able to enumerate National Institute of Standards and Technology (NIST) standards for disposal of storage media and outline considerations in modifying or terminating service-level agreements (SLAs). FREE ACCESS
  • Locked
    11.  Security Reporting Mechanisms
    6m 36s
    After completing this video, you will be able to contextualize security reporting in a tiered risk management framework. FREE ACCESS
  • Locked
    12.  Risk Avoidance, Mitigation, Transfer, and Acceptance
    10m 26s
    Upon completion of this video, you will be able to define risk avoidance, mitigation, transfer, acceptance, and residual risk. FREE ACCESS
  • Locked
    13.  Continuous Monitoring and Breach Notifications
    7m 39s
    After completing this video, you will be able to contrast security information and event management (SIEM), endpoint detection and response (EDR), and vulnerability scanning and outline sound breach notification processes. FREE ACCESS
  • Locked
    14.  Change Management and Incident Response Plans
    9m 42s
    Upon completion of this video, you will be able to provide an overview of the roles of change management and incident response planning throughout the secure lifecycle. FREE ACCESS
  • Locked
    15.  Course Summary
    2m 36s
    In this video, we will summarize the key concepts covered in this course. FREE ACCESS

EARN A DIGITAL BADGE WHEN YOU COMPLETE THIS COURSE

Skillsoft is providing you the opportunity to earn a digital badge upon successful completion on some of our courses, which can be shared on any social network or business platform.

Digital badges are yours to keep, forever.

YOU MIGHT ALSO LIKE

Rating 4.8 of 44 users Rating 4.8 of 44 users (44)
Rating 4.9 of 24 users Rating 4.9 of 24 users (24)
Rating 4.0 of 4 users Rating 4.0 of 4 users (4)