Intermediate: CASP+

This track contains CASP+ content.

14 Courses | 16h 27m 29s

Intermediate: CSSLP

This track contains Certified Secure Software Lifecycle Professional (CSSLP) content.

20 Courses | 13h 8m 12s

COURSES INCLUDED

CompTIA CASP+: Assessing & Managing Risk

Recognizing threats and managing risk are key to hardening an organization's security posture. In this course, you'll explore how to apply risk management frameworks to assess and mitigate risk, as well as how to identify threat actors and physical risks. Next, you'll learn how to mitigate risks related to human resources and social engineering techniques. You'll then move on to examine how to work with qualitative and quantitative risk analysis. Lastly, you'll learn about insider threats, supply chain dependencies, and sources of threat intelligence. This course is one of a collection of courses that prepares learners for the CompTIA Advanced Security Practitioner (CASP+) CAS-004 exam.

15 videos | 1h 25m Assessment Badge

CompTIA CASP+: Virtualization Security

Securing today's enterprise computing environments means understanding how virtualization is used. Organizations must consider how to secure virtualization solutions used both on-premises in and the cloud. In this course, you'll learn to identify various types of virtualization solutions such as network virtualization, operating system virtualization, desktop, and app virtualization. You will then learn to distinguish the difference between type 1 and type 2 hypervisors. Next, you'll focus on virtualization security and how to deploy virtual machines on-premises. Lastly, you'll learn to work with application containers. This course is one of a collection of courses that prepares learners for the CompTIA Advanced Security Practitioner (CASP+) CAS-004 exam.

12 videos | 1h Assessment Badge

CompTIA CASP+: Secure Cloud Computing

Cloud computing is widely used by individuals and enterprises to outsource IT solutions. In this course, you'll begin with learning how to identify cloud deployment and service models. Next, you'll review cloud service level agreements, cloud security solutions, and how to work with cloud VNets. Moving on, you'll learn how to configure cloud autoscaling to increase application availability. You'll also explore now to deploy a cloud-based firewall, configure firewall routing, and enable RDP through cloud firewalls. Lastly, you'll learn how to create a cloud key vault and enable cloud storage security. This course is one of a collection of courses that prepares learners for the CompTIA Advanced Security Practitioner (CASP+) CAS-004 exam.

19 videos | 1h 50m Assessment Badge

CompTIA CASP+: Cryptography & PKI

Cryptography has long played a role in securing sensitive information. In this course, you'll begin with an overview of cryptography and how it can secure data at rest and data in motion. You'll then learn how to enable EFS and BitLocker to protect data at rest. You'll explore how to identify methods by which cryptography can protect data in transit and configure network security via IPsec. Finally, you'll examine how PKI uses certificates to secure IT systems through HTTPS, SSH remote management, and generating file system hashes. This course is one of a collection of courses that prepares learners for the CompTIA Advanced Security Practitioner (CASP+) CAS-004 exam.

17 videos | 1h 51m Assessment Badge

CompTIA CASP+: Storage & Network Security

On-premises and cloud-based storage security solutions are very similar in nature. In this course, you'll learn how to determine which RAID disk solution best applies in a given situation, as well as how to secure various network storage solutions and DNS. Next, you'll learn to recognize when to apply firewalls to secure networks and how to configure various firewall solutions. Moving on, you'll explore how to configure a VPN and secure wired and wireless networks. Lastly, you'll examine how to manage servers through a jump box and how attackers enable reverse shells. This course is one of a collection of courses that prepares learners for the CompTIA Advanced Security Practitioner (CASP+) CAS-004 exam.

16 videos | 1h 47m Assessment Badge

CompTIA CASP+: Authentication & Authorization

Securing user and device logins, as well as access to IT resources, relates to authentication and authorization. In this course, you'll learn how to differentiate between authentication and authorization and also ow to enable 2FA and MFA user authentication. Next, you'll explore how to enable Wi-Fi RADIUS authentication, configure SELinux, and enable attribute-based control in Windows. Lastly, you'll examine how to use Group Policy to configure password policy settings, crack passwords using freely available tools like the Johnny tool, brute-force RDP using Hydra, and limit cloud admin access using role-based access control. This course is one of a collection of courses that prepares learners for the CompTIA Advanced Security Practitioner (CASP+) CAS-004 exam.

11 videos | 1h 1m Assessment Badge

CompTIA CASP+: IT Governance & Security Compliance

IT governance involves ensuring that business and regulatory compliance needs are met by IT solutions. In this course, you'll learn to identify common data privacy standards and regulations, as well as various types of business agreements. Next, you'll learn to classify personally identifiable information using various methods including Macie for data discovery and classification. You'll explore how to use Azure Information Protection to enable DLP and tag cloud resources to facilitate resource management. You'll then examine how to securely wipe a storage device and identify common organization security policies. Lastly, you'll learn how to identify data roles and configure cloud data retention. This course is one of a collection of courses that prepares learners for the CompTIA Advanced Security Practitioner (CASP+) CAS-004 exam.

12 videos | 1h 7m Assessment Badge

CompTIA CASP+: Mobile & Embedded Devices

Mobile devices have become ubiquitous and as a result deserve the attention of cybersecurity specialists. In this course, you'll explore how mobile, embedded, drones, and IoT devices are used and their related security risks. Next, you'll learn how to search for vulnerable devices using the Shodan web site. Moving on, you'll explore how to secure remote network connectivity with a VPN and examine smartphone hardening techniques. Lastly, you'll learn how to register and manage an Android device using a Mobile Device Management solution. This course is one of a collection of courses that prepares learners for the CompTIA Advanced Security Practitioner (CASP+) CAS-004 exam.

8 videos | 42m Assessment Badge

CompTIA CASP+: Industrial Computing Environments

Industrial control systems present a unique security risk when it comes to public services such as power, water, and other industrial processes. In this course, you'll learn how to recognize common industrial network protocols and terminology. Next, you'll learn how Supervisory Control and Data Acquisition relates to industrial control systems. You'll explore NIST ICS security control documentation. Lastly, you'll learn how to configure an S7 PLC emulator and use Metasploit to stop the device. This course is one of a collection of courses that prepares learners for the CompTIA Advanced Security Practitioner (CASP+) CAS-004 exam.

8 videos | 39m Assessment Badge

CompTIA CASP+: Emerging Technologies & SecDevOps

Emerging technologies present unique security risks in that the technology is not yet mature. Software developers must adhere to secure development practices to minimize threat impacts. In this course, you'll learn how to identify security risks associated with emerging technologies such as machine learning, artificial intelligence, blockchain, quantum computing, and 3-D printing. You'll also learn to identify the top 10 web app threats and use the OWASP ZAP tool to identify web app vulnerabilities. Next, you'll explore how to securely develop and deploy software solutions. Lastly, you learn to distinguish between various testing techniques. This course is one of a collection of courses that prepares learners for the CompTIA Advanced Security Practitioner (CASP+) CAS-004 exam.

8 videos | 43m Assessment Badge

CompTIA CASP+: Monitoring & Incident Response

Enterprise IT monitoring is crucial in detecting potential security incidents. In this course, you'll explore various monitoring methods for hosts, devices, and networks. Next, you'll learn to configure log forwarding and work with logs through PowerShell. Moving on, you'll learn to recognize when to use honeyfiles, honeypots, and honeynets, as well as SIEM and SOAR solutions. You'll then examine intrusion detection and prevention and how they are used to secure a network. Lastly, you'll explore the use of tools such as Snort, tcpdump, nmap, and Wireshark for analyzing networks and network traffic. This course is one of a collection of courses that prepares learners for the CompTIA Advanced Security Practitioner (CASP+) CAS-004 exam.

15 videos | 1h 27m Assessment Badge

CompTIA CASP+: Vulnerabilities & Hardening

Cybersecurity specialists must be able to identify vulnerabilities and apply security controls to mitigate threats. In this course, you'll learn how to identify the steps attackers take to gain access to resources and examine physical security issues. Next, you'll learn how network segmentation can increase security, how attackers use zombies and botnets, and how common attacks take place. Moving on, you'll explore common hardening techniques, how to scan for vulnerabilities, and how to setup up a WSUS server. Lastly, you'll learn how to use the Metasploit framework and crack WPA2 Wi-Fi passphrases. This course is one of a collection of courses that prepares learners for the CompTIA Advanced Security Practitioner (CASP+) CAS-004 exam.

13 videos | 1h Assessment Badge

CompTIA CASP+: Digital Forensics

Gathering digital evidence for use in a court of law is done using very specific techniques. In this course, you'll learn to recognize the process by which hardware and software digital forensic tools are used to acquire and analyze evidence. Next, you'll learn to work with file system hashing and forensic disk image acquisition including creating and hashing a Linux disk image. You'll also explore how to use FTK imager to acquire a forensic disk image. Lastly, you'll explore how to retrieve Android device information using the Android Debug Bridge and hide messages using steganography. This course is one of a collection of courses that prepares learners for the CompTIA Advanced Security Practitioner (CASP+) CAS-004 exam.

8 videos | 39m Assessment Badge

CompTIA CASP+: Business Continuity

Business continuity measures ensure that business operations continue during disruptions. In this course, you'll learn how to identify common disaster recovery terms and techniques and plan how to respond to business disruptions. Next, you'll learn to identify how to use physical and logical redundancy, clustering and load balancing to increase system and application availability. Lastly, you'll explore cloud-based load balancing and backups including learning how to configure and deploy a Microsoft Azure Load Balancer as well as back up data using Microsoft Azure. This course is one of a collection of courses that prepares learners for the CompTIA Advanced Security Practitioner (CASP+) CAS-004 exam.

7 videos | 35m Assessment Badge

FREE ACCESS

COURSES INCLUDED

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Core Concepts

This course examines information needed to earn the (ISC)2 CSSLP (Certified Secure Software Lifecycle Professional) certification and to prepare for the CSSLP exam. These security professionals are well versed in how to incorporate key security practices into all lifecycle stages of software development. This course covers secure software concepts such as covert, overt, and encryption. You will examine the secure software concepts of confidentiality, integrity, and availability (collectively, CIA) and examine concepts that support the concepts, such as authentication, authorization, accountability, and non-repudiation. Learn the difference between various integrity concepts such as hashing, digital signatures, code signing, reliability, alterations, and authenticity. You will also learn about authentication concepts, such as multifactor authentication, identity and access management, single sign-on, and federated identity management. Learn when to use different authorization concepts, such as access controls and entitlements. Finally, the course covers accountability concepts, such as auditing and logging, and describe non-repudiation concepts, such as public key infrastructure (PKI) and digital signatures.

9 videos | 24m Assessment Badge

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Security Design Principles

This course explores the design principles that help to ensure key security practices are incorporated into the software development lifecycle, and it prepares you for the (ISC)2 CSSLP (Certified Secure Software Lifecycle Professional) exam. The design principles you will learn include least privilege, to provide the lowest level of rights and permissions for a user to perform current tasks and separation of duties. This course covers the principles of defense in depth, to include multiple overlapping defenses such as layered controls, input validation, and security zones that work together collectively as a series of defenses. You will learn the concepts of fail-safe principles, including exception handling, and denied by default. Next, learn to design a complete mediation so that authorization is verified every time access is requested. Also covered is a less common design issue is psychological acceptability, such as password complexity and screen layouts, to ensure the design is psychologically acceptable to users. Finally, this course examines the separation of duties principles, including multiparty control, secret sharing and splitting.

13 videos | 34m Assessment Badge

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Security Requirements

This course explores the security requirements needed in all stages of the software development lifecycle. Learners first examine the functional requirements, and learn that these requirements start as business requirements that are translated into functional requirements. You will then learn the characteristics or properties of nonfunctional requirements, which include security, maintainability, costs, accuracy, reliability, and performance. This 7-video course then covers how security requirements are aligned with functional and nonfunctional requirements. Next, learn that policies are defined by the National Institute of Standards and Technology (NIST), and are broken down to issue-specific policies, system-specific policies, and program policies. Learn how issue-specific policies address defined issues, while system-specific policies are directives geared towards achieving some technical outcome. Finally, this course examines the legal and regulatory requirements, and policy documents that define the security requirements. You will learn that there are several sources of industry-standard legal, compliance and policy standards. This course can be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.

7 videos | 20m Assessment Badge

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Data Classification

This 12-video course explores the different roles played by data classification in the software development lifecycle. You will learn the differences between data owners and data custodians. While data remain the property of the enterprise or organization, data ownership is used to assign responsibility to the person who defines the requirements related to the data, and will manage the data day-to-day requirements. Data custodians are responsible for ensuring that security and access controls are configured and maintained properly. You will learn how labeling data adds extra data to describe the data being protected, which refers to metadata. This course focuses on two types of data, structured and unstructured, and the importance to the secure software lifecycle. Learners will recognize that data type is one of the key factors that determine how data should be secured. This course can be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.

6 videos | 21m Assessment Badge

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Privacy

This course explores various issues related to privacy requirements, and their importance in determining how to provide security throughout the software development lifecycle. You will learn the software requirements used to help identify privacy requirements, including data anonymization, user consent, and data disposition. You will learn how an enterprise's high-level privacy policy influences its security responsibilities for the collection, storage, use, and transfer of personal information. This 7-video course examines how organizations collect personal information during their day-to-day business operations. Next, learn the legal importance of protecting PII (personally identifiable information), which is a legal term defined in a memorandum published by the US Office of Management and Budget. You will learn how the European Union (EU) views data protection by its data protection directive, known as EUDPD. Finally, learners will explore the importance of securing data during the process of disposal. This course can be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.

7 videos | 20m Assessment Badge

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Abuse Cases & RTMs

This 6-video course explores numerous concepts important in developing secure software requirements. First, learn the purpose of use cases which is a powerful graphical technique for mapping out the functional requirements of a system, and how they can be designed for both developers and testers. The course then explores misuse/abuse cases to examine prohibited activities or a typical attack, and demonstrates an attack through specific misuse case scenarios. Learners examine the benefits of a traceability matrix, a table structure used for documenting and managing requirements, and learn to track implementation details and specifics. This course explores aspects of secure software, and reliable attributes common to all secure software. You will learn that in recovering data, secure software must be predictable and designed to limit damage. Then examine the importance of gathering of security requirements while gathering software requirements. Finally, you will learn how confidentiality requirements detail the ways in which a system must protect against unauthorized disclosure. This course may be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.

6 videos | 15m Assessment Badge

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Threat Modeling

This 7-video course explores the concept of threat modeling and how to develop and use a threat model. You will examine common threats, such as advanced persistent threats (APTs), insider threats, common malware, and third party/supplier threats. You will learn how a development team creates the threat model by using five well-defined stages. Next, learn to develop a security objective which sets the foundation for the threat model development. You will examine six categories of common threats defined in STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege). Then learn to model STRIDE attacks across trust boundaries, processes, external entities, and the like. This course covers attack surface software, an attack anywhere in the system code access by unauthorized party, and how to minimize it. You will learn about Microsoft's published list of attack surface elements associated with Windows. This course can be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.

7 videos | 22m Assessment Badge

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Security Architecture

Explore security architecture considerations such as control identification and prioritization, distributed computing, cloud architectures, mobile applications, and hardware platform concerns in this 12-video course. First, learn to identify characteristics of control identification, or an organization's security controls in an enterprise setting and how to prioritize and enterprise's existing security controls. The course then examines the elements of distributed computing, a type of parallel computing in which software is divided into multiple tasks. Next, learners will explore service-oriented architecture, which is a collection of services that communicate with each other. You will learn about rich Internet web-based applications and pervasive computing, including the Internet of Things, wireless and sensor networks, embedded security architecture, cloud architectures, mobile app architectures, and hardware platforms. Finally, the course explores how an embedded system is designed to perform a specific operation as part of a larger hardware-based machine or system. This course can be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.

12 videos | 50m Assessment Badge

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Architectural Risk & Modeling

This course explores the use of architectural risk assessment to identify flaws in software, and to determine risks. You will learn to use security management interfaces, and how to design and integrate the interfacing security functionality with existing software to meet an enterprise's security objectives. This 9-video course will examine upstream/downstream software development and compatibility, the types of design decisions when encountering interconnectivity with other applications, and any considerations concerning key sharing, single sign-on, token-based security, and delegation of trust. You will learn the two types of channels, message passing and shared memory channels, for communication between two entities. Next, learn how to do a proper architectural risk analysis by using vulnerability analysis, ambiguity analysis, and platform vulnerability analysis. Learners then use an engineering goal-oriented model to evaluate security, and learn how to use an NFR (nonfunctional requirements) framework. Finally, the course examines data classification. This course can be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.

9 videos | 30m Assessment Badge

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Technologies

In this 13-video course, learners can explore best practices for securing commonly used architecture and technologies such as virtualization, databases, and the programming language environment. First, learn the three steps involved in authentication and identity management. Next, earn the principles of Credential Management and protecting credentials used for authentication, including passwords, tokens, biometrics, and certificates. Learners will then examine logging or recording a user's actions within a system, and data flow control methods. Next, learn about data loss prevention as an in-depth security strategy that encompasses many different technologies. Learn how virtualization allows for software to be hosted in a virtual environment. Learners will then examine digit rights management (DMR), which restricts access to content that is not local to secure digital content, and protect intellectual property. Finally, the course explores the basis of trusted computing-the hardware, software, and firmware components critical to securing a system which includes discussion of programming language and operating systems. This course may be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.

13 videos | 1h 1m Assessment Badge

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Secure Design Principles

In this 6-video course, you will discover the basic issues involved in how to perform design security reviews, design secure assembly architecture for component-based systems, and use architecture and design tools that enhance security. First, learn to pay attention to the type of operational environment the software will be running under: is the software intended for public use via the Web, or is it only available within a stable, controlled network? Who will be the end users? Will you need to collaborate and coordinate testing, timing, and integration? Learn security patterns, and consider what security-enhancing architecture is available. Next, learn to distinguish between software appropriate for centralized and decentralized system; identify budgetary constraints, and consider available resources. Will new technologies need to be incorporated into the design at a later date? Your emphasis should be on the future-learning to build a flexible, modular system that can scale up and grow may be imperative. The course prepares learners for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.

6 videos | 22m Assessment Badge

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Secure Coding Practices

In this 19-video course, learners will explore the intricate world of secure coding practices. Topics covered in detail include declarative versus imperative (programmatic) security-whether the security is part of the application or part of the container. Next, survey defensive coding practices and control such as secure configuration, error handling, and session management. Learners will also explore cryptography, input and output sanitization, error handling, input validation, logging and auditing, and session and exception management. You will learn important information about safe application programming interfaces (APIs), including those that offer different types of functionality, such as Microsoft's Crypto API and Python's pycrypto, which both provide cryptographic functions; popular social media platforms provide their own APIs that programmers can tap into while incorporating aspects of those services. Learn more about useful concepts such as concurrency, type safety, memory management, configuration parameter management, tokenizing, and sandboxing. The course may be used in preparation for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.

19 videos | 1h 11m Assessment Badge

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Security Vulnerabilities

Explore how to identify and assess security vulnerabilities in this 20-video course, in which you will encounter essential secure coding techniques such as versioning, peer-based code reviews, code analysis, and anti-tampering techniques. First, become familiar with malicious practices and the threats outlined in the Open Web Application Security Project (OWASP) Top 10 list and the Common Weakness Enumeration (CWE) list of software weaknesses. You will soon be able to differentiate between CWE and Common Vulnerabilities and Exposure (CVE) lists. Next, learn to describe the characteristics of injection attacks, before watching demonstrations of input validation failures such as buffer overflows, canonical form, missing defense functions, and general programming failures. You will examine how to analyze reuse code for security vulnerabilities, identify malicious code, securely reuse third-party code, and securely integrate components. Finally, learners will hear discussions of defensive coding, side channels, social engineering attacks, source code and versioning. The course prepares learners for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.

20 videos | 1h 21m Assessment Badge

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Testing Types

This 14-video course explores essential testing types-including penetration testing, scanning, simulation testing, failure testing, and cryptographic validation-and many of the best practices. You will also learn more about other types, such as fuzzing, regression testing, continuous testing, attack surface validation, and unit testing. Learn about certification testing-performed as part of a certification process, when load or stress testing determines how the system operates under heavy loads and what effect load has on the system. You will be introduced to ISECOM's Open Source Security Testing Methodology Manual, a comprehensive methodology related to penetration and security testing, security analysis, and measuring operational security. It includes test cases whose outcomes provide verified facts, amounting to actionable information that can tangibly and measurably improve operational security. Become familiar with how to perform an impact assessment, learn why defects discovered during testing must be addressed, and learn the meaning of Priority and Severity levels derived from the defect report. The course prepares learners for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.

14 videos | 41m Assessment Badge

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Testing for Security & Quality Assurance

In this 13-video course, learners will explore best practices for testing for security and quality assurance. This includes testing artifacts, nonfunctional testing, functional testing, security testing, the testing environment, and bug tracking. Next, learn about the concepts of attack surface validation and test functionality. Other major topics covered include the ISO 9126 software quality model; the System Security Engineering Capability Maturity model and its five levels; the Open Source Security Testing Methodology Manual (OSSTMM); and the US Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) standards, under which any Department of Defense owned or controlled information system must be certified, irrespective of classification or sensitivity level. Learn about data lifecycle management, a practice that describes the definition and the structure of the necessary steps that should be taken in order to optimize the useful life of an organization's data. The course helps to prepare learners for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.

13 videos | 50m Assessment Badge

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Secure Software Testing

This 8-video course covers the use of secure software testing best practices, specifically exploring how to perform secure software testing by tracking security errors, developing securing test data, and verification and validation testing results. Learners will first explore undocumented features-an IT-related term developed to describe software bugs or defects-and how to resolve them, including by use of host-based intrusion prevention systems. Next, you will explore security implications of test results. In general, testing should be performed throughout the software development lifecycle by software testers, members of the quality assurance (QA) team responsible for testing and managing software testers. Artifacts-resources which support the development process-are created throughout the lifecycle process, including use cases and the test plan which identifies objectives of the software test. Learn how to perform secure software testing, to track security errors, and verify and validate the results. The course prepares learners for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.

8 videos | 23m Assessment Badge

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Secure Lifecycle Management

Explore how to use the secure lifecycle management model in this 15-video course. First, learners will hear practical descriptions of secure configurations, inversion control, how to obtain security milestones, and secure software methodology. Then receive an overview of security standards and frameworks, and explore configuration management as it relates to source code version control. Next, the course discusses how to prepare proper security documentation, provides an overview of a security matrix, and describes end-of-life policies. Learners will then watch demonstrations of how to perform data destruction and how to perform credential removal. You will learn about concepts such as security metrics and governance, risk, and compliance (GRC). The course concludes with useful discussions of what acceptance is, including software qualification testing, planning hierarchy, what the characteristics of the pre-release testing process are, and the characteristics of a post-release plan; and how and when to report security status. The course prepares learners for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.

15 videos | 48m Assessment Badge

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Governance, Risk, and Compliance

This 10-video course explores regulations and compliance considerations as they relate to governance, risk, and compliance (GRC). First, learners will identify legal factors, such as intellectual property and breach notifications, and learn about General Data Protection Regulations (GDPR), for which violations can result in significant financial penalties. Next, learn about standards and guidelines, including those from the International Organization for Standardization (ISO), the Payment Card Industry Data Security Standard, the National Institute for Standards and Technology (NIST), the Open Web Application Security Project (OWASP), the Software Assurance Forum for Excellence in Code, the Software Assurance Maturity Model, and Building Security In Maturity Model. You will then hear discussions of risk management and risk response. Explore common terminology, including threats, vulnerability, residual risk, controls, probability, and impact. Learn to differentiate between technical risk and business risk. The course concludes by exploring productive strategies, including mitigate, accept, transfer, and avoid. The course prepares learners for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.

10 videos | 36m Assessment Badge

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Software Deployment & Management

In this 18-video course, learners can explore how to deploy and maintain software and operations. First, you will examine pre-release and post-release activities to address factors such as pre-release testing, completion criteria, risk analysis, incident response, and disaster recovery considerations. Next, examine pre-deployment and post-deployment security testing, security approval, security monitoring, incident response. Examine concepts such as secure activation, environment hardening, and disaster recovery, in which testing is critical to test software and data recoverability, often revealing problems with system availability and data accuracy and integrity. Learn to perform failover testing to ensure that the failover mechanism works as intended, and to consider simulated disasters as a strategy for testing recoverability. You will absorb the basic principles of problem and change management-a process guiding organizations when modifying software or performing upgrades or fixes on software applications-as well as patch and vulnerability management. Next, you will learn more about working with backups, archiving, and retention. The course prepares learners for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.

18 videos | 55m Assessment Badge

Certified Secure Software Lifecycle Professional (CSSLP) 2019: Supply Chain & Software Acquisition

This 20-video course examines a variety of best practices for supply chain and software acquisitions. Begin by watching demonstrations of how to analyze security for a third-party software and how to verify secure transfers. Then learn the steps involved in securely interconnecting and sharing systems; how to implement code repository security; how to build environment security; and how to work with digitally-signed components. Next, explore such important topics as compliance auditing, vulnerability response and reporting, supplier sourcing challenges, contractual integrity controls, and vendor technical integrity controls. Learn the basics of how to verify pedigree and provenance. The course also covers topics such as managed services controls, service level agreements (SLAs), support structure, and software development lifecycle approaches, as well as how to secure information systems, security track records, and product deployment. Finally, you will review the configuration identification scheme, a crucial tool in configuration management. The course prepares learners for the (ISC)2 CSSLP: Certified Secure Software Lifecycle Professional certification exam.

20 videos | 53m Assessment Badge

FREE ACCESS